Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Windows XP Mode
Configure the zone as an Activde Directory-Integrated zone.
Implement GPO for all client computers

2. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Modify the GPO to include folder redirection
Dsmgmt
Then use Windows Deployment Services (WDS)
Recommend GPT and basic disks

3. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Implement a domain-based DFS namespace that uses replication
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Dsmgmt
Ldp

4. To be able to manage all the corporate servers from a workstation - you must install the
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Install From Media IFM
Implement Windows BitLocker Drive Encryption (BitLocker)
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

5. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Your machine and remote desktops
Create a Network Load Balancing cluster.

6. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

7. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Implement File Server Resource Manager (FSRM) quotas on the desired servers
dsa.msc - dsamain.exe - ntdsutil.exe
Windows XP Mode
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

8. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Incoming external trust
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Microsoft Desktop Optimization Pack (MDOP)
Use a GPO to configure device installation restrictions

9. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

10. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Create a Network Load Balancing cluster.

11. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Administrators is the minimum group membership required to complete this procedure.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Encrypting File System (EFS). This can be enabled locally or through a GPO.

12. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Import-Module
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

13. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
From Server1 - run the Create Basic Task Wizard
Active Directory Users and Computers utility
Test-AppLockerPolicy

14. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Implement a GPO for each domain
Create a standard secondary of domain and create standard secondary of other domain.
Active Directory Users and Computers

15. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Site
Group Policy Preferences
Create an Active Directory-Integrated zone.

16. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Authorization Manager role assignment
Create a MEDV workspace
Deploy a failover cluster that uses Node and File Share Disk Majority

17. When service account passwords need to be changed for SQL they should be...
Implement a domain-based DFS namespace that uses replication
Changed manually
Add the Windows Server Backup feature and Windows System Image recovery.
Domain based Distributed File System (DFS) will reduce network traffic

18. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

19. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
From Server1 - run the Create Basic Task Wizard
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Create a new Password Settings Object (PSO) for the IT users.
Modify the schema of LDSInst1

20. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Dynamically expanding VHD's
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

21. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Microsoft Desktop Optimization Pack (MDOP) to your company
Assign the application to all client computers by using a GPO.
Prestage the computer account in AD
Implement Network Access Protection (NAP)

22. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Use the Local Roles options with dsmgmt.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

23. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Create a Central Store
Recommend GPT and basic disks
Disable Site Link Bridging from the IP properties

24. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Offline domain join
Configure caching on the shared folder (offline files)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Upgrading DFS to Windows Server 2008 R2

25. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
dnscmd
Set-ADServiceAccount cmdlet
Include a server that runs Microsoft Office SharePoint Server 2010

26. An AD LDS instance needs to be replicated from one server to another...
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Service user account for AD LDS
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

27. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Install From Media IFM
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Create a Network Load Balancing cluster.

28. to increase the reliability of the print server - configure...
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Printer driver isolation
Windows Deployment Services (WDS)
Dsmgmt

29. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Dsmgmt
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

30. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Then install new Server 2008 R2 Enterprise subordinate CA.
Ntdsutil
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

31. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Configure RODC for Administrator Role Separation
Disable Site Link Bridging from IP Properties
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Implement one LUN for the quorum and another LUN for the data

32. To allow a specifc user or group to manage the address information for the user accounts...
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Create a Network Load Balancing cluster.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Recommend Active Directory delegation

33. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
An Active Directory subnet object needs to be created.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Incoming external trust

34. To identify users who bypass the new corporate security policy -
Configure Audit Special Logon and define Special Groups
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Storage manager for SANs
NOT be able to store that data on an iSCSI SAN

35. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Storage manager for SANs
Create an e-mail account in AD DS for your RMS users.
Deploy the Root CA certificate to the external computers.
Dsmgmt

36. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Deploy a failover cluster that uses Node and File Share Disk Majority
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

37. Jack and Jill go up the hill - both with a buck and a quarter
Jill came down with 2.50.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Registry on users computer needs to be modified
Active Directory Users and Computers utility

38. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Utilize IFM (Install From Media)
Domain based Distributed File System (DFS) will reduce network traffic

39. You need to ensure that the guest account on all servers is disabled to
Discover the run Microsoft Baseline Security Analyzer (MBSA)
NOT be able to store that data on an iSCSI SAN
Software Restriction Polices
Properties of PSO need modified

40. In order to ensure highly available Windows Update servers you should create this.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Deploy Microsoft System Center Operations Manager (SCOM)
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Get-ADUser cmdlet

41. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
IIS Chared Configuration
Implement Distributed File System Replication (DFSR) on both servers
Raise the DFL to Windows Server 2008 R2.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

42. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

43. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
AD RMS
Deploy Microsoft System Center Operations Manager (SCOM)
dsa.msc - dsamain.exe - ntdsutil.exe

44. If you want to allow single-label name resolution
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Group Policy Preferences
Then configure GlobalNames zones on each domain controller.
AD RMS

45. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Increase the tombstone lifetime for the forest.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Printer driver isolation

46. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

47. New password settings object (PSO) created and needs to be applied to user
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Dsmgmt
Modify the GPO to include folder redirection
Properties of PSO need modified

48. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Add the user to the Domain Admins global group
Subnet object needs to be created
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.

49. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Passive file screens
Create a standard secondary of domain and create standard secondary of other domain.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

50. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Then configure auto enrollment of certificates and Credential Roaming.
Microsoft Desktop Optimization Pack (MDOP) to your company
Properties of PSO need modified
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)