Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Recommend GPT and basic disks
Install the RSAT tool on their workstation to provide for more efficient network management
Purchase one additional Enterprise License
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

2. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Create an Active Directory-Integrated zone.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Domain based Distributed File System (DFS) will reduce network traffic

3. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Windows System Resource Manager (WSRM)
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

4. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Deploy a GPO for the Sales OU
Modify zone transfer settings for company.com zone on DCA
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
AD Rights Management Services

5. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
Dfsrdiag
Disable Site Link Bridging from the IP properties
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

6. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Create a Central Store
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
A relying party trust should be created.

7. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Software Restriction Polices
Windows XP Mode
Run the Delegation of Control Wizard on the Staff OU
PDC emulator with w32tm.exe

8. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Assign the application to computers in the PC OU
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Enable Windows Remote Management (WinRM) on each server.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

9. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
AD Rights Management Services
Add the Windows Server Backup feature and Windows System Image recovery.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

10. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Utilize IFM (Install From Media)
Add the new UPN suffix to the forest.

11. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Additional DFS Targets
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

12. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

13. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Backup operator's domain local group
Microsoft Desktop Optimization Pack (MDOP) to your company
From Server A - run Create Basic Task Wizard

14. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
802.1.x NAP
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Test-AppLockerPolicy

15. To backup to tape/robotic tape and to backup VMs you must use...
Storage manager for SANs
Microsoft System Center Data Protection Manager 2010
Use local roles options within "dsmgmt"
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

16. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
From Server A - run Create Basic Task Wizard
Deploy a GPO to the WebSrvOU

17. Can be used to install the Windows RE on existing servers
DSMOD
WDS
Add-ADFineGrainedPasswordPolicySubject cmdlet
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

18. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Windows System Resource Manager (WSRM)
Dfsrdiag
Execute the Set-ADServiceAccount cmdlet
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

19. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

20. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Modify properties of RODC server computer account.
Event Viewer
From Server1 - run the Create Basic Task Wizard
Create a MEDV workspace

21. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

22. An AD LDS instance needs to be replicated from one server to another...
Windows BitLocker Drive Encryption (Bit Locker)
Implement Windows BitLocker Drive Encryption (BitLocker)
Active Directory Domains and Trusts
Service user account for AD LDS

23. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Create an Active Directory-Integrated zone.
Add the new UPN Suffix to the forest
Network Load Balancing (NLB)

24. When deploying an application using the Group Policy distribution method assign the...
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Winrm quickconfig
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
DISABLE slow link detection in the GPO

25. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Enable Windows Remote Management (WinRM) on the servers.
Run the Delegation of Control Wizard on the Staff OU
Implement a domain-based DFS namespace that uses replication

26. To prevent account password from being cached on RODC server...
Modify properties of RODC server computer account.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Prestage the computer account in AD

27. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Execute the Set-ADServiceAccount cmdlet
Add the user to the Domain Admins global group
Authorization Manager role assignment

28. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Recommend GPT and basic disks
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Then use Windows Deployment Services (WDS) on DHCP1.
Passive file screens

29. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Windows XP Mode
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Autonomous mode...This allows the local administrator to approve their own updates.

30. PowerShell script to create user accounts with passwords from a file called password.csv
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Recommend GPT and basic disks
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

31. to make shares at a remote location available to users you should implement this.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Domain based Distributed File System (DFS) namespace and DFS Replication.
dsa.msc - dsamain.exe - ntdsutil.exe
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

32. You need to deploy a sales application that only the sales users must have access to
Deploy a GPO for the Sales OU
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
DISABLE slow link detection in the GPO
Event Viewer

33. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement Windows System Resource Manager (WSRM) and configure user policies
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Then configure auto enrollment of certificates and Credential Roaming.

34. To restore previous version of script without taking up too much of time...
Install From Media IFM
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
An Active Directory subnet object needs to be created.
Attach VHD file created by Windows server backup

35. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Deploy a GPO for the Sales OU
Implement GPO for all client computers
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Set-ADServiceAccount cmdlet

36. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Test-AppLockerPolicy
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up

37. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Event Subscriptions
FFL Windows Server 2008 R2
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.

38. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Create a standard secondary of domain and create standard secondary of other domain.
Microsoft System Center Data Protection Manager
dnscmd

39. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Implement GPO for all client computers
IIS Manager user account
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.

40. If you want to implement BitLocker and store recovery informaiton in a central location
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Microsoft System Center Data Protection Manager
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

41. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
The Group Policy Management Console
Dynamically expanding VHD's
Incoming external trust
dnscmd tool

42. To configure Administrator Role Separation for an RODC
PowerShell 2.0
Configure block inheritance on the IT OU
Implement a GPO for each domain
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

43. In order to ensure highly available Windows Update servers you should create this.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Increase the tombstone lifetime for the forest.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Network Load Balancing (NLB)

44. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Windows Deployment Services (WDS)
Administrative Role Separation
Use the Local Roles options with dsmgmt.
A relying party trust should be created.

45. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Domain based Distributed File System (DFS) namespace and DFS Replication.
Authorization Manager
Modify the GPO to include folder redirection
Implement Windows BitLocker Drive Encryption (BitLocker)

46. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Test-AppLockerPolicy
Implement a domain-based DFS namespace that uses replication
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

47. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
File Server Resource Manager (FSRM) quotas and file screens
Then configure GlobalNames zones on each domain controller.

48. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Create a MEDV workspace

49. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Create an e-mail account in AD DS for your RMS users.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Dsmgmt
Refresh the zone on DNS2

50. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Purchase one additional Enterprise License
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)