Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

2. For the users that work remotely that need access to files from the corporate office you should...
Recommend Offline Files
Run adprep /forestprep and adprep /domainprep
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.

3. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Windows Server 2003
Deploy a GPO to the WebSrvOU
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

4. To compact AD database...
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
FILES option within Ntdsutil
Ntdsutil

5. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

6. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Assign the application to all client computers by using a GPO.
Configure event log subscriptions

7. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Microsoft System Center Data Protection Manager
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

8. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
IIS Manager user account
Test-AppLockerPolicy

9. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
DSMOD
Then install new Server 2008 R2 Enterprise subordinate CA.
Dynamically expanding VHD's

10. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Windows System Resource Manager (WSRM)
Microsoft System Center Data Protection Manager
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Event Subscriptions

11. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Run adprep /forestprep and adprep /domainprep
Windows XP Mode

12. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Service user account for AD LDS
Group Policy Preferences
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Recommend Group Policy preferences

13. GPO setting to prevent all users from running an application
Storage manager for SANs
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Software Restriction Polices
Run adprep /forestprep and adprep /domainprep

14. When one needs to audit files - folders - printers and the registry enable
Create a Network Load Balancing cluster.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
From Server1 - run the Create Basic Task Wizard
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

15. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Modify the schema of LDSInst1
AD Rights Management Services
Windows BitLocker Drive Encryption (Bit Locker)
Create a MEDV workspace

16. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Create and deploy a logon script that runs Auditpol.
Restore-ADObject cmdlet
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

17. To allow a specifc user or group to manage the address information for the user accounts...
Recommend Group Policy preferences
Recommend Active Directory delegation
Configure offline files and enable manual caching
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

18. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Utilize IFM (Install From Media)
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Add-ADFineGrainedPasswordPolicySubject cmdlet
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

19. If a file server reaches 15% free disk space - you could free up some disk space by
Creating a data collector set that kick off a scritp that either move or delete files.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
An Active Directory subnet object needs to be created.

20. If you need to minimize the bandwidth for installation
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Utilize IFM (Install From Media)

21. What GPO setting should be configured to prevent all users from running an application?
Deploy a failover cluster that uses Node and File Share Disk Majority
Zone transfer settings
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Software Restriction Polices

22. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Changed manually
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
IIS Chared Configuration

23. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Configure the zone as an Activde Directory-Integrated zone.
Get-ADUser cmdlet
Then use Windows Deployment Services (WDS)
Configure folder redirection

24. To configure Administrator Role Separation for an RODC
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

25. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

26. If subnets are connected by CISCO router that is RFC-1542 compliant
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Upgrading DFS to Windows Server 2008 R2
Use CISCO IP Helper command to configure.

27. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
Microsoft SharePoint Foundation 2010
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition

28. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Configure Firewall Group Policies and link them at the Domain level
Disable Site Link Bridging from IP Properties

29. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Assign the application to computers in the PC OU
Data Recovery Agent
Multipath I/O feature

30. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Event Subscriptions
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Install and share a printer on a server and then enable printer pooling.
Incoming external trust

31. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Increase the tombstone lifetime for the forest.
Upgrading DFS to Windows Server 2008 R2

32. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Microsoft Desktop Optimization Pack (MDOP)
Assign the application to computers in the PC OU
Implement GPO for all client computers
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

33. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Implement Windows System Resource Manager (WSRM)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

34. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Domain based Distributed File System (DFS) namespace and DFS Replication.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Raise the DFL to Windows Server 2008 R2.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.

35. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Create an e-mail account in AD DS for your RMS users
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Basic Authentication and SSL

36. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Implement Windows BitLocker Drive Encryption (BitLocker)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Then configure auto enrollment of certificates and Credential Roaming.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

37. To determine size of AD database file...
Zone transfer settings
Jill came down with 2.50.
PowerShell 2.0
View properties of %systemroot%ntdsntds.dit

38. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Dsmgmt
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Run the Delegation of Control Wizard on the Staff OU
Ldp

39. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Implement a GPO for each domain
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
AD Domains and Trusts
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

40. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Deploy a GPO to the WebSrvOU
Use the Local Roles options with dsmgmt.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

41. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Backup operator's domain local group
Refresh the zone on DNS2
Dfsrdiag
Winrm quickconfig

42. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
dsa.msc - dsamain.exe - ntdsutil.exe
FFL Windows Server 2008 R2
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Refresh the zone on DNS2

43. To delegate authority to users to manage only certain areas in Hyper-V use the
Authorization Manager role assignment
Active Directory Users and Computers
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
MEDV to deploy virtual desktops

44. You need to recommend a BitLocker recovery method you should recommend this.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Active Directory snapshots and Tombstone reanimation
Data Recovery Agent
Administrative Role Separation

45. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Run adprep /forestprep and adprep /domainprep
Use a GPO to configure device installation restrictions
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
AD Rights Management Services

46. When service account passwords need to be changed for SQL they should be...
Changed manually
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Administrators is the minimum group membership required to complete this procedure.
Then configure GlobalNames zones on each domain controller.

47. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Registry on users computer needs to be modified
Microsoft Application Virtualization (AppV)
Windows XP Mode
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

48. To allow connection to a 256 Kbps ISDN...
Windows Deployment Services (WDS)
DISABLE slow link detection in the GPO
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Prestage the computer account in AD

49. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Test-AppLockerPolicy
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Utilize IFM (Install From Media)
Upgrading DFS to Windows Server 2008 R2

50. What shold be done to configure AD RMS so users can protect their data?
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Create an e-mail account in AD DS for your RMS users
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.