Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Your machine and remote desktops
DSMOD
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Domain based DFS namespace and configure a DFS replication group

2. If users complain that it is hard to find the shared folders on the network implement
Add-ADFineGrainedPasswordPolicySubject cmdlet
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Additional DFS Targets
WSUS server in the branch office in replica mode.

3. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Configure caching on the shared folder and configure offline files to use encryption
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Administrative Role Separation

4. When deploying an application using the Group Policy distribution method assign the...
Implement folder redirection by using GPO. Then backup the folder redirection target.
Enable Windows Remote Management (WinRM) on the servers.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

5. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Implement a GPO for each domain
Add the new UPN suffix to the forest.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Then use Windows Deployment Services (WDS)

6. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
DFL needs to be Windows Server 2008
Offline domain join
Encrypting File System (EFS). This can be enabled locally or through a GPO.

7. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Software Restriction Polices
Dsmgmt
Run net stop ntds
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

8. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Enable - ADoptionalFeature cmdlet

9. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Changed manually
Implement one LUN for the quorum and another LUN for the data
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Zone transfer settings

10. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Additional DFS Targets
Authorization Manager
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Install and share a printer on a server and then enable printer pooling.

11. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Multipath I/O feature
Dfsrdiag
DSMOD - ADUC
IIS Chared Configuration

12. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Add George to the Domain Admins group.
Microsoft Desktop Optimization Pack (MDOP)
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Folder redirection. Folder redirection is also useful when using roamin profiles.

13. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Implement the Windows Search Service.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Microsoft SharePoint Foundation 2010

14. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Software Restriction Polices
dsa.msc - dsamain.exe - ntdsutil.exe
Purchase one additional Enterprise License
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

15. To add a new UPN for all user accounts...
AD Domains and Trusts
ntdsutil
Then use Windows BitLocker Drive Encryption
Create a MEDV workspace

16. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
AD Rights Management Services
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Then use on install image file that contains a single install image.
Implement a Remote Desktop Connection Broker (RD Connection Broker)

17. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Recommend GPT and basic disks
Authorization Manager
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

18. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Dynamically expanding VHD's
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

19. What should be done to resolve names by using GlobalNames zone?
dnscmd tool
Jill came down with 2.50.
The Group Policy Management Console
dnscmd

20. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Windows Server 2003
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Implement Windows System Resource Manager (WSRM) and configure user policies
Basic Authentication and SSL

21. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Run adprep /forestprep and adprep /domainprep
Implement Windows BitLocker Drive Encryption (BitLocker)
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Use the Local Roles options with dsmgmt.

22. To add a server with AD FS 2.0 role to an existing AD FS farm...
Deploy Microsoft System Center Operations Manager (SCOM)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
fsconfig on FSSrv2
Run net stop ntds

23. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Back up to an external USB drive by using Windows Server Backup
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

24. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Dynamically expanding VHD's
From Server1 - run the Create Basic Task Wizard
Group Policy Preferences

25. To backup GPO's in domain and minimize bakcup...
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
PDC emulator with w32tm.exe
The Group Policy Management Console

26. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Site
Create a MEDV workspace
Ntfrsutil
FFL Windows Server 2008 R2

27. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

28. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Deploy a GPO to the WebSrvOU
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Utilize IFM (Install From Media)
Then configure auto enrollment of certificates and Credential Roaming.

29. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Assign the application to computers in the PC OU
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Enable Windows Remote Management (WinRM) on each server.
CAPublishGP group should have the Manage CA permission.

30. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Site
Install Hyper-V role and convert physical machines into virtual machines
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Microsoft System Center Data Protection Manager

31. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

32. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Implement the Windows Search Service.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

33. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Configure caching on the shared folder (offline files)
Windows Deployment Services (WDS)

34. Auditing the deletion of Registry keys on all Domain Controllers
Creating a data collector set that kick off a scritp that either move or delete files.
Configure block inheritance on the IT OU
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

35. To minimize the amount of storage required you should recommend
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
A Distributed File System (DFS) namespace
Share and Storage Management

36. If subnets are connected by CISCO router that is RFC-1542 compliant
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Create a MEDV workspace
Create an e-mail account in AD DS for your RMS users.
Use CISCO IP Helper command to configure.

37. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Dfsrdiag

38. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
fsconfig on FSSrv2
Dsmgmt
Install the RSAT tool on their workstation to provide for more efficient network management
Folder redirection. Folder redirection is also useful when using roamin profiles.

39. New Password Policy needs to be created for OU different from domain password policy
Then use Windows Deployment Services (WDS)
Raise the DFL to Windows Server 2008 R2.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

40. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Network Load Balancing (NLB) cluster
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Basic Authentication and SSL
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

41. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

42. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Ldp
Windows Deployment Services (WDS)
Share and Storage Management

43. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Attach VHD file created by Windows server backup
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Winrm quickconfig

44. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Then configure GlobalNames zones on each domain controller.
Domain based DFS namespace and configure a DFS replication group
Test-AppLockerPolicy

45. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Deploy Microsoft System Center Operations Manager (SCOM)
Back up to an external USB drive by using Windows Server Backup
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

46. Tools to view contents of an OU in an AD snapshot...
dsa.msc - dsamain.exe - ntdsutil.exe
Add the user to the Domain Admins global group
Microsoft System Center Data Protection Manager 2010
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

47. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
Implement one LUN for the quorum and another LUN for the data
Create an e-mail account in AD DS for your RMS users
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

48. What role to keep same time as an external server?
DSMOD - ADUC
PDC emulator with w32tm.exe
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Authorization Manager role assignment

49. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Then configure auto enrollment of certificates and Credential Roaming.
CAPublishGP group should have the Manage CA permission.
Autonomous mode...This allows the local administrator to approve their own updates.
Win2000 Native

50. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Attach VHD file created by Windows server backup
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Create a Network Load Balancing cluster.