Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Then use on install image file that contains a single install image.
Install From Media IFM

2. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Domain based DFS namespace and configure a DFS replication group

3. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
FILES option within Ntdsutil
Winrm quickconfig
Administrators is the minimum group membership required to complete this procedure.
Additional DFS Targets

4. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
dnscmd tool
Implement Windows System Resource Manager (WSRM)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

5. To restore deleted user account from AD Recycle Bin...
Install From Media IFM
Restore-ADObject cmdlet
Configure folder redirection
Dfsrdiag

6. What should be done so application does not fail after 30 days while still keeping password policy in mind?
AD RMS
Active Directory Domains and Trusts
Set-ADServiceAccount cmdlet
Win2000

7. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Service user account for AD LDS
Test-AppLockerPolicy
Configure caching on the shared folder and configure offline files to use encryption
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.

8. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Recommend GPT and basic disks
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Dsmgmt
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

9. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
PowerShell 2.0
WDS
Create a Central Store
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

10. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Implement Windows BitLocker Drive Encryption (BitLocker)
Printer driver isolation
Configure event log subscriptions

11. File that contains the last logon time and custom attributes values for each user in your forest.
Get-ADUser cmdlet
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
dnscmd tool

12. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Modify the GPO to include folder redirection
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

13. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
AD Domains and Trusts
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Disable Site Link Bridging from the IP properties

14. To minimize the amount of storage required you should recommend
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Share and Storage Management
DSMOD - ADUC

15. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Configure authorization rules for Web developers on each web server
Zone transfer settings
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

16. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
dnscmd
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Create a new Password Settings Object (PSO) for the IT users.

17. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Basic Authentication and SSL
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Certificate Templates

18. 4 steps to perform authoritative restore of a deleted OU...
Network Load Balancing (NLB) cluster
Install Windows Server Backup and modify the Windows firewall settings
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Your machine and remote desktops

19. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Distributed File System (DFS) Replication
Winrm quickconfig
Implement folder redirection by using GPO. Then backup the folder redirection target.

20. If a file server reaches 15% free disk space - you could free up some disk space by
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Creating a data collector set that kick off a scritp that either move or delete files.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
FFL Windows Server 2008 R2

21. To enable the AD Recycle Bin
Configure Audit Special Logon and define Special Groups
Dynamically expanding VHD's
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Enable - ADoptionalFeature cmdlet

22. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Microsoft Application Virtualization (AppV)
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Get-ADUser cmdlet
Implement File Server Resource Manager (FSRM) quotas on the desired servers

23. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Run adprep /forestprep and adprep /domainprep

24. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Certificate Templates
Enable Windows Remote Management (WinRM) on each server.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

25. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Active Directory Domains and Trusts
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Microsoft Desktop Optimization Pack (MDOP)
Deploy a GPO for the Sales OU

26. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Registry on users computer needs to be modified
Create ADMX and ADML files. Configure the GPO and link it to the domain.
From Server1 - run the Create Basic Task Wizard
Domain based DFS namespace and configure a DFS replication group

27. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Deploy a failover cluster that uses Node and File Share Disk Majority
Your machine and remote desktops
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

28. If you need to delegate control of server to remote admins group
Configure RODC for Administrator Role Separation
Create a MEDV workspace
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions

29. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
From Server A - run Create Basic Task Wizard
Offline domain join

30. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Zone transfer settings
Implement Windows System Resource Manager (WSRM)
Create ADMX and ADML files. Configure the GPO and link it to the domain.

31. To identify users who bypass the new corporate security policy -
Configure Audit Special Logon and define Special Groups
Raise the DFL to Windows Server 2008 R2.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Windows Server 2003

32. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

33. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Dfsrdiag
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Implement File Server Resource Manager (FSRM) quotas on the desired servers
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

34. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Create an e-mail account in AD DS for your RMS users.
Perform an authoritative restore
Network Load Balancing (NLB) cluster

35. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Then install new Server 2008 R2 Enterprise subordinate CA.
Modify the local policy to point to the Internal WSUS server
MEDV to deploy virtual desktops
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

36. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Backup operator's domain local group
Ldp

37. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Software Restriction Polices
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

38. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
AD Domains and Trusts
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Add George to the Domain Admins group.
Assign the application to all client computers by using a GPO.

39. New Password Policy needs to be created for OU different from domain password policy
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
New ACCOUNT STORE should be added and configured
Refresh the zone on DNS2

40. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Purchase one additional Enterprise License
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

41. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Create and deploy a logon script that runs Auditpol.
Network Load Balancing (NLB)

42. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

43. If you need to minimize the bandwidth for installation
Basic Authentication and SSL
Utilize IFM (Install From Media)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

44. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Implement Windows System Resource Manager (WSRM) and configure user policies
Deploy it by using Group Policy Software Installation method

45. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

46. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Implement GPO for all client computers
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Dsmgmt

47. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
FFL Windows Server 2008 R2
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Test-AppLockerPolicy

48. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

49. To delegate authority to users to manage only certain areas in Hyper-V use the
Implement one LUN for the quorum and another LUN for the data
Assign the application to computers in the PC OU
Authorization Manager role assignment
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations

50. If you want to allow single-label name resolution
Then configure GlobalNames zones on each domain controller.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Install From Media IFM
Create an e-mail account in AD DS for your RMS users