Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Install and share a printer on a server and then enable printer pooling.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

2. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Upgrading DFS to Windows Server 2008 R2
Offline domain join
Microsoft Application Virtualization (AppV)
Domain based DFS namespace and configure a DFS replication group

3. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Backup operator's domain local group
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

4. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Raise the DFL to Windows Server 2008 R2.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Add the user to the Domain Admins global group
AD RMS

5. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Site

6. If you need to be able to create shared folders on Server 2008 R2
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Ntdsutil
Ensure your account - or the group is a member of the local Administrators group for that specific server.
FFL Windows Server 2008 R2

7. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Deploy it by using Group Policy Software Installation method
Dsmgmt
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

8. Enables you to receive emails when domain users locked out of accounts...
Assign the application to computers in the PC OU
Create and deploy a logon script that runs Auditpol.
Event Viewer
View properties of %systemroot%ntdsntds.dit

9. To compact AD database...
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
FILES option within Ntdsutil
Get-ADUser cmdlet

10. You need to deploy a sales application that only the sales users must have access to
Implement Windows BitLocker Drive Encryption (BitLocker)
Deploy a GPO for the Sales OU
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Implement a GPO for each domain

11. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
DISABLE slow link detection in the GPO
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
djoin /requesteodj from internal server - djoin /provision from outside server/PC

12. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Then configure auto enrollment of certificates and Credential Roaming.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

13. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Modify zone transfer settings for company.com zone on DCA
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

14. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Configure caching on the shared folder (offline files)
Create a Central Store
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

15. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Implement Network Access Protection (NAP)
Backup operator's domain local group
Implement a domain-based DFS namespace that uses replication

16. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Configure authorization rules for Web developers on each web server
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

17. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Create a new Password Settings Object (PSO) for the IT users.
Install and share a printer on a server and then enable printer pooling.
Raise the DFL to Windows Server 2008 R2.

18. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Group Policy Preferences
Authorization Manager role assignment
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Domain based DFS namespace and configure a DFS replication group

19. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Then use Windows Deployment Services (WDS) on DHCP1.
Perform an authoritative restore
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Deploy a failover cluster that contains one node in each office.

20. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Authorization Manager
net stop ntds
Domain based Distributed File System (DFS) namespace and DFS Replication.

21. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Disable Site Link Bridging from IP Properties
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

22. To ensure that a file on a file server do not leave the organization you must implement this.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
AD RMS
Windows System Resource Manager (WSRM)
Enable Credential Roaming

23. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Configure block inheritance on the IT OU
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Autonomous mode...This allows the local administrator to approve their own updates.
Basic Authentication and SSL

24. When one needs to audit files - folders - printers and the registry enable
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Then configure GlobalNames zones on each domain controller.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

25. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Active Directory Users and Computers
Include a server that runs Microsoft Office SharePoint Server 2010
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
FFL Windows Server 2008 R2

26. What should be done to ensure changes made to AD objects can be logged?
Offline domain join
Implement Shadow Copies
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Creating a data collector set that kick off a scritp that either move or delete files.

27. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Recommend Offline Files
Active Directory Domains and Trusts
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

28. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Configure folder redirection
Storage manager for SANs
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Utilize IFM (Install From Media)

29. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Registry on users computer needs to be modified
Include a server that runs Microsoft Office SharePoint Server 2010
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Run the Delegation of Control Wizard on the Staff OU

30. Can be used to install the Windows RE on existing servers
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Additional DFS Targets
WDS
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

31. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Implement Distributed File System Replication (DFSR) on both servers
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Administrative Role Separation
Raise the DFL to Windows Server 2008 R2.

32. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

33. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Configure authorization rules for Web developers on each web server
Install the RSAT tool on their workstation to provide for more efficient network management
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Dfsrdiag

34. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Winrm quickconfig
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

35. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Configure an audit policy by editing the default domain policy and configure Event Forwarding
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Use CISCO IP Helper command to configure.

36. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
FILES option within Ntdsutil
Create a new Password Settings Object (PSO) for the IT users.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

37. To configure AD FS so tokens contain information from Active Directory domain...
Encrypting File System (EFS). This can be enabled locally or through a GPO.
New ACCOUNT STORE should be added and configured
Refresh the zone on DNS2
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

38. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Microsoft SharePoint Foundation 2010
IIS Chared Configuration
Event Viewer
Multipath I/O feature

39. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Active Directory Users and Computers utility
Microsoft Desktop Optimization Pack (MDOP) to your company
Domain based Distributed File System (DFS) will reduce network traffic

40. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Windows XP Mode
Enable Windows Remote Management (WinRM) on each server.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

41. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
FFL Windows Server 2008 R2
Windows BitLocker Drive Encryption (Bit Locker)

42. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Create and deploy a logon script that runs Auditpol.
Install From Media IFM
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Incoming external trust

43. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

44. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Ntfrsutil
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Modify the local policy to point to the Internal WSUS server

45. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Basic Authentication and SSL
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Back up to an external USB drive by using Windows Server Backup

46. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
WDS
Subnet object needs to be created

47. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Install the RSAT tool on their workstation to provide for more efficient network management
Assign the application to all client computers by using a GPO.

48. When service account passwords need to be changed for SQL they should be...
dnscmd
Event Log Subscriptions
Changed manually
Group Policy Preferences

49. If users complain that it is hard to find the shared folders on the network implement
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Get-ADUser cmdlet
Additional DFS Targets
DISABLE slow link detection in the GPO

50. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management