Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Ldp
Test-AppLockerPolicy
Administrators is the minimum group membership required to complete this procedure.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

2. to prevent VMs from receiving updats from a group policy
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Install and share a printer on a server and then enable printer pooling.
Properties of PSO need modified
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

3. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

4. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
An Active Directory subnet object needs to be created.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

5. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Add the new UPN Suffix to the forest
Then use Windows Deployment Services (WDS)
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Create an e-mail account in AD DS for your RMS users.

6. In order to ensure highly available Windows Update servers you should create this.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
The Group Policy Management Console
Then install new Server 2008 R2 Enterprise subordinate CA.

7. To update ADRMS password...
Deploy the Root CA certificate to the external computers.
Create an Active Directory-Integrated zone.
Deploy Microsoft System Center Operations Manager (SCOM)
AD Rights Management Services

8. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Jill came down with 2.50.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Windows Server 2003

9. When recommending a monitoring solution for an application so that it's events can be stored in a central
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Event Subscriptions
Set-ADServiceAccount cmdlet

10. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Enable Credential Roaming
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

11. 4 steps to perform authoritative restore of a deleted OU...
Implement the Windows Search Service.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

12. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
A Distributed File System (DFS) namespace
Disable Site Link Bridging from the IP properties
Implement Shadow Copies

13. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Use local roles options within "dsmgmt"
DSMOD - ADUC
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

14. If you need to be able to create shared folders on Server 2008 R2
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Jill came down with 2.50.
Configure block inheritance on the IT OU

15. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Implement Network Access Protection (NAP)
Configure caching on the shared folder and configure offline files to use encryption
Assign the application to all client computers by using a GPO.

16. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Distributed File System (DFS) Replication
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

17. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Offline domain join
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

18. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

19. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Software Restriction Polices
dnscmd
Deploy Microsoft System Center Operations Manager (SCOM)

20. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Certificate Templates
Refresh the zone on DNS2
Install and share a printer on a server and then enable printer pooling.

21. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Group Policy Preferences
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Deploy a GPO to the WebSrvOU
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

22. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Disable Site Link Bridging from IP Properties
Implement folder redirection by using GPO. Then backup the folder redirection target.
Use local roles options within "dsmgmt"
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

23. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Incoming external trust
Deploy it by using Group Policy Software Installation method
Implement Windows BitLocker Drive Encryption (BitLocker)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

24. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Add George to the Domain Admins group.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Raise the DFL to Windows Server 2008 R2.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

25. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Modify the schema of LDSInst1
A Distributed File System (DFS) namespace
Use the Local Roles options with dsmgmt.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

26. To enable the AD Recycle Bin
Dsmgmt
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Configure the zone as an Activde Directory-Integrated zone.
Enable - ADoptionalFeature cmdlet

27. To allow a user to administer Active Directory
Configure RODC for Administrator Role Separation
Ntfrsutil
Domain based Distributed File System (DFS) will reduce network traffic
Add the user to the Domain Admins global group

28. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Windows System Resource Manager (WSRM)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Implement Network Access Protection (NAP)

29. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Event Subscriptions

30. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Administrative Role Separation
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Use a GPO to configure device installation restrictions

31. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Enable Credential Roaming
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.

32. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Run the Delegation of Control Wizard on the Staff OU
Microsoft System Center Data Protection Manager
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

33. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Run adprep /forestprep and adprep /domainprep
Microsoft System Center Data Protection Manager
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

34. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

35. If you need to ensure that data is protected by BitLocker then you will...
NOT be able to store that data on an iSCSI SAN
Configure RODC for Administrator Role Separation
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Attach VHD file created by Windows server backup

36. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Disable Site Link Bridging from IP Properties
Event Subscriptions
Configure event log subscriptions

37. You need to relocate an AD LDS instance from C: Drive to D: Drive
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Create a standard secondary of domain and create standard secondary of other domain.

38. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Create and deploy a logon script that runs Auditpol.
Multipath I/O feature
Microsoft System Center Data Protection Manager
Basic Authentication and SSL

39. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Role Separation
IIS Chared Configuration
Disable Site Link Bridging from IP Properties

40. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Create and deploy a logon script that runs Auditpol.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Use CISCO IP Helper command to configure.

41. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
New ACCOUNT STORE should be added and configured

42. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Zone transfer settings

43. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Implement GPO for all client computers
Role Separation
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Test-AppLockerPolicy

44. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Get-ADUser cmdlet
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up

45. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Perform an authoritative restore
Configure folder redirection
Configure event log subscriptions
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

46. to protect file servers and hard disks that may be at risk of being accessed or stolen
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Implement Windows BitLocker Drive Encryption (BitLocker)
Modify the GPO to include folder redirection
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

47. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Install the RSAT tool on their workstation to provide for more efficient network management
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Enable Windows Remote Management (WinRM) on the servers.
Event Viewer

48. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
From Server A - run Create Basic Task Wizard
Configure the zone as an Activde Directory-Integrated zone.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

49. To ensure that a file on a file server do not leave the organization you must implement this.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
AD RMS
Use local roles options within "dsmgmt"
Encrypting File System (EFS). This can be enabled locally or through a GPO.

50. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Recommend Group Policy preferences
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Dfsrdiag