Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Configure block inheritance on the IT OU
Changed manually
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

2. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

3. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Run net stop ntds
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

4. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Restore-ADObject cmdlet
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

5. What should be done to resolve names by using GlobalNames zone?
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
dnscmd tool
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

6. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

7. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Incoming external trust
dnscmd tool
Windows Deployment Services (WDS)
Role Separation

8. To allow a user to administer Active Directory
Add-ADFineGrainedPasswordPolicySubject cmdlet
Add the user to the Domain Admins global group
Configure offline files and enable manual caching
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

9. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
DSMOD
Back up to an external USB drive by using Windows Server Backup
Certificate Templates
Create a Network Load Balancing cluster.

10. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Execute the Set-ADServiceAccount cmdlet
Implement a GPO for each domain
Microsoft SharePoint Foundation 2010
Install From Media IFM

11. To defragment and AD database...
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Raise the DFL to Windows Server 2008 R2.
NOT be able to store that data on an iSCSI SAN
net stop ntds

12. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

13. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
IIS Manager user account
Administrative Role Separation
Configure Firewall Group Policies and link them at the Domain level

14. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Configure authorization rules for Web developers on each web server

15. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Active Directory snapshots and Tombstone reanimation
Windows BitLocker Drive Encryption (Bit Locker)
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Configure caching on the shared folder (offline files)

16. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Certificate Templates
MEDV to deploy virtual desktops
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

17. Capture all replication errors from all your DCs to a central location...
Then use Windows Deployment Services (WDS)
Configure event log subscriptions
Perform an authoritative restore
Implement a domain-based DFS namespace that uses replication

18. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
From Server1 - run the Create Basic Task Wizard
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
IIS Chared Configuration
Encrypting File System (EFS). This can be enabled locally or through a GPO.

19. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Service user account for AD LDS
ntdsutil
Include a server that runs Microsoft Office SharePoint Server 2010
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

20. If a file server reaches 15% free disk space - you could free up some disk space by
Microsoft Application Virtualization (AppV)
Assign the application to computers in the PC OU
Creating a data collector set that kick off a scritp that either move or delete files.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

21. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Then use Windows BitLocker Drive Encryption
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install and share a printer on a server and then enable printer pooling.

22. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Properties of PSO need modified
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

23. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Then configure auto enrollment of certificates and Credential Roaming.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Deploy a failover cluster that uses Node and File Share Disk Majority

24. If you need secure method to verify validity of individual certificates and minimize network bandwidth
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

25. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Purchase one additional Enterprise License

26. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Autonomous mode...This allows the local administrator to approve their own updates.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

27. To restore deleted user account from AD Recycle Bin...
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Restore-ADObject cmdlet
Assign the application to all client computers by using a GPO.
WSUS server in the branch office in replica mode.

28. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Implement GPO for all client computers
Backup operator's domain local group
Configure Firewall Group Policies and link them at the Domain level
Implement the Windows Search Service.

29. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Deploy a GPO for the Sales OU
Enable Windows Remote Management (WinRM) on each server.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

30. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
DSMOD - ADUC
Modify the GPO to include folder redirection
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

31. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Deploy a GPO to the WebSrvOU
Assign the application to computers in the PC OU

32. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
Recommend Active Directory delegation
Administrative Role Separation
Install From Media IFM

33. 4 steps to perform offline Defragmentation of AD database...
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Recommend Active Directory delegation
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

34. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
DSMOD
Implement Windows BitLocker Drive Encryption (BitLocker)
Domain based DFS namespace and configure a DFS replication group

35. You need to design your WSUS infrastructure so that updates are highly available. To do so
Dsmgmt
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Configure Firewall Group Policies and link them at the Domain level
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.

36. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Then use Windows Deployment Services (WDS) on DHCP1.
A relying party trust should be created.
Dfsrdiag
Deploy it by using Group Policy Software Installation method

37. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Import-Module
MEDV to deploy virtual desktops
From Server A - run Create Basic Task Wizard

38. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Create an e-mail account in AD DS for your RMS users.
Assign the application to computers in the PC OU
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Role Separation

39. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Implement Windows System Resource Manager (WSRM) and configure user policies
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

40. You need to allow a user to add a single computer to a domain - without any additional rights...
Additional DFS Targets
Microsoft Desktop Optimization Pack (MDOP)
Prestage the computer account in AD
Repadmin

41. You need a solution that meets policy while minimizing hardware and software costs
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Create a new Password Settings Object (PSO) for the IT users.

42. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Modify the GPO to include folder redirection
Configure separate application pools for each application
Zone transfer settings
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

43. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Install Hyper-V role and convert physical machines into virtual machines
Create an e-mail account in AD DS for your RMS users.
MEDV to deploy virtual desktops
Active Directory Domains and Trusts

44. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Microsoft System Center Data Protection Manager
Implement Windows System Resource Manager (WSRM)
Configure Audit Special Logon and define Special Groups
Then use Windows Deployment Services (WDS) on DHCP1.

45. An AD LDS instance needs to be replicated from one server to another...
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Service user account for AD LDS
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

46. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
File Server Resource Manager (FSRM) quotas and file screens
Configure caching on the shared folder (offline files)
Event Log Subscriptions
net stop ntds

47. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Group Policy Preferences
Implement a GPO for each domain
Multipath I/O feature
New ACCOUNT STORE should be added and configured

48. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy it by using Group Policy Software Installation method
Active Directory snapshots and Tombstone reanimation
Disable Site Link Bridging from IP Properties
Deploy the Root CA certificate to the external computers.

49. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Configure RODC for Administrator Role Separation

50. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Install the RSAT tool on their workstation to provide for more efficient network management
Create an e-mail account in AD DS for your RMS users.
Data Recovery Agent
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.