Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Implement a domain-based DFS namespace that uses replication
Create a Central Store
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Create an Active Directory-Integrated zone.

2. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Authorization Manager
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

3. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Microsoft Desktop Optimization Pack (MDOP)

4. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Active Directory Users and Computers
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Dsmgmt
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

5. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Dfsrdiag
Implement a domain-based DFS namespace that uses replication
Event Log Subscriptions
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

6. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Increase the tombstone lifetime for the forest.
PDC emulator with w32tm.exe
Run adprep /forestprep and adprep /domainprep

7. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Attach VHD file created by Windows server backup
The Group Policy Management console
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Properties of PSO need modified

8. To allow a specifc user or group to manage the address information for the user accounts...
Recommend Active Directory delegation
Upgrading DFS to Windows Server 2008 R2
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Configure block inheritance on the IT OU

9. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Zone transfer settings
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
PDC emulator with w32tm.exe
Configure folder redirection

10. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

11. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Then use Windows BitLocker Drive Encryption
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

12. To delegate authority to users to manage only certain areas in Hyper-V use the
Authorization Manager role assignment
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Multipath I/O feature
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

13. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Include a server that runs Microsoft Office SharePoint Server 2010
Domain based DFS namespace and configure a DFS replication group
Software Restriction Polices

14. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Implement the Windows Search Service.
Implement Distributed File System Replication (DFSR) on both servers
Set-ADServiceAccount cmdlet
Run adprep /forestprep and adprep /domainprep

15. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Then use on install image file that contains a single install image.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Configure caching on the shared folder and configure offline files to use encryption
Implement Windows System Resource Manager (WSRM)

16. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Storage manager for SANs
Role Separation

17. New password settings object (PSO) created and needs to be applied to user
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Properties of PSO need modified
Include a server that runs Microsoft Office SharePoint Server 2010

18. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Dfsrdiag
Autonomous mode...This allows the local administrator to approve their own updates.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

19. 4 steps to perform offline Defragmentation of AD database...
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Utilize IFM (Install From Media)
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

20. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

21. UPN Suffix xxxx.com needs to be available for user accounts...
Win2000 Native
Add the new UPN Suffix to the forest
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

22. To allow a user to administer Active Directory
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Add the user to the Domain Admins global group
An Active Directory subnet object needs to be created.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

23. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Increase the tombstone lifetime for the forest.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

24. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Share and Storage Management

25. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
CAPublishGP group should have the Manage CA permission.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Domain based DFS namespace and configure a DFS replication group
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

26. To build a highly secure server cluster with a reduced attack surface area
Execute the Set-ADServiceAccount cmdlet
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Creating a data collector set that kick off a scritp that either move or delete files.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions

27. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Add the new UPN suffix to the forest.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Implement Network Access Protection (NAP)

28. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Repadmin
View properties of %systemroot%ntdsntds.dit
DSMOD - ADUC

29. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Site
From Server1 - run the Create Basic Task Wizard
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

30. Jack and Jill go up the hill - both with a buck and a quarter
PowerShell 2.0
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Configure caching on the shared folder and configure offline files to use encryption
Jill came down with 2.50.

31. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Then install new Server 2008 R2 Enterprise subordinate CA.
Zone transfer settings

32. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Install From Media IFM
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

33. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Create an e-mail account in AD DS for your RMS users.
Dfsrdiag

34. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Changed manually
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Get-ADUser cmdlet

35. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Run the Delegation of Control Wizard on the Staff OU
Active Directory Users and Computers
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

36. What should be done first to defragment the AD database?
Implement a GPO for each domain
Run net stop ntds
Increase the tombstone lifetime for the forest.
Dynamically expanding VHD's

37. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Refresh the zone on DNS2
From Server A - run Create Basic Task Wizard
Use the Local Roles options with dsmgmt.

38. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Prestage the computer account in AD
Backup operator's domain local group

39. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
PDC emulator with w32tm.exe
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Use the Local Roles options with dsmgmt.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

40. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
Active Directory Right Management Services (AD RMS)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure separate application pools for each application

41. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Then use Windows BitLocker Drive Encryption
dnscmd
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

42. Tool to change Directory Services Restore Mode password on Domain Controller...
Run adprep /forestprep and adprep /domainprep
Then configure GlobalNames zones on each domain controller.
ntdsutil
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

43. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

44. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Configure authorization rules for Web developers on each web server
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

45. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Network Load Balancing (NLB) cluster
IIS Chared Configuration
Run auditpol and then configure the Security settings of the Domain Controllers OU.
net stop ntds

46. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Backup operator's domain local group
Test-AppLockerPolicy
Implement Windows System Resource Manager (WSRM)
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

47. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Create a Central Store
Create and deploy a logon script that runs Auditpol.
Passive file screens
Group Policy Preferences

48. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Add the new UPN suffix to the forest.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

49. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
DISABLE slow link detection in the GPO
Purchase one additional Enterprise License
Add the Windows Server Backup feature and Windows System Image recovery.
Add-ADFineGrainedPasswordPolicySubject cmdlet

50. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Test-AppLockerPolicy
Deploy a GPO for the Sales OU
Enable Windows Remote Management (WinRM) on each server.
Configure authorization rules for Web developers on each web server