Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

2. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Active Directory Users and Computers
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Event Viewer
Administrative Role Separation

3. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
An Active Directory subnet object needs to be created.
Windows XP Mode
Then use Windows Deployment Services (WDS) on DHCP1.
Ntfrsutil

4. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Then use on install image file that contains a single install image.
Configure the zone as an Activde Directory-Integrated zone.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Modify the GPO to include folder redirection

5. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Implement Distributed File System Replication (DFSR) on both servers
Implement a Remote Desktop Connection Broker (RD Connection Broker)

6. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Execute the Set-ADServiceAccount cmdlet
Windows Server 2003
Configure the zone as an Activde Directory-Integrated zone.

7. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Restore-ADObject cmdlet
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

8. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Test-AppLockerPolicy
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement folder redirection by using GPO. Then backup the folder redirection target.

9. What utility is used to see what accounts cached on RODC?
Repadmin
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Active Directory Users and Computers
Create an Active Directory-Integrated zone.

10. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Test-AppLockerPolicy
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Install Windows Server Backup and modify the Windows firewall settings
Implement folder redirection by using GPO. Then backup the folder redirection target.

11. What should be done first to defragment the AD database?
Dfsrdiag
Authorization Manager
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Run net stop ntds

12. To recover objects deleted from Active Directory you should recommend
Active Directory snapshots and Tombstone reanimation
Folder redirection. Folder redirection is also useful when using roamin profiles.
Modify zone transfer settings for company.com zone on DCA
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

13. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Encrypting File System (EFS). This can be enabled locally or through a GPO.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Create an e-mail account in AD DS for your RMS users.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

14. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Windows Server 2003

15. to increase the reliability of the print server - configure...
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Printer driver isolation
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
DISABLE slow link detection in the GPO

16. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Active Directory Domains and Trusts
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Create a standard secondary of domain and create standard secondary of other domain.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

17. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
From Server1 - run the Create Basic Task Wizard
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Ntdsutil
Authorization Manager

18. When deploying an application using the Group Policy distribution method assign the...
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Deploy the Root CA certificate to the external computers.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

19. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Printer driver isolation
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Microsoft System Center Data Protection Manager
Registry on users computer needs to be modified

20. Striped volumes
Improve the performance of File Servers
Dfsrdiag
Then configure auto enrollment of certificates and Credential Roaming.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

21. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Domain based DFS namespace and configure a DFS replication group
Include a server that runs Microsoft Office SharePoint Server 2010
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Active Directory Users and Computers

22. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Deploy a failover cluster that uses Node and File Share Disk Majority

23. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Deploy it by using Group Policy Software Installation method
Include a server that runs Microsoft Office SharePoint Server 2010
Set-ADServiceAccount cmdlet
Purchase one additional Enterprise License

24. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Implement Shadow Copies
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Create a MEDV workspace
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

25. To allow a user to administer Active Directory
Administrative Role Separation
Add the user to the Domain Admins global group
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

26. Ensure password length for a group set to 12 characters long while others keep password policy
AD RMS
Add-ADFineGrainedPasswordPolicySubject cmdlet
Software Restriction Polices
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

27. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add George to the Domain Admins group.
Microsoft Desktop Optimization Pack (MDOP) to your company
Then configure GlobalNames zones on each domain controller.
Winrm quickconfig

28. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Microsoft Desktop Optimization Pack (MDOP)
Deploy a failover cluster that uses Node and File Share Disk Majority
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

29. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Test-AppLockerPolicy
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Repadmin
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

30. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

31. To backup to tape/robotic tape and to backup VMs you must use...
Install the RSAT tool on their workstation to provide for more efficient network management
Implement folder redirection by using GPO. Then backup the folder redirection target.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Microsoft System Center Data Protection Manager 2010

32. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Implement a GPO for each domain
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Import-Module

33. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Configure folder redirection
Share and Storage Management
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

34. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Add the user to the Domain Admins global group
Add the new UPN suffix to the forest.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

35. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
PowerShell 2.0
Deploy a GPO for the Sales OU
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

36. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

37. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Enable Windows Remote Management (WinRM) on the servers.
Run adprep /forestprep and adprep /domainprep
DSMOD - ADUC

38. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Autonomous mode...This allows the local administrator to approve their own updates.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Configure Audit Special Logon and define Special Groups
Deploy a GPO to the WebSrvOU

39. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
DSMOD - ADUC
Configure folder redirection
Repadmin
Deploy it by using Group Policy Software Installation method

40. If subnets are connected by CISCO router that is RFC-1542 compliant
Test-AppLockerPolicy
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Use CISCO IP Helper command to configure.
Distributed File System (DFS) Replication

41. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Network Load Balancing (NLB) cluster
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

42. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Implement Windows BitLocker Drive Encryption (BitLocker)
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

43. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Restore-ADObject cmdlet
Domain based Distributed File System (DFS) namespace and DFS Replication.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Enable Credential Roaming

44. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Ldp
Dfsrdiag
Install and share a printer on a server and then enable printer pooling.

45. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
The Group Policy Management Console
Add the new UPN suffix to the forest.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Configure caching on the shared folder and configure offline files to use encryption

46. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

47. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Implement a Remote Desktop Connection Broker (RD Connection Broker)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Use Netsh tool from administrator's computer.

48. To be able to manage all the corporate servers from a workstation - you must install the
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Restore-ADObject cmdlet
Active Directory Users and Computers

49. 2 ways to relocate user and computer accounts to different OUs
Configure Firewall Group Policies and link them at the Domain level
DSMOD - ADUC
Disable Site Link Bridging from IP Properties
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

50. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Upgrading DFS to Windows Server 2008 R2
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Multipath I/O feature