Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to allow a user to add a single computer to a domain - without any additional rights...
WDS
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Prestage the computer account in AD
Active Directory snapshots and Tombstone reanimation

2. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
DFL needs to be Windows Server 2008
A Distributed File System (DFS) namespace
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Subnet object needs to be created

3. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
File Server Resource Manager (FSRM) quotas and file screens
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Dsmgmt
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.

4. If you need to delegate control of server to remote admins group
AD RMS
Implement GPO for all client computers
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Configure RODC for Administrator Role Separation

5. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Windows Deployment Services (WDS)
Configure offline files and enable manual caching
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Domain based DFS namespace and configure a DFS replication group

6. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Administrative Role Separation
Implement a domain-based DFS namespace that uses replication
Autonomous mode...This allows the local administrator to approve their own updates.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

7. If a file server reaches 15% free disk space - you could free up some disk space by
Data Recovery Agent
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Creating a data collector set that kick off a scritp that either move or delete files.

8. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Add George to the Domain Admins group.
DISABLE slow link detection in the GPO
Implement Distributed File System Replication (DFSR) on both servers
Run auditpol and then configure the Security settings of the Domain Controllers OU.

9. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Your machine and remote desktops
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

10. to make shares at a remote location available to users you should implement this.
net stop ntds
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Domain based Distributed File System (DFS) namespace and DFS Replication.

11. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Event Log Subscriptions
Implement folder redirection by using GPO. Then backup the folder redirection target.

12. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Winrm quickconfig
Subnet object needs to be created
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

13. The strongest form of NAP is
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Use CISCO IP Helper command to configure.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Offline domain join

14. If you need to minimize the bandwidth for installation
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
An Active Directory subnet object needs to be created.
Utilize IFM (Install From Media)

15. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Dfsrdiag
Modify properties of RODC server computer account.
Implement Distributed File System Replication (DFSR) on both servers
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

16. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Deploy Microsoft System Center Operations Manager (SCOM)
Use local roles options within "dsmgmt"
MEDV to deploy virtual desktops

17. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Microsoft Desktop Optimization Pack (MDOP)
Dsmgmt
Create a Network Load Balancing cluster.

18. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Disable Site Link Bridging from the IP properties
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Create and deploy a logon script that runs Auditpol.
Perform an authoritative restore

19. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Modify the GPO to include folder redirection
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Windows Server 2003
Implement one LUN for the quorum and another LUN for the data

20. to increase the reliability of the print server - configure...
Printer driver isolation
Improve the performance of File Servers
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Offline domain join

21. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

22. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
djoin /requesteodj from internal server - djoin /provision from outside server/PC

23. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Then use Windows Deployment Services (WDS)
Authorization Manager
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

24. What should be done first to defragment the AD database?
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Run net stop ntds
Prestage the computer account in AD
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

25. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Recommend Group Policy preferences
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).

26. Ensure password length for a group set to 12 characters long while others keep password policy
Add-ADFineGrainedPasswordPolicySubject cmdlet
Create a standard secondary of domain and create standard secondary of other domain.
Improve the performance of File Servers
Active Directory Users and Computers

27. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Enable Credential Roaming
Configure authorization rules for Web developers on each web server
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement a domain-based DFS namespace that uses replication

28. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Then use Windows Deployment Services (WDS) on DHCP1.
Improve the performance of File Servers
Role Separation
djoin /requesteodj from internal server - djoin /provision from outside server/PC

29. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

30. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
dnscmd
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Repadmin

31. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Use the Local Roles options with dsmgmt.
Set-ADServiceAccount cmdlet

32. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Implement Network Access Protection (NAP)
DSMOD
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

33. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Zone transfer settings
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Add the new UPN Suffix to the forest
Purchase one additional Enterprise License

34. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Event Viewer
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Install Hyper-V role and convert physical machines into virtual machines
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

35. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Install and share a printer on a server and then enable printer pooling.
Win2000 Native
PDC emulator with w32tm.exe
Enable Windows Remote Management (WinRM) on each server.

36. PowerShell script to create user accounts with passwords from a file called password.csv
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Configure block inheritance on the IT OU

37. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Printer driver isolation
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

38. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Active Directory Right Management Services (AD RMS)
Use the Local Roles options with dsmgmt.
Deploy it by using Group Policy Software Installation method
Microsoft System Center Data Protection Manager

39. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Autonomous mode...This allows the local administrator to approve their own updates.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

40. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Implement a domain-based DFS namespace that uses replication
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Active Directory Users and Computers
Deploy Microsoft System Center Operations Manager (SCOM)

41. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
ntdsutil
Configure the zone as an Activde Directory-Integrated zone.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

42. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Windows BitLocker Drive Encryption (Bit Locker)
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Administrators is the minimum group membership required to complete this procedure.

43. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
MEDV to deploy virtual desktops
Basic Authentication and SSL
Upgrading DFS to Windows Server 2008 R2
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

44. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Enable Windows Remote Management (WinRM) on the servers.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Authorization Manager

45. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Disable Site Link Bridging from IP Properties
IIS Chared Configuration
Create a standard secondary of domain and create standard secondary of other domain.
Enable - ADoptionalFeature cmdlet

46. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Add the new UPN suffix to the forest.
Create an Active Directory-Integrated zone.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

47. You need to design your WSUS infrastructure so that updates are highly available. To do so
Network Load Balancing (NLB)
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Get-ADUser cmdlet
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.

48. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Implement a domain-based DFS namespace that uses replication
Configure event log subscriptions
Install the RSAT tool on their workstation to provide for more efficient network management
Additional DFS Targets

49. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Role Separation
Use CISCO IP Helper command to configure.
Deploy Microsoft System Center Operations Manager (SCOM)

50. What GPO setting should be configured to prevent all users from running an application?
Create a new Password Settings Object (PSO) for the IT users.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Active Directory Right Management Services (AD RMS)
Software Restriction Polices