Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Ntdsutil
Modify zone transfer settings for company.com zone on DCA
IIS Manager user account

2. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Implement Windows System Resource Manager (WSRM) and configure user policies
Microsoft Desktop Optimization Pack (MDOP) to your company
FFL Windows Server 2008 R2
Recommend Group Policy preferences

3. To create and additional AD LDS applicaiton directory partition in existing instance...
Microsoft Application Virtualization (AppV)
Printer driver isolation
Ldp
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.

4. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Certificate Templates
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Share and Storage Management

5. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Then install new Server 2008 R2 Enterprise subordinate CA.
Configure caching on the shared folder (offline files)
Deploy Microsoft System Center Operations Manager (SCOM)
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

6. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Add the user to the Domain Admins global group
Folder redirection. Folder redirection is also useful when using roamin profiles.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

7. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Run auditpol and then configure the Security settings of the Domain Controllers OU.
CAPublishGP group should have the Manage CA permission.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Active Directory Users and Computers

8. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

9. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
AD Domains and Trusts
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Deploy a GPO for the Sales OU
Dfsrdiag

10. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Install the RSAT tool on their workstation to provide for more efficient network management
Then configure GlobalNames zones on each domain controller.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Windows Server 2003

11. What role to keep same time as an external server?
Implement a GPO for each domain
PDC emulator with w32tm.exe
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Encrypting File System (EFS). This can be enabled locally or through a GPO.

12. You need to design your WSUS infrastructure so that updates are highly available. To do so
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Configure event log subscriptions
Your machine and remote desktops
Active Directory snapshots and Tombstone reanimation

13. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Role Separation
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Increase the tombstone lifetime for the forest.
NOT be able to store that data on an iSCSI SAN

14. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
dnscmd
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Use Netsh tool from administrator's computer.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

15. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Modify the GPO to include folder redirection
Configure authorization rules for Web developers on each web server
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

16. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
IIS Chared Configuration
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Implement a domain-based DFS namespace that uses replication

17. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Incoming external trust
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
PowerShell 2.0

18. An AD LDS instance needs to be replicated from one server to another...
Create a Central Store
Modify zone transfer settings for company.com zone on DCA
Service user account for AD LDS
Add-ADFineGrainedPasswordPolicySubject cmdlet

19. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Active Directory Users and Computers
fsconfig on FSSrv2
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Deploy a failover cluster that uses Node and File Share Disk Majority

20. To backup to tape/robotic tape and to backup VMs you must use...
AD RMS
Active Directory Domains and Trusts
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Microsoft System Center Data Protection Manager 2010

21. If you want to implement BitLocker and store recovery informaiton in a central location
Import-Module
Purchase one additional Enterprise License
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Create ADMX and ADML files. Configure the GPO and link it to the domain.

22. To create AD Domain Services snapshot
Perform an authoritative restore
Configure caching on the shared folder and configure offline files to use encryption
Ntdsutil
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

23. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
dnscmd tool
Modify the local policy to point to the Internal WSUS server
Test-AppLockerPolicy

24. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Implement Windows System Resource Manager (WSRM) and configure user policies
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Prestage the computer account in AD
Windows BitLocker Drive Encryption (Bit Locker)

25. To delegate authority to users to manage only certain areas in Hyper-V use the
Authorization Manager role assignment
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Dsmgmt
CAPublishGP group should have the Manage CA permission.

26. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Implement one LUN for the quorum and another LUN for the data
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

27. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Implement a domain-based DFS namespace that uses replication
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Then use on install image file that contains a single install image.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

28. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Configure separate application pools for each application
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

29. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Active Directory Right Management Services (AD RMS)
Incoming external trust
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

30. To update ADRMS password...
AD Rights Management Services
Implement the Windows Search Service.
Import-Module
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

31. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Test-AppLockerPolicy
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

32. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Printer driver isolation
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
A Distributed File System (DFS) namespace

33. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Registry on users computer needs to be modified
Implement folder redirection by using GPO. Then backup the folder redirection target.
From Server1 - run the Create Basic Task Wizard
Event Log Subscriptions

34. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Create and deploy a logon script that runs Auditpol.
Subnet object needs to be created
Modify properties of RODC server computer account.

35. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Microsoft Desktop Optimization Pack (MDOP)
Implement Distributed File System Replication (DFSR) on both servers
Authorization Manager role assignment
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

36. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Implement folder redirection by using GPO. Then backup the folder redirection target.
Import-Module
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Winrm quickconfig

37. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Implement one LUN for the quorum and another LUN for the data
Add the Windows Server Backup feature and Windows System Image recovery.

38. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Use local roles options within "dsmgmt"
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
net stop ntds
Enable Credential Roaming

39. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Create a standard secondary of domain and create standard secondary of other domain.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Windows BitLocker Drive Encryption (Bit Locker)

40. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Active Directory Users and Computers
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
AD Rights Management Services

41. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Use CISCO IP Helper command to configure.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

42. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Implement GPO for all client computers
Configure separate application pools for each application
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
dnscmd tool

43. In order to ensure highly available Windows Update servers you should create this.
Use Netsh tool from administrator's computer.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Include a server that runs Microsoft Office SharePoint Server 2010
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.

44. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
Domain based Distributed File System (DFS) namespace and DFS Replication.
Active Directory Right Management Services (AD RMS)
Windows System Resource Manager (WSRM)

45. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
Create an Active Directory-Integrated zone.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

46. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Install From Media IFM
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Configure caching on the shared folder (offline files)
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

47. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Configure offline files and enable manual caching
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

48. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
A Distributed File System (DFS) namespace
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Improve the performance of File Servers
Administrators is the minimum group membership required to complete this procedure.

49. To identify users who bypass the new corporate security policy -
Install From Media IFM
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Configure Audit Special Logon and define Special Groups

50. What utility is used to see what accounts cached on RODC?
Site
Active Directory Users and Computers
Modify the schema of LDSInst1
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.