Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Dynamically expanding VHD's
Enable Windows Remote Management (WinRM) on each server.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Configure caching on the shared folder and configure offline files to use encryption

2. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Network Load Balancing (NLB)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Back up to an external USB drive by using Windows Server Backup

3. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

4. To restore deleted user account from AD Recycle Bin...
fsconfig on FSSrv2
Restore-ADObject cmdlet
Create a new Password Settings Object (PSO) for the IT users.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

5. To join a server/PC outside of the domain to the network...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Additional DFS Targets

6. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Create a standard secondary of domain and create standard secondary of other domain.
Create and deploy a logon script that runs Auditpol.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Multipath I/O feature

7. To modify several user accounts to a new UPN suffix
Active Directory Users and Computers utility
Create a new Password Settings Object (PSO) for the IT users.
Your machine and remote desktops
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.

8. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Printer driver isolation
Microsoft Desktop Optimization Pack (MDOP) to your company
Basic Authentication and SSL

9. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Administrative Role Separation
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Deploy a GPO to the WebSrvOU
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

10. Auditing the deletion of Registry keys on all Domain Controllers
From Server1 - run the Create Basic Task Wizard
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Configure caching on the shared folder and configure offline files to use encryption
MEDV to deploy virtual desktops

11. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Active Directory Right Management Services (AD RMS)
Include a server that runs Microsoft Office SharePoint Server 2010
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

12. You need to design your WSUS infrastructure so that updates are highly available. To do so
Incoming external trust
Network Load Balancing (NLB)
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Implement Network Access Protection (NAP)

13. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Data Recovery Agent
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Deploy it by using Group Policy Software Installation method
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

14. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Implement folder redirection by using GPO. Then backup the folder redirection target.
FFL Windows Server 2008 R2
Run adprep /forestprep and adprep /domainprep
Configure authorization rules for Web developers on each web server

15. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
PowerShell 2.0
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

16. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
802.1.x NAP
Software Restriction Polices
IIS Manager user account
Domain based Distributed File System (DFS) will reduce network traffic

17. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Back up to an external USB drive by using Windows Server Backup
Group Policy Preferences

18. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Certificate Templates
Microsoft System Center Data Protection Manager 2010
Site
Discover the run Microsoft Baseline Security Analyzer (MBSA)

19. If you need to ensure that data is protected by BitLocker then you will...
Upgrading DFS to Windows Server 2008 R2
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure Audit Special Logon and define Special Groups
NOT be able to store that data on an iSCSI SAN

20. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

21. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Perform an authoritative restore
Deploy it by using Group Policy Software Installation method
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Implement Network Access Protection (NAP)

22. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Add the new UPN Suffix to the forest
Share and Storage Management
Assign the application to computers in the PC OU
Autonomous mode...This allows the local administrator to approve their own updates.

23. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
From Server A - run Create Basic Task Wizard
Administrative Role Separation
Additional DFS Targets
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

24. To prevent account password from being cached on RODC server...
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Deploy a GPO to the WebSrvOU
Modify properties of RODC server computer account.
Configure folder redirection

25. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Recommend Offline Files
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Service user account for AD LDS

26. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Network Load Balancing (NLB)

28. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Folder redirection. Folder redirection is also useful when using roamin profiles.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Perform an authoritative restore
Use CISCO IP Helper command to configure.

29. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Utilize IFM (Install From Media)
Windows Deployment Services (WDS)
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

30. FFL is...
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Perform an authoritative restore
Win2000
A Distributed File System (DFS) namespace

31. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Then use Windows Deployment Services (WDS) on DHCP1.
Create an e-mail account in AD DS for your RMS users.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Microsoft SharePoint Foundation 2010

32. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Implement Network Access Protection (NAP)
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Discover the run Microsoft Baseline Security Analyzer (MBSA)

33. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Group Policy Preferences
Backup operator's domain local group

34. PowerShell script to create user accounts with passwords from a file called password.csv
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Administrators is the minimum group membership required to complete this procedure.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Create a Central Store

35. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Windows XP Mode
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Create a Network Load Balancing cluster.
Disable Site Link Bridging from IP Properties

36. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Run adprep /forestprep and adprep /domainprep
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Utilize IFM (Install From Media)
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

37. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Run the Delegation of Control Wizard on the Staff OU
Dsmgmt
Configure folder redirection

38. Tools to view contents of an OU in an AD snapshot...
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
dsa.msc - dsamain.exe - ntdsutil.exe
dnscmd
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

39. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Create an Active Directory-Integrated zone.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

40. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Configure block inheritance on the IT OU
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Repadmin

41. What should be done to resolve names by using GlobalNames zone?
Active Directory Right Management Services (AD RMS)
A Distributed File System (DFS) namespace
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
dnscmd tool

42. If you need to minimize the bandwidth for installation
Utilize IFM (Install From Media)
802.1.x NAP
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Create a new Password Settings Object (PSO) for the IT users.

43. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Create an e-mail account in AD DS for your RMS users.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Disable Site Link Bridging from the IP properties
Incoming external trust

44. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Test-AppLockerPolicy
Install the RSAT tool on their workstation to provide for more efficient network management
File Server Resource Manager (FSRM) quotas and file screens
The Group Policy Management console

45. To be able to user an application from one AD FS with authentication server to another...
Recommend Offline Files
A relying party trust should be created.
Utilize IFM (Install From Media)
Jill came down with 2.50.

46. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Repadmin
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

47. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Zone transfer settings
Multipath I/O feature
Modify the schema of LDSInst1

48. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

49. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Implement Network Access Protection (NAP)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

50. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Microsoft Desktop Optimization Pack (MDOP)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Attach VHD file created by Windows server backup