Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Implement the Windows Search Service.
Use a GPO to configure device installation restrictions

2. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Then use Windows Deployment Services (WDS)
Role Separation
Creating a data collector set that kick off a scritp that either move or delete files.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

3. To minimize the amount of storage required you should recommend
DSMOD - ADUC
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Share and Storage Management
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

4. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Execute the Set-ADServiceAccount cmdlet
CAPublishGP group should have the Manage CA permission.
Install Windows Server Backup and modify the Windows firewall settings
Role Separation

5. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Implement the Windows Search Service.
Offline domain join
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Then use on install image file that contains a single install image.

6. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Add the user to the Domain Admins global group
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Modify the GPO to include folder redirection
Configure block inheritance on the IT OU

7. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Perform an authoritative restore
Windows Deployment Services (WDS)
Implement folder redirection by using GPO. Then backup the folder redirection target.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

8. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Active Directory Users and Computers
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Raise the DFL to Windows Server 2008 R2.

9. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Implement Shadow Copies
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Purchase one additional Enterprise License
Create a new Password Settings Object (PSO) for the IT users.

10. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
Autonomous mode...This allows the local administrator to approve their own updates.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Dfsrdiag

11. Need to ensure users receive updated template within five days...
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Registry on users computer needs to be modified
Create a Network Load Balancing cluster.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

12. If you need to delegate control of server to remote admins group
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Configure RODC for Administrator Role Separation
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Modify the schema of LDSInst1

13. You need a solution that meets policy while minimizing hardware and software costs
Group Policy Preferences
Create a new Password Settings Object (PSO) for the IT users.
Raise the DFL to Windows Server 2008 R2.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

14. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Perform an authoritative restore
Modify the schema of LDSInst1
Create a MEDV workspace
Configure event log subscriptions

15. What GPO setting should be configured to prevent all users from running an application?
Implement Windows System Resource Manager (WSRM)
Software Restriction Polices
Authorization Manager
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

16. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

17. To help restrict access to Windows 7 computer in the event that it gets stolen implement
IIS Manager user account
Install and share a printer on a server and then enable printer pooling.
Windows BitLocker Drive Encryption (Bit Locker)
Configure block inheritance on the IT OU

18. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Active Directory Right Management Services (AD RMS)
Configure the zone as an Activde Directory-Integrated zone.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Run auditpol and then configure the Security settings of the Domain Controllers OU.

19. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
CAPublishGP group should have the Manage CA permission.

20. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Modify zone transfer settings for company.com zone on DCA
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

21. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Recommend GPT and basic disks
Configure block inheritance on the IT OU
Domain based DFS namespace and configure a DFS replication group
Passive file screens

22. to make shares at a remote location available to users you should implement this.
Then use Windows Deployment Services (WDS)
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Domain based Distributed File System (DFS) namespace and DFS Replication.
Configure the zone as an Activde Directory-Integrated zone.

23. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Create a standard secondary of domain and create standard secondary of other domain.
Administrators is the minimum group membership required to complete this procedure.
Printer driver isolation
Folder redirection. Folder redirection is also useful when using roamin profiles.

24. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Use a GPO to configure device installation restrictions
Modify the GPO to include folder redirection
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

25. To enable the AD Recycle Bin
Enable - ADoptionalFeature cmdlet
Implement Windows System Resource Manager (WSRM) and configure user policies
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Install Hyper-V role and convert physical machines into virtual machines

26. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Group Policy Preferences
Create and deploy a logon script that runs Auditpol.
Deploy a failover cluster that uses Node and File Share Disk Majority
Microsoft SharePoint Foundation 2010

27. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
WDS
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Implement Network Access Protection (NAP) that uses 802.1x enforcement

28. If you want to allow single-label name resolution
Dynamically expanding VHD's
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
From Server A - run Create Basic Task Wizard
Then configure GlobalNames zones on each domain controller.

29. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Use CISCO IP Helper command to configure.
Create and deploy a logon script that runs Auditpol.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Install and share a printer on a server and then enable printer pooling.

30. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Install and share a printer on a server and then enable printer pooling.
Implement Windows System Resource Manager (WSRM) and configure user policies
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Upgrading DFS to Windows Server 2008 R2

31. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Run net stop ntds
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Authorization Manager

32. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

33. File that contains the last logon time and custom attributes values for each user in your forest.
Windows XP Mode
Offline domain join
Get-ADUser cmdlet
Create an e-mail account in AD DS for your RMS users

34. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Implement a GPO for each domain
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Domain based Distributed File System (DFS) will reduce network traffic
dsa.msc - dsamain.exe - ntdsutil.exe

35. What should be done to resolve names by using GlobalNames zone?
dnscmd tool
Autonomous mode...This allows the local administrator to approve their own updates.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Add the new UPN suffix to the forest.

36. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
WSUS server in the branch office in replica mode.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Configure event log subscriptions
Passive file screens

37. For the users that work remotely that need access to files from the corporate office you should...
DSMOD
Recommend Offline Files
Deploy the Root CA certificate to the external computers.
Create a Central Store

38. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

39. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure an audit policy by editing the default domain policy and configure Event Forwarding
dnscmd tool
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Use the Local Roles options with dsmgmt.

40. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
Install Windows Server Backup and modify the Windows firewall settings
Administrative Role Separation
Implement Network Access Protection (NAP) that uses 802.1x enforcement

41. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Data Recovery Agent
802.1.x NAP
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

42. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Incoming external trust
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Assign the application to all client computers by using a GPO.
Create an e-mail account in AD DS for your RMS users.

43. To deploy templates across the organization
Configure RODC for Administrator Role Separation
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Create a Network Load Balancing cluster.
Recommend Offline Files

44. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Dfsrdiag
Set-ADServiceAccount cmdlet
Domain based Distributed File System (DFS) namespace and DFS Replication.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

45. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

46. You need to allow a user to add a single computer to a domain - without any additional rights...
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
DFL needs to be Windows Server 2008
Prestage the computer account in AD
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

47. You need to relocate an AD LDS instance from C: Drive to D: Drive
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Raise the DFL to Windows Server 2008 R2.
Implement Windows BitLocker Drive Encryption (BitLocker)
Windows BitLocker Drive Encryption (Bit Locker)

48. If you want to implement BitLocker and store recovery informaiton in a central location
Create an e-mail account in AD DS for your RMS users.
Microsoft SharePoint Foundation 2010
Run adprep /forestprep and adprep /domainprep
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.

49. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Repadmin
Microsoft Desktop Optimization Pack (MDOP)
Then configure auto enrollment of certificates and Credential Roaming.
AD Rights Management Services

50. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Recommend Offline Files
Then use Windows Deployment Services (WDS)
Create a GPO and link the GPO to the domain then configure the GPO to be enforced