Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Add the new UPN suffix to the forest.
Event Log Subscriptions
Certificate Templates
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

2. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Then configure GlobalNames zones on each domain controller.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Subnet object needs to be created
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

3. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

4. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Configure Firewall Group Policies and link them at the Domain level
Disable Site Link Bridging from IP Properties
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

5. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Ldp
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Implement the Windows Search Service.

6. FFL is...
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Repadmin
Win2000

7. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

8. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Active Directory Right Management Services (AD RMS)
PDC emulator with w32tm.exe
Windows Deployment Services (WDS)
Then use Windows Deployment Services (WDS)

9. To backup Virtual Machines
Create a MEDV workspace
Use a GPO to configure device installation restrictions
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

10. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Network Load Balancing (NLB)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Configure caching on the shared folder and configure offline files to use encryption
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

11. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Modify the GPO to include folder redirection
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

12. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
WSUS server in the branch office in replica mode.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Folder redirection. Folder redirection is also useful when using roamin profiles.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

13. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add George to the Domain Admins group.
Add the new UPN Suffix to the forest
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Recommend Offline Files

14. To identify users who bypass the new corporate security policy -
A relying party trust should be created.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Configure Audit Special Logon and define Special Groups
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

15. To allow connection to a 256 Kbps ISDN...
Basic Authentication and SSL
Configure Audit Special Logon and define Special Groups
DISABLE slow link detection in the GPO
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

16. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

17. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Create a MEDV workspace
Deploy a failover cluster that contains one node in each office.
Disable Site Link Bridging from the IP properties
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

18. To deploy templates across the organization
Use CISCO IP Helper command to configure.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Software Restriction Polices
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

19. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Include a server that runs Microsoft Office SharePoint Server 2010
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Dfsrdiag
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

20. To enable the AD Recycle Bin
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Enable - ADoptionalFeature cmdlet
Win2000

21. Need to access some resources in another domain that is part of another forest...What trust is created?
Then use Windows BitLocker Drive Encryption
Import-Module
Incoming external trust
Group Policy Preferences

22. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Modify the local policy to point to the Internal WSUS server
Windows Deployment Services (WDS)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Configure an audit policy by editing the default domain policy and configure Event Forwarding

23. When service account passwords need to be changed for SQL they should be...
Dfsrdiag
Changed manually
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Group Policy Preferences

24. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Modify zone transfer settings for company.com zone on DCA
Configure the zone as an Activde Directory-Integrated zone.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

25. To ensure that recovery is possible if a file on a file server is deleted accidentally
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Perform an authoritative restore
Implement Shadow Copies
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

26. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Enable Windows Remote Management (WinRM) on the servers.
802.1.x NAP

27. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

28. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Assign the application to all client computers by using a GPO.
Create a standard secondary of domain and create standard secondary of other domain.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

29. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Install Windows Server Backup and modify the Windows firewall settings
Use CISCO IP Helper command to configure.
AD RMS
Configure block inheritance on the IT OU

30. What should be done to resolve names by using GlobalNames zone?
Use a GPO to configure device installation restrictions
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Passive file screens
dnscmd tool

31. Need to ensure users receive updated template within five days...
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Windows XP Mode
Implement Windows BitLocker Drive Encryption (BitLocker)
Registry on users computer needs to be modified

32. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Deploy the Root CA certificate to the external computers.
Dynamically expanding VHD's
Implement one LUN for the quorum and another LUN for the data
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

33. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Authorization Manager role assignment
Share and Storage Management
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

34. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Subnet object needs to be created
Event Subscriptions
Add the new UPN suffix to the forest.
Active Directory Domains and Trusts

35. If users complain that it is hard to find the shared folders on the network implement
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Additional DFS Targets
Improve the performance of File Servers

36. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Install Windows Server Backup and modify the Windows firewall settings

37. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

38. Enables you to receive emails when domain users locked out of accounts...
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Event Viewer
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Configure an audit policy by editing the default domain policy and configure Event Forwarding

39. PowerShell script to create user accounts with passwords from a file called password.csv
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Properties of PSO need modified
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

40. Jack and Jill go up the hill - both with a buck and a quarter
Jill came down with 2.50.
Create and deploy a logon script that runs Auditpol.
Event Subscriptions
AD Domains and Trusts

41. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Implement Shadow Copies
PowerShell 2.0
Execute the Set-ADServiceAccount cmdlet
Network Load Balancing (NLB)

42. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Use local roles options within "dsmgmt"
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

43. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Certificate Templates
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Include a server that runs Microsoft Office SharePoint Server 2010
MEDV to deploy virtual desktops

44. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Utilize IFM (Install From Media)
Windows XP Mode
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.

45. You need to relocate an AD LDS instance from C: Drive to D: Drive
Restore-ADObject cmdlet
Configure the zone as an Activde Directory-Integrated zone.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

46. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
DISABLE slow link detection in the GPO
CAPublishGP group should have the Manage CA permission.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
The Group Policy Management console

47. To recover objects deleted from Active Directory you should recommend
Active Directory snapshots and Tombstone reanimation
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Windows XP Mode
Creating a data collector set that kick off a scritp that either move or delete files.

48. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Authorization Manager
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Administrative Role Separation
Configure an audit policy by editing the default domain policy and configure Event Forwarding

49. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Create an e-mail account in AD DS for your RMS users.

50. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Share and Storage Management
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events