Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Get-ADUser cmdlet

2. Enables you to receive emails when domain users locked out of accounts...
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Authorization Manager role assignment
Event Viewer
Creating a data collector set that kick off a scritp that either move or delete files.

3. To help restrict access to Windows 7 computer in the event that it gets stolen implement
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
New ACCOUNT STORE should be added and configured
Get-ADUser cmdlet
Windows BitLocker Drive Encryption (Bit Locker)

4. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Purchase one additional Enterprise License
DFL needs to be Windows Server 2008
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Authorization Manager role assignment

5. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

6. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Enable Credential Roaming
Configure authorization rules for Web developers on each web server
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
MEDV to deploy virtual desktops

7. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Group Policy Preferences
Active Directory Domains and Trusts
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

8. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Implement Distributed File System Replication (DFSR) on both servers
Raise the DFL to Windows Server 2008 R2.
Configure folder redirection
Import-Module

9. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Implement folder redirection by using GPO. Then backup the folder redirection target.
Network Load Balancing (NLB)
Execute the Set-ADServiceAccount cmdlet
Test-AppLockerPolicy

10. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Dfsrdiag
The Group Policy Management Console
Disable Site Link Bridging from the IP properties

11. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Microsoft SharePoint Foundation 2010
Network Load Balancing (NLB)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

12. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Registry on users computer needs to be modified
Add the Windows Server Backup feature and Windows System Image recovery.
Active Directory Right Management Services (AD RMS)
Encrypting File System (EFS). This can be enabled locally or through a GPO.

13. To backup to tape/robotic tape and to backup VMs you must use...
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Microsoft System Center Data Protection Manager 2010
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

14. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Microsoft Desktop Optimization Pack (MDOP) to your company
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

15. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Dfsrdiag
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

16. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Ntdsutil
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
From Server1 - run the Create Basic Task Wizard
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

17. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Install Windows Server Backup and modify the Windows firewall settings
Dsmgmt

18. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Implement Distributed File System Replication (DFSR) on both servers
Utilize IFM (Install From Media)
Ldp
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

19. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Run net stop ntds
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Raise the DFL to Windows Server 2008 R2.

20. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Folder redirection. Folder redirection is also useful when using roamin profiles.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Refresh the zone on DNS2

21. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
An Active Directory subnet object needs to be created.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Add the Windows Server Backup feature and Windows System Image recovery.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

22. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Deploy the Root CA certificate to the external computers.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
DISABLE slow link detection in the GPO

23. To recover objects deleted from Active Directory you should recommend
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Active Directory snapshots and Tombstone reanimation
Configure Firewall Group Policies and link them at the Domain level
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

24. What utility is used to see what accounts cached on RODC?
Active Directory Users and Computers
Implement Network Access Protection (NAP)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

25. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Implement Network Access Protection (NAP)
Configure folder redirection
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Run auditpol and then configure the Security settings of the Domain Controllers OU.

26. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Dsmgmt
Create an e-mail account in AD DS for your RMS users

27. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Role Separation
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
WSUS server in the branch office in replica mode.

28. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add George to the Domain Admins group.
Windows XP Mode
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

29. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Get-ADUser cmdlet
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Use a GPO to configure device installation restrictions
Storage manager for SANs

30. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Share and Storage Management
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Configure authorization rules for Web developers on each web server
Modify the schema of LDSInst1

31. Auditing the deletion of Registry keys on all Domain Controllers
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Storage manager for SANs

32. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Service user account for AD LDS
Get-ADUser cmdlet
Implement Network Access Protection (NAP)
Subnet object needs to be created

33. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Dsmgmt
DFL needs to be Windows Server 2008
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

34. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Software Restriction Polices
Ntdsutil
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

35. When recommending a monitoring solution for an application so that it's events can be stored in a central
Add the Windows Server Backup feature and Windows System Image recovery.
Event Subscriptions
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

36. To minimize the amount of storage required you should recommend
Share and Storage Management
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Purchase one additional Enterprise License
Implement Network Access Protection (NAP) that uses 802.1x enforcement

37. Jack and Jill go up the hill - both with a buck and a quarter
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Jill came down with 2.50.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Group Policy Preferences

38. To create and additional AD LDS applicaiton directory partition in existing instance...
Ldp
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

39. What GPO setting should be configured to prevent all users from running an application?
Improve the performance of File Servers
Then configure auto enrollment of certificates and Credential Roaming.
Dfsrdiag
Software Restriction Polices

40. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Deploy a failover cluster that uses Node and File Share Disk Majority
Jill came down with 2.50.
Use local roles options within "dsmgmt"

41. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Improve the performance of File Servers
Dfsrdiag
Jill came down with 2.50.

42. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Prestage the computer account in AD
Use a GPO to configure device installation restrictions
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

43. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Enable Windows Remote Management (WinRM) on the servers.
Then configure GlobalNames zones on each domain controller.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Import-Module

44. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Deploy a failover cluster that uses Node and File Share Disk Majority
Enable - ADoptionalFeature cmdlet

45. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Implement the Windows Search Service.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Dsmgmt
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

46. An AD LDS instance needs to be replicated from one server to another...
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Creating a data collector set that kick off a scritp that either move or delete files.
Service user account for AD LDS
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

47. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Then install new Server 2008 R2 Enterprise subordinate CA.
Subnet object needs to be created
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

48. Can be used to install the Windows RE on existing servers
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Test-AppLockerPolicy
Passive file screens
WDS

49. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Ntfrsutil
Printer driver isolation
File Server Resource Manager (FSRM) quotas and file screens
Implement Distributed File System Replication (DFSR) on both servers

50. If you need to encrypt all data on all disks
Then use Windows BitLocker Drive Encryption
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
DISABLE slow link detection in the GPO