Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Microsoft Desktop Optimization Pack (MDOP) to your company
Run adprep /forestprep and adprep /domainprep
Create an e-mail account in AD DS for your RMS users.
Recommend GPT and basic disks

2. To determine size of AD database file...
Create a MEDV workspace
FFL Windows Server 2008 R2
Utilize IFM (Install From Media)
View properties of %systemroot%ntdsntds.dit

3. UPN Suffix xxxx.com needs to be available for user accounts...
Windows Server 2003
Implement Windows System Resource Manager (WSRM)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Add the new UPN Suffix to the forest

4. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Active Directory Domains and Trusts
PDC emulator with w32tm.exe
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Configure offline files and enable manual caching

5. New password settings object (PSO) created and needs to be applied to user
Properties of PSO need modified
Implement Distributed File System Replication (DFSR) on both servers
Modify the schema of LDSInst1
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

6. To delegate authority to users to manage only certain areas in Hyper-V use the
Enable Windows Remote Management (WinRM) on the servers.
Implement the Windows Search Service.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Authorization Manager role assignment

7. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Create an e-mail account in AD DS for your RMS users.
Deploy the Root CA certificate to the external computers.
File Server Resource Manager (FSRM) quotas and file screens
Increase the tombstone lifetime for the forest.

8. Need to access some resources in another domain that is part of another forest...What trust is created?
Basic Authentication and SSL
Microsoft Desktop Optimization Pack (MDOP) to your company
Incoming external trust
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

9. To create AD Domain Services snapshot
Configure block inheritance on the IT OU
Certificate Templates
AD Domains and Trusts
Ntdsutil

10. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Dfsrdiag
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Use a GPO to configure device installation restrictions

11. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Create a standard secondary of domain and create standard secondary of other domain.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Then use Windows Deployment Services (WDS) on DHCP1.
DSMOD

12. If you want to allow single-label name resolution
Then configure GlobalNames zones on each domain controller.
Implement a domain-based DFS namespace that uses replication
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
dsa.msc - dsamain.exe - ntdsutil.exe

13. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Improve the performance of File Servers
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Recommend Offline Files
Encrypting File System (EFS). This can be enabled locally or through a GPO.

14. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Dsmgmt
Implement Network Access Protection (NAP)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

15. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Deploy it by using Group Policy Software Installation method
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Administrative Role Separation
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

16. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Modify zone transfer settings for company.com zone on DCA
Your machine and remote desktops
Microsoft System Center Data Protection Manager
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

17. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Then configure GlobalNames zones on each domain controller.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Create ADMX and ADML files. Configure the GPO and link it to the domain.

18. Enables you to receive emails when domain users locked out of accounts...
Configure authorization rules for Web developers on each web server
Event Viewer
Active Directory snapshots and Tombstone reanimation
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

19. Need to ensure users receive updated template within five days...
Registry on users computer needs to be modified
Domain based Distributed File System (DFS) namespace and DFS Replication.
Test-AppLockerPolicy
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

20. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Install Hyper-V role and convert physical machines into virtual machines
Multipath I/O feature
DSMOD

21. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Implement Windows System Resource Manager (WSRM) and configure user policies
Modify the schema of LDSInst1
WDS

22. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
dsa.msc - dsamain.exe - ntdsutil.exe
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

23. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Dfsrdiag
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Install and share a printer on a server and then enable printer pooling.

24. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Install Windows Server Backup and modify the Windows firewall settings
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

25. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Subnet object needs to be created
The Group Policy Management console

26. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
NOT be able to store that data on an iSCSI SAN
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Then use Windows Deployment Services (WDS)

27. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Network Load Balancing (NLB)
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Group Policy Preferences
Zone transfer settings

28. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
AD Rights Management Services
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

29. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Implement GPO for all client computers
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Raise the DFL to Windows Server 2008 R2.

30. You need to design your WSUS infrastructure so that updates are highly available. To do so
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Microsoft System Center Data Protection Manager 2010
Share and Storage Management
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

31. When one needs to audit files - folders - printers and the registry enable
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

32. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

33. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Test-AppLockerPolicy
WSUS server in the branch office in replica mode.
Deploy a failover cluster that uses Node and File Share Disk Majority
FFL Windows Server 2008 R2

34. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Add the user to the Domain Admins global group
Subnet object needs to be created
Data Recovery Agent

35. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Repadmin
Create an Active Directory-Integrated zone.
Configure event log subscriptions
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

36. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Group Policy Preferences
Test-AppLockerPolicy
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.

37. In order to ensure highly available Windows Update servers you should create this.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
ntdsutil
Recommend Active Directory delegation

38. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Use CISCO IP Helper command to configure.
Then configure auto enrollment of certificates and Credential Roaming.
Software Restriction Polices
Jill came down with 2.50.

39. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Then configure GlobalNames zones on each domain controller.

40. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Your machine and remote desktops

41. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Windows BitLocker Drive Encryption (Bit Locker)
Ntdsutil

42. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Properties of PSO need modified
Disable Site Link Bridging from the IP properties
Backup operator's domain local group
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

43. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Import-Module
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Distributed File System (DFS) Replication
Modify the local policy to point to the Internal WSUS server

44. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Dynamically expanding VHD's
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Install the RSAT tool on their workstation to provide for more efficient network management
Modify the schema of LDSInst1

45. To minimize the amount of storage required you should recommend
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Administrators is the minimum group membership required to complete this procedure.
Share and Storage Management

46. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Storage manager for SANs
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

47. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
PDC emulator with w32tm.exe
Repadmin
Microsoft Application Virtualization (AppV)
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

48. You need to relocate an AD LDS instance from C: Drive to D: Drive
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Software Restriction Polices
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

49. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Perform an authoritative restore
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

50. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
NOT be able to store that data on an iSCSI SAN
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Configure block inheritance on the IT OU