Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Install the RSAT tool on their workstation to provide for more efficient network management
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Implement the Windows Search Service.

2. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

3. What role to keep same time as an external server?
PDC emulator with w32tm.exe
Execute the Set-ADServiceAccount cmdlet
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

4. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Printer driver isolation
AD Rights Management Services

5. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Increase the tombstone lifetime for the forest.
Use local roles options within "dsmgmt"
Repadmin

6. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Configure an audit policy by editing the default domain policy and configure Event Forwarding

7. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Windows Deployment Services (WDS)
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
fsconfig on FSSrv2
NOT be able to store that data on an iSCSI SAN

8. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Properties of PSO need modified
Windows Server 2003
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Win2000

9. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Import-Module
Dsmgmt
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

10. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
View properties of %systemroot%ntdsntds.dit
Configure event log subscriptions

11. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Win2000
dnscmd
Back up to an external USB drive by using Windows Server Backup
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

12. If you need to minimize the bandwidth for installation
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Utilize IFM (Install From Media)
Then configure auto enrollment of certificates and Credential Roaming.
IIS Chared Configuration

13. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Implement Windows System Resource Manager (WSRM)
Then use Windows Deployment Services (WDS)
Implement Windows BitLocker Drive Encryption (BitLocker)
Microsoft Desktop Optimization Pack (MDOP) to your company

14. When recommending a monitoring solution for an application so that it's events can be stored in a central
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Event Subscriptions
Test-AppLockerPolicy

15. To add a server with AD FS 2.0 role to an existing AD FS farm...
Modify the GPO to include folder redirection
fsconfig on FSSrv2
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

16. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
CAPublishGP group should have the Manage CA permission.
From Server A - run Create Basic Task Wizard
Basic Authentication and SSL

17. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Configure event log subscriptions
Test-AppLockerPolicy

18. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Configure the zone as an Activde Directory-Integrated zone.
Then use Windows BitLocker Drive Encryption
Folder redirection. Folder redirection is also useful when using roamin profiles.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

19. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement a Remote Desktop Connection Broker (RD Connection Broker)
From Server A - run Create Basic Task Wizard
Add the new UPN suffix to the forest.
Implement Windows System Resource Manager (WSRM)

20. To configure AD FS so tokens contain information from Active Directory domain...
AD Rights Management Services
Administrative Role Separation
Distributed File System (DFS) Replication
New ACCOUNT STORE should be added and configured

21. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Dsmgmt
dsa.msc - dsamain.exe - ntdsutil.exe
Recommend Active Directory delegation
Configure the zone as an Activde Directory-Integrated zone.

22. To recover objects deleted from Active Directory you should recommend
Dsmgmt
Event Viewer
Active Directory snapshots and Tombstone reanimation
Registry on users computer needs to be modified

23. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Set-ADServiceAccount cmdlet

24. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Deploy it by using Group Policy Software Installation method

25. 2 ways to relocate user and computer accounts to different OUs
Configure RODC for Administrator Role Separation
DSMOD - ADUC
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Purchase one additional Enterprise License

26. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Create a new Password Settings Object (PSO) for the IT users.
Incoming external trust
Create an e-mail account in AD DS for your RMS users

28. In order to manage websites without having to logon you can use
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
PowerShell 2.0
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

29. The Computer Management snap-in allows you to create shares both on...
Your machine and remote desktops
NOT be able to store that data on an iSCSI SAN
Create and deploy a logon script that runs Auditpol.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

30. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

31. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Printer driver isolation
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office

32. Need to access some resources in another domain that is part of another forest...What trust is created?
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Incoming external trust
Event Viewer
Improve the performance of File Servers

33. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Implement Distributed File System Replication (DFSR) on both servers
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

34. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Deploy Microsoft System Center Operations Manager (SCOM)
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Implement GPO for all client computers

35. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
A Distributed File System (DFS) namespace
Microsoft SharePoint Foundation 2010
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

36. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
WSUS server in the branch office in replica mode.
Create a Network Load Balancing cluster.
Incoming external trust
Share and Storage Management

37. To allow a specifc user or group to manage the address information for the user accounts...
Improve the performance of File Servers
AD Domains and Trusts
Recommend Active Directory delegation
Then configure auto enrollment of certificates and Credential Roaming.

38. You need to allow a user to add a single computer to a domain - without any additional rights...
dnscmd tool
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Role Separation
Prestage the computer account in AD

39. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

40. To ensure that recovery is possible if a file on a file server is deleted accidentally
Administrators is the minimum group membership required to complete this procedure.
Implement Shadow Copies
Deploy the Root CA certificate to the external computers.
Perform an authoritative restore

41. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Assign the application to all client computers by using a GPO.
Active Directory Users and Computers utility

42. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Offline domain join
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

43. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Registry on users computer needs to be modified
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Dynamically expanding VHD's

44. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Deploy a GPO for the Sales OU
Additional DFS Targets
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
From Server A - run Create Basic Task Wizard

45. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Set-ADServiceAccount cmdlet
Raise the DFL to Windows Server 2008 R2.

46. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Install Windows Server Backup and modify the Windows firewall settings
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

47. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
DFL needs to be Windows Server 2008
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
WSUS server in the branch office in replica mode.

48. If subnets are connected by CISCO router that is RFC-1542 compliant
Printer driver isolation
Use CISCO IP Helper command to configure.
Then use Windows BitLocker Drive Encryption
Modify zone transfer settings for company.com zone on DCA

49. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Jill came down with 2.50.
dnscmd tool
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.

50. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Ntfrsutil
Implement Network Access Protection (NAP)
Test-AppLockerPolicy
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.