Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Disable Site Link Bridging from the IP properties

2. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
PDC emulator with w32tm.exe
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

3. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Configure the zone as an Activde Directory-Integrated zone.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

4. To create AD Domain Services snapshot
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Recommend Offline Files
Ntdsutil
Event Viewer

5. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Group Policy Preferences
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Then configure auto enrollment of certificates and Credential Roaming.

6. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Configure folder redirection
The Group Policy Management Console
File Server Resource Manager (FSRM) quotas and file screens
Add-ADFineGrainedPasswordPolicySubject cmdlet

7. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Include a server that runs Microsoft Office SharePoint Server 2010
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Active Directory Domains and Trusts

8. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
DISABLE slow link detection in the GPO
Run the Delegation of Control Wizard on the Staff OU
Active Directory snapshots and Tombstone reanimation
Purchase one additional Enterprise License

9. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Implement Windows System Resource Manager (WSRM) and configure user policies
Passive file screens
Use a GPO to configure device installation restrictions

10. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

11. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Dfsrdiag
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

12. To configure Administrator Role Separation for an RODC
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

13. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Microsoft Application Virtualization (AppV)
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office

14. Need to access some resources in another domain that is part of another forest...What trust is created?
Configure authorization rules for Web developers on each web server
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Incoming external trust
Deploy a GPO to the WebSrvOU

15. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Recommend Offline Files
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Configure RODC for Administrator Role Separation

16. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Microsoft Application Virtualization (AppV)
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Create a Network Load Balancing cluster.

17. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Multipath I/O feature
Group Policy Preferences
AD Rights Management Services
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

18. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
Microsoft Application Virtualization (AppV)
Run adprep /forestprep and adprep /domainprep
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

19. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Configure the zone as an Activde Directory-Integrated zone.
New ACCOUNT STORE should be added and configured
Certificate Templates
Assign the application to all client computers by using a GPO.

20. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Modify properties of RODC server computer account.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Windows XP Mode

21. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Administrators is the minimum group membership required to complete this procedure.
Windows System Resource Manager (WSRM)
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

22. To backup Virtual Machines
Implement Windows System Resource Manager (WSRM) and configure user policies
Storage manager for SANs
ntdsutil
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

23. Auditing the deletion of Registry keys on all Domain Controllers
Storage manager for SANs
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Deploy the Root CA certificate to the external computers.
Authorization Manager role assignment

24. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Discover the run Microsoft Baseline Security Analyzer (MBSA)
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

25. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Event Subscriptions
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Configure caching on the shared folder and configure offline files to use encryption

26. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Authorization Manager role assignment
Execute the Set-ADServiceAccount cmdlet
Implement Shadow Copies
Multipath I/O feature

28. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Deploy a failover cluster that contains one node in each office.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Windows BitLocker Drive Encryption (Bit Locker)

29. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
An Active Directory subnet object needs to be created.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

30. You need to recommend a BitLocker recovery method you should recommend this.
Software Restriction Polices
Data Recovery Agent
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Set-ADServiceAccount cmdlet

31. What role to keep same time as an external server?
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
PDC emulator with w32tm.exe
Then use on install image file that contains a single install image.
From Server A - run Create Basic Task Wizard

32. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Event Subscriptions
Then use on install image file that contains a single install image.
Use the Local Roles options with dsmgmt.
DSMOD

33. What utility is used to see what accounts cached on RODC?
Active Directory Users and Computers
Set-ADServiceAccount cmdlet
Install From Media IFM
Prestage the computer account in AD

34. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement the Windows Search Service.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Implement Network Access Protection (NAP)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

35. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Improve the performance of File Servers
Configure event log subscriptions
Microsoft Desktop Optimization Pack (MDOP) to your company
Properties of PSO need modified

36. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Set-ADServiceAccount cmdlet
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Administrators is the minimum group membership required to complete this procedure.
Use a GPO to configure device installation restrictions

37. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Then configure GlobalNames zones on each domain controller.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
From Server1 - run the Create Basic Task Wizard
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

38. FFL is...
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Win2000
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

39. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Create a MEDV workspace
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Prestage the computer account in AD
Configure separate application pools for each application

40. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Windows System Resource Manager (WSRM)
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Test-AppLockerPolicy
CAPublishGP group should have the Manage CA permission.

41. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Install and share a printer on a server and then enable printer pooling.
Implement Shadow Copies
Dsmgmt
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

42. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Distributed File System (DFS) Replication
Implement one LUN for the quorum and another LUN for the data
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

43. You need a solution that meets policy while minimizing hardware and software costs
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Create a new Password Settings Object (PSO) for the IT users.
Create an e-mail account in AD DS for your RMS users.
Windows Server 2003

44. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

45. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Your machine and remote desktops
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
dsa.msc - dsamain.exe - ntdsutil.exe

46. To enable the AD Recycle Bin
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Install Windows Server Backup and modify the Windows firewall settings
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Enable - ADoptionalFeature cmdlet

47. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
WDS
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
FILES option within Ntdsutil
Windows Deployment Services (WDS)

48. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Upgrading DFS to Windows Server 2008 R2
Assign the application to all client computers by using a GPO.

49. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Dfsrdiag
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Recommend Active Directory delegation
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

50. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Dynamically expanding VHD's
File Server Resource Manager (FSRM) quotas and file screens
Ntfrsutil
Configure an audit policy by editing the default domain policy and configure Event Forwarding