Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Perform an authoritative restore
Run adprep /forestprep and adprep /domainprep
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.

2. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Active Directory Right Management Services (AD RMS)
Domain based Distributed File System (DFS) will reduce network traffic
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

3. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Enable - ADoptionalFeature cmdlet
Include a server that runs Microsoft Office SharePoint Server 2010
Modify the local policy to point to the Internal WSUS server
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

4. A specific application requires registry modifications to be in place before installing; you should use
Deploy it by using Group Policy Software Installation method
Group Policy Preferences
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

5. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Modify the local policy to point to the Internal WSUS server
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Install From Media IFM

6. To restore deleted user account from AD Recycle Bin...
Additional DFS Targets
Configure separate application pools for each application
Restore-ADObject cmdlet
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

7. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
NOT be able to store that data on an iSCSI SAN
Recommend Active Directory delegation
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP

8. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Implement Network Access Protection (NAP)
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Implement Windows System Resource Manager (WSRM)
Disable Site Link Bridging from the IP properties

9. To build a highly secure server cluster with a reduced attack surface area
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Enable Windows Remote Management (WinRM) on each server.
Disable Site Link Bridging from IP Properties
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions

10. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

11. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Recommend Offline Files
Dfsrdiag
Deploy the Root CA certificate to the external computers.
DSMOD - ADUC

12. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Create and deploy a logon script that runs Auditpol.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Modify the schema of LDSInst1
Microsoft Desktop Optimization Pack (MDOP)

13. You need to deploy a sales application that only the sales users must have access to
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Deploy a GPO for the Sales OU
DSMOD

14. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Run net stop ntds
Role Separation
Ldp
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

15. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Network Load Balancing (NLB) cluster
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Assign the application to computers in the PC OU

16. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Network Load Balancing (NLB)
Winrm quickconfig
Deploy a failover cluster that contains one node in each office.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

17. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Windows Server 2003
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
FFL Windows Server 2008 R2
net stop ntds

18. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
The Group Policy Management Console

19. What role to keep same time as an external server?
DSMOD - ADUC
PDC emulator with w32tm.exe
Modify properties of RODC server computer account.
Ntfrsutil

20. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Enable Credential Roaming
Microsoft System Center Data Protection Manager
Microsoft Desktop Optimization Pack (MDOP) to your company
Authorization Manager

21. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

22. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Deploy a GPO to the WebSrvOU
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
From Server1 - run the Create Basic Task Wizard

23. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Group Policy Preferences
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

24. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Dsmgmt
Backup operator's domain local group
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Administrative Role Separation

25. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Use local roles options within "dsmgmt"
Modify the local policy to point to the Internal WSUS server
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

26. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Recommend Active Directory delegation
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Modify the GPO to include folder redirection
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

27. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Then configure GlobalNames zones on each domain controller.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Add George to the Domain Admins group.

28. To modify several user accounts to a new UPN suffix
Microsoft Application Virtualization (AppV)
Create an Active Directory-Integrated zone.
Active Directory Users and Computers utility
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions

29. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Deploy Microsoft System Center Operations Manager (SCOM)
Data Recovery Agent
Subnet object needs to be created
FFL Windows Server 2008 R2

30. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Administrators is the minimum group membership required to complete this procedure.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

31. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Windows Server 2003
Recommend Group Policy preferences
Changed manually
Configure an audit policy by editing the default domain policy and configure Event Forwarding

32. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Ntfrsutil
Then configure auto enrollment of certificates and Credential Roaming.
Windows System Resource Manager (WSRM)
Ensure your account - or the group is a member of the local Administrators group for that specific server.

33. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Microsoft Desktop Optimization Pack (MDOP) to your company
Modify zone transfer settings for company.com zone on DCA
Deploy a failover cluster that contains one node in each office.

34. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Domain based Distributed File System (DFS) namespace and DFS Replication.
An Active Directory subnet object needs to be created.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Implement File Server Resource Manager (FSRM) quotas on the desired servers

35. New Password Policy needs to be created for OU different from domain password policy
Then configure GlobalNames zones on each domain controller.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

36. 4 steps to perform authoritative restore of a deleted OU...
Dsmgmt
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Implement Distributed File System Replication (DFSR) on both servers

37. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Dsmgmt
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Autonomous mode...This allows the local administrator to approve their own updates.

38. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Registry on users computer needs to be modified
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Configure caching on the shared folder and configure offline files to use encryption
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

39. Ensure password length for a group set to 12 characters long while others keep password policy
Printer driver isolation
Microsoft Application Virtualization (AppV)
Add-ADFineGrainedPasswordPolicySubject cmdlet
Implement Windows BitLocker Drive Encryption (BitLocker)

40. To allow a user to administer Active Directory
DFL needs to be Windows Server 2008
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Add the user to the Domain Admins global group
Backup operator's domain local group

41. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Set-ADServiceAccount cmdlet
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Implement Windows System Resource Manager (WSRM)

42. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Ntdsutil

43. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Use local roles options within "dsmgmt"
Your machine and remote desktops

44. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Install and share a printer on a server and then enable printer pooling.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

45. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Configure Audit Special Logon and define Special Groups
Passive file screens
Win2000
Zone transfer settings

46. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
FFL Windows Server 2008 R2
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Create an Active Directory-Integrated zone.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

47. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Zone transfer settings
Use Netsh tool from administrator's computer.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Authorization Manager

48. If subnets are connected by CISCO router that is RFC-1542 compliant
Active Directory Domains and Trusts
Multipath I/O feature
DSMOD
Use CISCO IP Helper command to configure.

49. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Perform an authoritative restore
An Active Directory subnet object needs to be created.
Event Viewer

50. What should be done to resolve names by using GlobalNames zone?
AD RMS
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
dnscmd tool
Prestage the computer account in AD