Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To add a server with AD FS 2.0 role to an existing AD FS farm...
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
fsconfig on FSSrv2
Active Directory Users and Computers
Distributed File System (DFS) Replication

2. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Ntdsutil
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Add the user to the Domain Admins global group
Subnet object needs to be created

3. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Implement Windows System Resource Manager (WSRM) and configure user policies
Add George to the Domain Admins group.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Deploy a failover cluster that contains one node in each office.

4. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
net stop ntds
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Create a MEDV workspace
Implement Network Access Protection (NAP) that uses 802.1x enforcement

5. New Password Policy needs to be created for OU different from domain password policy
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Use the Local Roles options with dsmgmt.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Implement GPO for all client computers

6. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
File Server Resource Manager (FSRM) quotas and file screens
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Modify the local policy to point to the Internal WSUS server
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

7. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Implement one LUN for the quorum and another LUN for the data
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Domain based Distributed File System (DFS) namespace and DFS Replication.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

8. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Implement Network Access Protection (NAP)
Add-ADFineGrainedPasswordPolicySubject cmdlet
Import-Module
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

9. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
Zone transfer settings
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

10. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Modify zone transfer settings for company.com zone on DCA
Configure Audit Special Logon and define Special Groups

11. FFL is...
Execute the Set-ADServiceAccount cmdlet
Modify properties of RODC server computer account.
Win2000
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

12. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Windows XP Mode

13. Ensure password length for a group set to 12 characters long while others keep password policy
Configure caching on the shared folder and configure offline files to use encryption
Add-ADFineGrainedPasswordPolicySubject cmdlet
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

14. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Ntfrsutil
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
CAPublishGP group should have the Manage CA permission.
FFL Windows Server 2008 R2

15. To ensure that a file on a file server do not leave the organization you must implement this.
AD RMS
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
DFL needs to be Windows Server 2008
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

16. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Restore-ADObject cmdlet
Implement GPO for all client computers

17. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Software Restriction Polices
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

18. If you need to delegate control of server to remote admins group
Configure RODC for Administrator Role Separation
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Assign the application to all client computers by using a GPO.
Assign the application to computers in the PC OU

19. Need to access some resources in another domain that is part of another forest...What trust is created?
Windows Deployment Services (WDS)
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Perform an authoritative restore
Incoming external trust

20. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Configure separate application pools for each application

21. 4 steps to perform authoritative restore of a deleted OU...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Network Load Balancing (NLB)
Deploy Microsoft System Center Operations Manager (SCOM)

22. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Add the user to the Domain Admins global group
WDS
Registry on users computer needs to be modified

23. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Windows Deployment Services (WDS)
Share and Storage Management
fsconfig on FSSrv2
Then use Windows BitLocker Drive Encryption

24. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Storage manager for SANs
Software Restriction Polices
Configure Firewall Group Policies and link them at the Domain level
Execute the Set-ADServiceAccount cmdlet

25. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Then use Windows Deployment Services (WDS)
Create a Central Store
Microsoft Application Virtualization (AppV)
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

26. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Domain based Distributed File System (DFS) namespace and DFS Replication.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
DFL needs to be Windows Server 2008
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

27. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Certificate Templates
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Create a new Password Settings Object (PSO) for the IT users.

28. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

29. To delegate authority to users to manage only certain areas in Hyper-V use the
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Import-Module
Authorization Manager role assignment
Network Load Balancing (NLB) cluster

30. You need to deploy a sales application that only the sales users must have access to
Use local roles options within "dsmgmt"
New ACCOUNT STORE should be added and configured
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Deploy a GPO for the Sales OU

31. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
A Distributed File System (DFS) namespace
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Domain based Distributed File System (DFS) will reduce network traffic
Zone transfer settings

32. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Ldp
Increase the tombstone lifetime for the forest.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

33. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Run the Delegation of Control Wizard on the Staff OU
Recommend Offline Files
Configure the zone as an Activde Directory-Integrated zone.
Distributed File System (DFS) Replication

34. To allow a specifc user or group to manage the address information for the user accounts...
Autonomous mode...This allows the local administrator to approve their own updates.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Recommend Active Directory delegation

35. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Repadmin
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

36. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Get-ADUser cmdlet
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

37. New password settings object (PSO) created and needs to be applied to user
Create an e-mail account in AD DS for your RMS users.
Properties of PSO need modified
Assign the application to all client computers by using a GPO.
Implement the Windows Search Service.

38. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
A Distributed File System (DFS) namespace
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Ldp
Multipath I/O feature

39. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Then configure auto enrollment of certificates and Credential Roaming.
Modify the GPO to include folder redirection
A Distributed File System (DFS) namespace
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

40. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Configure Firewall Group Policies and link them at the Domain level
Implement a GPO for each domain

41. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Recommend Active Directory delegation
Create an e-mail account in AD DS for your RMS users
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Disable Site Link Bridging from the IP properties

42. 4 steps to perform offline Defragmentation of AD database...
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Active Directory Users and Computers
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

43. to increase the reliability of the print server - configure...
Dfsrdiag
Printer driver isolation
New ACCOUNT STORE should be added and configured
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

44. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

45. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Add the new UPN suffix to the forest.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Disable Site Link Bridging from the IP properties
Create an e-mail account in AD DS for your RMS users

46. To determine size of AD database file...
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Microsoft System Center Data Protection Manager
View properties of %systemroot%ntdsntds.dit
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

47. UPN Suffix xxxx.com needs to be available for user accounts...
Ntdsutil
Add the new UPN Suffix to the forest
Enable Credential Roaming
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

48. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Deploy the Root CA certificate to the external computers.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Configure block inheritance on the IT OU
Additional DFS Targets

49. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Install From Media IFM
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Windows Server 2003
Modify zone transfer settings for company.com zone on DCA

50. You need to ensure that the guest account on all servers is disabled to
AD Rights Management Services
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Discover the run Microsoft Baseline Security Analyzer (MBSA)