Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Deploy Microsoft System Center Operations Manager (SCOM)
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

2. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Deploy a failover cluster that uses Node and File Share Disk Majority
Assign the application to computers in the PC OU
Use the Local Roles options with dsmgmt.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

3. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Dynamically expanding VHD's
Then install new Server 2008 R2 Enterprise subordinate CA.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

4. If you need to allow an external partner's computer to access internal network resources by using SSTP
Jill came down with 2.50.
Implement Windows System Resource Manager (WSRM)
An Active Directory subnet object needs to be created.
Deploy the Root CA certificate to the external computers.

5. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Disable Site Link Bridging from the IP properties
From Server1 - run the Create Basic Task Wizard
Create ADMX and ADML files. Configure the GPO and link it to the domain.
dnscmd

6. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Configure RODC for Administrator Role Separation
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Disable Site Link Bridging from the IP properties
Repadmin

7. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Run adprep /forestprep and adprep /domainprep
Include a server that runs Microsoft Office SharePoint Server 2010
Windows XP Mode

8. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Event Log Subscriptions

9. To be able to user an application from one AD FS with authentication server to another...
WSUS server in the branch office in replica mode.
AD Rights Management Services
A relying party trust should be created.
Active Directory Domains and Trusts

10. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Modify the local policy to point to the Internal WSUS server

11. What shold be done to configure AD RMS so users can protect their data?
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Create an e-mail account in AD DS for your RMS users
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Incoming external trust

12. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Increase the tombstone lifetime for the forest.
dnscmd
Deploy the Root CA certificate to the external computers.
Enable Credential Roaming

13. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Import-Module
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Modify the schema of LDSInst1
Utilize IFM (Install From Media)

14. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Incoming external trust
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Repadmin
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

15. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

16. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Disable Site Link Bridging from IP Properties
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Group Policy Preferences

17. Auditing the deletion of Registry keys on all Domain Controllers
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations

18. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
An Active Directory subnet object needs to be created.
DSMOD
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
IIS Manager user account

19. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
MEDV to deploy virtual desktops
Ntfrsutil
Set-ADServiceAccount cmdlet

20. If you want to implement BitLocker and store recovery informaiton in a central location
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Printer driver isolation

21. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Configure Firewall Group Policies and link them at the Domain level
Dsmgmt
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Windows Deployment Services (WDS)

22. to increase the reliability of the print server - configure...
Implement a GPO for each domain
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Printer driver isolation
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

23. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Implement one LUN for the quorum and another LUN for the data
Creating a data collector set that kick off a scritp that either move or delete files.
Include a server that runs Microsoft Office SharePoint Server 2010
fsconfig on FSSrv2

24. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Configure authorization rules for Web developers on each web server
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Install Hyper-V role and convert physical machines into virtual machines

25. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

26. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Authorization Manager role assignment
PDC emulator with w32tm.exe
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
WDS

27. If users complain that it is hard to find the shared folders on the network implement
Raise the DFL to Windows Server 2008 R2.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
PowerShell 2.0
Additional DFS Targets

28. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
Dfsrdiag
Distributed File System (DFS) Replication
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

29. To join a server/PC outside of the domain to the network...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

30. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Subnet object needs to be created
Run auditpol and then configure the Security settings of the Domain Controllers OU.
WSUS server in the branch office in replica mode.

31. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
WSUS server in the branch office in replica mode.
802.1.x NAP
From Server1 - run the Create Basic Task Wizard

32. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Then configure auto enrollment of certificates and Credential Roaming.
Purchase one additional Enterprise License

33. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Set-ADServiceAccount cmdlet

34. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
IIS Manager user account
Then use Windows BitLocker Drive Encryption

35. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Dynamically expanding VHD's
Configure Firewall Group Policies and link them at the Domain level

36. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Then use Windows Deployment Services (WDS) on DHCP1.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Active Directory Domains and Trusts
Registry on users computer needs to be modified

37. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Disable Site Link Bridging from IP Properties
Perform an authoritative restore
Run adprep /forestprep and adprep /domainprep

38. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Enable Windows Remote Management (WinRM) on each server.
Create an e-mail account in AD DS for your RMS users.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

39. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a GPO to the WebSrvOU
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Deploy a failover cluster that contains one node in each office.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition

40. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
NOT be able to store that data on an iSCSI SAN
Raise the DFL to Windows Server 2008 R2.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
WSUS server in the branch office in replica mode.

41. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Administrative Role Separation
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Create and deploy a logon script that runs Auditpol.

42. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy a failover cluster that uses Node and File Share Disk Majority
Recommend Group Policy preferences
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
The Group Policy Management console

43. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Run adprep /forestprep and adprep /domainprep
Enable - ADoptionalFeature cmdlet
Deploy it by using Group Policy Software Installation method
Add the Windows Server Backup feature and Windows System Image recovery.

44. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Passive file screens
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Assign the application to all client computers by using a GPO.

45. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Then configure auto enrollment of certificates and Credential Roaming.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Then configure GlobalNames zones on each domain controller.

46. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

47. To configure AD FS so tokens contain information from Active Directory domain...
Run the Delegation of Control Wizard on the Staff OU
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
FILES option within Ntdsutil
New ACCOUNT STORE should be added and configured

48. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Configure Firewall Group Policies and link them at the Domain level
Set-ADServiceAccount cmdlet
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Changed manually

49. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
A Distributed File System (DFS) namespace

50. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Include a server that runs Microsoft Office SharePoint Server 2010
NOT be able to store that data on an iSCSI SAN
Assign the application to all client computers by using a GPO.
Administrators is the minimum group membership required to complete this procedure.