Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Need to access some resources in another domain that is part of another forest...What trust is created?
An Active Directory subnet object needs to be created.
Incoming external trust
Back up to an external USB drive by using Windows Server Backup
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

2. You need to ensure that the guest account on all servers is disabled to
The Group Policy Management Console
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Deploy a failover cluster that contains one node in each office.
FFL Windows Server 2008 R2

3. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Additional DFS Targets
Backup operator's domain local group
Use Netsh tool from administrator's computer.

4. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Create an e-mail account in AD DS for your RMS users.
Certificate Templates
Install the RSAT tool on their workstation to provide for more efficient network management
Refresh the zone on DNS2

5. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Implement the Windows Search Service.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Repadmin
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

6. To minimize the amount of storage required you should recommend
Storage manager for SANs
Utilize IFM (Install From Media)
Assign the application to all client computers by using a GPO.
Share and Storage Management

7. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
View properties of %systemroot%ntdsntds.dit
Get-ADUser cmdlet
Deploy a failover cluster that contains one node in each office.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.

8. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Winrm quickconfig
Then configure auto enrollment of certificates and Credential Roaming.
Dfsrdiag
Back up to an external USB drive by using Windows Server Backup

9. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Configure caching on the shared folder and configure offline files to use encryption
Dsmgmt
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
IIS Manager user account

10. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Refresh the zone on DNS2
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
DSMOD

11. UPN Suffix xxxx.com needs to be available for user accounts...
Add the new UPN Suffix to the forest
Windows Deployment Services (WDS)
Windows System Resource Manager (WSRM)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

12. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Discover the run Microsoft Baseline Security Analyzer (MBSA)
dsa.msc - dsamain.exe - ntdsutil.exe
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Then configure GlobalNames zones on each domain controller.

13. To add a new UPN for all user accounts...
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
AD Domains and Trusts
dsa.msc - dsamain.exe - ntdsutil.exe

14. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
AD RMS
Administrators is the minimum group membership required to complete this procedure.
Group Policy Preferences
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.

15. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Create an Active Directory-Integrated zone.
Disable Site Link Bridging from the IP properties
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

16. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
fsconfig on FSSrv2
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Group Policy Preferences
Multipath I/O feature

17. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
802.1.x NAP
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Authorization Manager

18. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Install Hyper-V role and convert physical machines into virtual machines
Use a GPO to configure device installation restrictions
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Add the new UPN suffix to the forest.

19. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Modify zone transfer settings for company.com zone on DCA
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Create a MEDV workspace
Deploy Microsoft System Center Operations Manager (SCOM)

20. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Deploy the Root CA certificate to the external computers.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Use a GPO to configure device installation restrictions
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.

21. If users complain that it is hard to find the shared folders on the network implement
Implement Network Access Protection (NAP)
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Additional DFS Targets

22. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Run the Delegation of Control Wizard on the Staff OU
Ntfrsutil

23. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Configure Firewall Group Policies and link them at the Domain level
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Group Policy Preferences

24. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
DISABLE slow link detection in the GPO
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Configure caching on the shared folder (offline files)

25. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Microsoft Application Virtualization (AppV)

26. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Then configure auto enrollment of certificates and Credential Roaming.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Domain based DFS namespace and configure a DFS replication group
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

27. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
AD RMS
Enable Credential Roaming
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

28. When deploying an application using the Group Policy distribution method assign the...
Storage manager for SANs
Add the new UPN suffix to the forest.
Modify the schema of LDSInst1
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

29. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
MEDV to deploy virtual desktops
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Modify the local policy to point to the Internal WSUS server
WDS

30. What utility is used to see what accounts cached on RODC?
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Active Directory Domains and Trusts
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Active Directory Users and Computers

31. FFL is...
Win2000
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Back up to an external USB drive by using Windows Server Backup

32. Ensure password length for a group set to 12 characters long while others keep password policy
Domain based Distributed File System (DFS) will reduce network traffic
Zone transfer settings
Execute the Set-ADServiceAccount cmdlet
Add-ADFineGrainedPasswordPolicySubject cmdlet

33. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Incoming external trust
Implement the Windows Search Service.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

34. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Dsmgmt
Enable - ADoptionalFeature cmdlet
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
From Server1 - run the Create Basic Task Wizard

35. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
DSMOD
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Install and share a printer on a server and then enable printer pooling.
A Distributed File System (DFS) namespace

36. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Create a Network Load Balancing cluster.
Create and deploy a logon script that runs Auditpol.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

37. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Run net stop ntds
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

38. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Event Log Subscriptions
Create ADMX and ADML files. Configure the GPO and link it to the domain.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

39. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
The Group Policy Management console
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Recommend Active Directory delegation

40. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Use the Local Roles options with dsmgmt.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
MEDV to deploy virtual desktops

41. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Administrative Role Separation
Windows Deployment Services (WDS)
Deploy a GPO for the Sales OU
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

42. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Share and Storage Management
Windows Server 2003
Modify the schema of LDSInst1

43. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Active Directory Users and Computers
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Deploy a GPO for the Sales OU

44. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Raise the DFL to Windows Server 2008 R2.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
NOT be able to store that data on an iSCSI SAN

45. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Repadmin
Then install new Server 2008 R2 Enterprise subordinate CA.

46. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Dsmgmt
Windows XP Mode
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

47. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

48. Need to ensure users receive updated template within five days...
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Additional DFS Targets
Registry on users computer needs to be modified
Implement the Windows Search Service.

49. To delegate authority to users to manage only certain areas in Hyper-V use the
Create and deploy a logon script that runs Auditpol.
Authorization Manager role assignment
NOT be able to store that data on an iSCSI SAN
djoin /requesteodj from internal server - djoin /provision from outside server/PC

50. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Get-ADUser cmdlet
The Group Policy Management console