Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Site
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Windows XP Mode
Perform an authoritative restore

2. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Modify the schema of LDSInst1
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Configure block inheritance on the IT OU
MEDV to deploy virtual desktops

3. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

4. DFL is...
Dsmgmt
Win2000 Native
Import-Module
A relying party trust should be created.

5. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Ntdsutil
Basic Authentication and SSL

6. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

7. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Implement one LUN for the quorum and another LUN for the data
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

8. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Dynamically expanding VHD's
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

9. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Configure block inheritance on the IT OU
CAPublishGP group should have the Manage CA permission.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

10. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Additional DFS Targets
Distributed File System (DFS) Replication
File Server Resource Manager (FSRM) quotas and file screens
Include a server that runs Microsoft Office SharePoint Server 2010

11. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Disable Site Link Bridging from the IP properties
Authorization Manager
Event Log Subscriptions
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

12. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Increase the tombstone lifetime for the forest.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

13. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Domain based Distributed File System (DFS) namespace and DFS Replication.
Windows BitLocker Drive Encryption (Bit Locker)
Microsoft Desktop Optimization Pack (MDOP)
Passive file screens

14. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Purchase one additional Enterprise License

15. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Active Directory snapshots and Tombstone reanimation
Deploy a GPO to the WebSrvOU
Storage manager for SANs

16. To backup GPO's in domain and minimize bakcup...
Implement the Windows Search Service.
The Group Policy Management Console
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Ldp

17. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Dfsrdiag
dsa.msc - dsamain.exe - ntdsutil.exe
Implement one LUN for the quorum and another LUN for the data
The Group Policy Management Console

18. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Install From Media IFM
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Recommend Offline Files

19. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Dfsrdiag
Add the new UPN suffix to the forest.
Zone transfer settings
Implement one LUN for the quorum and another LUN for the data

20. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

21. To restore deleted user account from AD Recycle Bin...
Configure event log subscriptions
AD Rights Management Services
Restore-ADObject cmdlet
Upgrading DFS to Windows Server 2008 R2

22. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Windows Deployment Services (WDS)

23. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Perform an authoritative restore

24. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

25. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
AD Rights Management Services
Active Directory Domains and Trusts

26. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
File Server Resource Manager (FSRM) quotas and file screens
Disable Site Link Bridging from the IP properties
Autonomous mode...This allows the local administrator to approve their own updates.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

27. New password settings object (PSO) created and needs to be applied to user
Backup operator's domain local group
Properties of PSO need modified
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Create an e-mail account in AD DS for your RMS users

28. You need to recommend a BitLocker recovery method you should recommend this.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Create and deploy a logon script that runs Auditpol.
Win2000 Native
Data Recovery Agent

29. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
dnscmd
Prestage the computer account in AD
Then configure GlobalNames zones on each domain controller.

30. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Create a new Password Settings Object (PSO) for the IT users.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Configure an audit policy by editing the default domain policy and configure Event Forwarding

31. If you need to delegate control of server to remote admins group
Configure RODC for Administrator Role Separation
dsa.msc - dsamain.exe - ntdsutil.exe
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

32. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Changed manually

33. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Zone transfer settings
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
FFL Windows Server 2008 R2
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

34. Jack and Jill go up the hill - both with a buck and a quarter
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Configure block inheritance on the IT OU
Jill came down with 2.50.

35. When deploying an application using the Group Policy distribution method assign the...
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
NOT be able to store that data on an iSCSI SAN

36. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
WSUS server in the branch office in replica mode.
Active Directory Domains and Trusts
Then use Windows Deployment Services (WDS) on DHCP1.
Group Policy Preferences

37. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Windows BitLocker Drive Encryption (Bit Locker)
Implement a domain-based DFS namespace that uses replication
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

38. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

39. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
Configure caching on the shared folder and configure offline files to use encryption
Offline domain join
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

40. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Create a Network Load Balancing cluster.
Then configure GlobalNames zones on each domain controller.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

41. 4 steps to perform authoritative restore of a deleted OU...
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Event Subscriptions

42. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

43. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Enable Windows Remote Management (WinRM) on each server.
Authorization Manager role assignment

44. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Dfsrdiag
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Properties of PSO need modified

45. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add George to the Domain Admins group.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Install and share a printer on a server and then enable printer pooling.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

46. Ensure password length for a group set to 12 characters long while others keep password policy
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Add-ADFineGrainedPasswordPolicySubject cmdlet
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

47. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Disable Site Link Bridging from IP Properties
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Prestage the computer account in AD
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

48. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Modify properties of RODC server computer account.
fsconfig on FSSrv2
Incoming external trust
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

49. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Enable Windows Remote Management (WinRM) on the servers.
Run adprep /forestprep and adprep /domainprep
Microsoft Application Virtualization (AppV)
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

50. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Create an Active Directory-Integrated zone.
Use local roles options within "dsmgmt"
Active Directory snapshots and Tombstone reanimation