Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
802.1.x NAP
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Back up to an external USB drive by using Windows Server Backup
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

2. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Windows BitLocker Drive Encryption (Bit Locker)
Configure the zone as an Activde Directory-Integrated zone.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

3. Ensure password length for a group set to 12 characters long while others keep password policy
Add-ADFineGrainedPasswordPolicySubject cmdlet
IIS Chared Configuration
Configure offline files and enable manual caching
Network Load Balancing (NLB)

4. If you need to be able to create shared folders on Server 2008 R2
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Ntfrsutil
Set-ADServiceAccount cmdlet

5. To allow a user to administer Active Directory
Add the user to the Domain Admins global group
Modify the schema of LDSInst1
FFL Windows Server 2008 R2
Configure RODC for Administrator Role Separation

6. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Autonomous mode...This allows the local administrator to approve their own updates.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

7. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
Refresh the zone on DNS2
A relying party trust should be created.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

8. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Add-ADFineGrainedPasswordPolicySubject cmdlet
Then configure GlobalNames zones on each domain controller.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Active Directory Users and Computers

9. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Incoming external trust

10. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Active Directory Users and Computers utility
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Distributed File System (DFS) Replication

11. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Implement GPO for all client computers
File Server Resource Manager (FSRM) quotas and file screens
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Implement Windows System Resource Manager (WSRM) and configure user policies

12. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Deploy a GPO to the WebSrvOU
dnscmd tool
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Event Log Subscriptions

13. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Windows Server 2003
Role Separation
Deploy the Root CA certificate to the external computers.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

14. New password settings object (PSO) created and needs to be applied to user
Your machine and remote desktops
Enable - ADoptionalFeature cmdlet
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Properties of PSO need modified

15. If users complain that it is hard to find the shared folders on the network implement
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Additional DFS Targets

16. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
PowerShell 2.0
Passive file screens
Add-ADFineGrainedPasswordPolicySubject cmdlet
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.

17. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

18. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
dnscmd
Import-Module
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

19. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
From Server A - run Create Basic Task Wizard
Then configure GlobalNames zones on each domain controller.
Improve the performance of File Servers

20. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based Distributed File System (DFS) will reduce network traffic
File Server Resource Manager (FSRM) quotas and file screens
Network Load Balancing (NLB) cluster
Domain based DFS namespace and configure a DFS replication group

21. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
fsconfig on FSSrv2
Implement Windows System Resource Manager (WSRM) and configure user policies
Then use Windows Deployment Services (WDS)
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

22. In order to ensure highly available Windows Update servers you should create this.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Domain based Distributed File System (DFS) namespace and DFS Replication.
NOT be able to store that data on an iSCSI SAN

23. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Back up to an external USB drive by using Windows Server Backup
Authorization Manager role assignment
WSUS server in the branch office in replica mode.
Use the Local Roles options with dsmgmt.

24. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Deploy a failover cluster that uses Node and File Share Disk Majority
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Active Directory Right Management Services (AD RMS)
Create and deploy a logon script that runs Auditpol.

25. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Enable Windows Remote Management (WinRM) on the servers.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

26. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Microsoft SharePoint Foundation 2010
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Assign the application to computers in the PC OU
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

27. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
WSUS server in the branch office in replica mode.
Test-AppLockerPolicy
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

28. To recover objects deleted from Active Directory you should recommend
Active Directory snapshots and Tombstone reanimation
dsa.msc - dsamain.exe - ntdsutil.exe
Add the new UPN suffix to the forest.
Microsoft Desktop Optimization Pack (MDOP) to your company

29. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Software Restriction Polices
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Configure authorization rules for Web developers on each web server

30. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Raise the DFL to Windows Server 2008 R2.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Dfsrdiag

31. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement Windows System Resource Manager (WSRM)
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

32. Need to ensure users receive updated template within five days...
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Registry on users computer needs to be modified
Certificate Templates
Event Log Subscriptions

33. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Dfsrdiag
Use CISCO IP Helper command to configure.
Authorization Manager

34. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Domain based Distributed File System (DFS) namespace and DFS Replication.
Microsoft SharePoint Foundation 2010
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Create ADMX and ADML files. Configure the GPO and link it to the domain.

35. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.

36. To configure Administrator Role Separation for an RODC
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Microsoft Desktop Optimization Pack (MDOP) to your company
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

37. To deploy templates across the organization
Then install new Server 2008 R2 Enterprise subordinate CA.
Active Directory Domains and Trusts
Create an e-mail account in AD DS for your RMS users.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

38. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Get-ADUser cmdlet
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Create and deploy a logon script that runs Auditpol.

39. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Share and Storage Management
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Add George to the Domain Admins group.
Folder redirection. Folder redirection is also useful when using roamin profiles.

40. If you need to allow an external partner's computer to access internal network resources by using SSTP
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Deploy the Root CA certificate to the external computers.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

41. PowerShell script to create user accounts with passwords from a file called password.csv
Enable Windows Remote Management (WinRM) on the servers.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Enable - ADoptionalFeature cmdlet
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

42. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Enable Windows Remote Management (WinRM) on each server.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Modify properties of RODC server computer account.
Implement Shadow Copies

43. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
dnscmd
Implement Windows System Resource Manager (WSRM) and configure user policies
Implement folder redirection by using GPO. Then backup the folder redirection target.
Properties of PSO need modified

44. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

45. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Create a MEDV workspace
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Backup operator's domain local group

46. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Back up to an external USB drive by using Windows Server Backup

47. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Repadmin
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
dsa.msc - dsamain.exe - ntdsutil.exe

48. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Create an e-mail account in AD DS for your RMS users.
Microsoft System Center Data Protection Manager
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

49. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Recommend Active Directory delegation
Modify the schema of LDSInst1
Registry on users computer needs to be modified
Raise the DFL to Windows Server 2008 R2.

50. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Use local roles options within "dsmgmt"
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management