Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Incoming external trust
Deploy a GPO to the WebSrvOU
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.

2. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Perform an authoritative restore
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Microsoft Application Virtualization (AppV)

3. If you need to ensure that data is protected by BitLocker then you will...
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Multipath I/O feature
net stop ntds
NOT be able to store that data on an iSCSI SAN

4. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
New ACCOUNT STORE should be added and configured
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Configure Firewall Group Policies and link them at the Domain level

5. To ensure that a file on a file server do not leave the organization you must implement this.
Role Separation
Ldp
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
AD RMS

6. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Properties of PSO need modified
Subnet object needs to be created
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

7. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Implement one LUN for the quorum and another LUN for the data
Passive file screens
Create an e-mail account in AD DS for your RMS users
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

8. Ensure password length for a group set to 12 characters long while others keep password policy
Install and share a printer on a server and then enable printer pooling.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Create ADMX and ADML files. Configure the GPO and link it to the domain.

9. To defragment and AD database...
Certificate Templates
net stop ntds
An Active Directory subnet object needs to be created.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

10. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Recommend Offline Files
Software Restriction Polices

11. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Active Directory Users and Computers utility
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Multipath I/O feature

12. In order to ensure highly available Windows Update servers you should create this.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Certificate Templates
Modify the local policy to point to the Internal WSUS server
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.

13. When recommending a monitoring solution for an application so that it's events can be stored in a central
Implement Windows System Resource Manager (WSRM)
Event Subscriptions
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

14. To enable the AD Recycle Bin
From Server A - run Create Basic Task Wizard
Active Directory snapshots and Tombstone reanimation
Add the user to the Domain Admins global group
Enable - ADoptionalFeature cmdlet

15. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Disable Site Link Bridging from IP Properties

16. To compact AD database...
FILES option within Ntdsutil
Implement one LUN for the quorum and another LUN for the data
Enable Windows Remote Management (WinRM) on the servers.
Implement Shadow Copies

17. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Install Windows Server Backup and modify the Windows firewall settings
Deploy a failover cluster that contains one node in each office.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

18. To replicate SYSVOL using Distributed File System Replication (DFSR)...
IIS Chared Configuration
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Enable Credential Roaming
DFL needs to be Windows Server 2008

19. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Use the Local Roles options with dsmgmt.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Refresh the zone on DNS2

20. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Dfsrdiag
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Active Directory Users and Computers

21. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Perform an authoritative restore

22. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Deploy a failover cluster that contains one node in each office.
Repadmin
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
FFL Windows Server 2008 R2

23. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Authorization Manager
Add the Windows Server Backup feature and Windows System Image recovery.
Configure Firewall Group Policies and link them at the Domain level

24. To ensure that recovery is possible if a file on a file server is deleted accidentally
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Implement Shadow Copies
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

25. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement Windows BitLocker Drive Encryption (BitLocker)
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Execute the Set-ADServiceAccount cmdlet

26. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
802.1.x NAP
Implement one LUN for the quorum and another LUN for the data
MEDV to deploy virtual desktops
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

27. PowerShell script to create user accounts with passwords from a file called password.csv
Add the user to the Domain Admins global group
Disable Site Link Bridging from the IP properties
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Incoming external trust

28. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Enable Windows Remote Management (WinRM) on each server.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

29. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Microsoft Desktop Optimization Pack (MDOP) to your company
Dfsrdiag
Create a new Password Settings Object (PSO) for the IT users.
Modify the local policy to point to the Internal WSUS server

30. To allow connection to a 256 Kbps ISDN...
DISABLE slow link detection in the GPO
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Active Directory snapshots and Tombstone reanimation
Site

31. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Changed manually
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

32. You need to deploy a sales application that only the sales users must have access to
Deploy a GPO for the Sales OU
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

33. to protect file servers and hard disks that may be at risk of being accessed or stolen
Implement Windows BitLocker Drive Encryption (BitLocker)
IIS Manager user account
Implement a domain-based DFS namespace that uses replication
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

34. FFL is...
Win2000
Recommend Active Directory delegation
Network Load Balancing (NLB)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

35. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Implement GPO for all client computers
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

36. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
From Server1 - run the Create Basic Task Wizard
Create a standard secondary of domain and create standard secondary of other domain.
Refresh the zone on DNS2

37. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Modify the local policy to point to the Internal WSUS server

38. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Then use Windows Deployment Services (WDS)
Event Log Subscriptions
dnscmd
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

39. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
DSMOD - ADUC
Then use Windows Deployment Services (WDS)
Then use on install image file that contains a single install image.

40. You need to ensure that the guest account on all servers is disabled to
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Import-Module

41. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Purchase one additional Enterprise License
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Your machine and remote desktops
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

42. 2 ways to relocate user and computer accounts to different OUs
Microsoft System Center Data Protection Manager
DSMOD - ADUC
Implement Distributed File System Replication (DFSR) on both servers
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

43. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

44. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Use Netsh tool from administrator's computer.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
The Group Policy Management Console

45. If you need to minimize the bandwidth for installation
Data Recovery Agent
Recommend Offline Files
Utilize IFM (Install From Media)
The Group Policy Management console

46. To backup Virtual Machines
Event Subscriptions
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

47. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Recommend Group Policy preferences
Windows BitLocker Drive Encryption (Bit Locker)
Purchase one additional Enterprise License
Set-ADServiceAccount cmdlet

48. To minimize the amount of storage required you should recommend
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Share and Storage Management
Discover the run Microsoft Baseline Security Analyzer (MBSA)

49. To identify users who bypass the new corporate security policy -
Active Directory Users and Computers utility
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Configure Audit Special Logon and define Special Groups
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

50. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Service user account for AD LDS
Passive file screens
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Disable Site Link Bridging from the IP properties