Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. GPO setting to prevent all users from running an application
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Software Restriction Polices
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

2. To identify users who bypass the new corporate security policy -
Configure Audit Special Logon and define Special Groups
Enable Windows Remote Management (WinRM) on each server.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Windows System Resource Manager (WSRM)

3. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Windows System Resource Manager (WSRM)
Implement Windows BitLocker Drive Encryption (BitLocker)
Active Directory Users and Computers

4. To backup to tape/robotic tape and to backup VMs you must use...
New ACCOUNT STORE should be added and configured
Microsoft System Center Data Protection Manager 2010
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

5. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Enable Credential Roaming
Create a standard secondary of domain and create standard secondary of other domain.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

6. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

7. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Ntfrsutil
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

8. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Then use on install image file that contains a single install image.
Ldp
Folder redirection. Folder redirection is also useful when using roamin profiles.
Add-ADFineGrainedPasswordPolicySubject cmdlet

9. Need to ensure users receive updated template within five days...
fsconfig on FSSrv2
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
View properties of %systemroot%ntdsntds.dit
Registry on users computer needs to be modified

10. 4 steps to perform offline Defragmentation of AD database...
dnscmd tool
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Data Recovery Agent
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

11. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Windows Deployment Services (WDS)
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Role Separation

12. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
fsconfig on FSSrv2
Configure the zone as an Activde Directory-Integrated zone.

13. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Share and Storage Management
Implement one LUN for the quorum and another LUN for the data
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Create an e-mail account in AD DS for your RMS users.

14. You need to deploy a sales application that only the sales users must have access to
Group Policy Preferences
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Deploy a GPO for the Sales OU
FILES option within Ntdsutil

15. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Refresh the zone on DNS2
Dfsrdiag
Authorization Manager role assignment

16. To configure Administrator Role Separation for an RODC
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Administrative Role Separation
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

17. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Configure Audit Special Logon and define Special Groups
Active Directory Domains and Trusts

18. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Distributed File System (DFS) Replication
ntdsutil
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

19. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Modify zone transfer settings for company.com zone on DCA
Raise the DFL to Windows Server 2008 R2.

20. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Install Windows Server Backup and modify the Windows firewall settings
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

21. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Implement the Windows Search Service.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

22. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Dynamically expanding VHD's
File Server Resource Manager (FSRM) quotas and file screens
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

23. If you want to allow single-label name resolution
Modify properties of RODC server computer account.
AD Rights Management Services
Assign the application to all client computers by using a GPO.
Then configure GlobalNames zones on each domain controller.

24. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Add the new UPN suffix to the forest.
dnscmd
Then use Windows Deployment Services (WDS) on DHCP1.
Create a Network Load Balancing cluster.

25. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Enable Windows Remote Management (WinRM) on the servers.
Refresh the zone on DNS2
Enable - ADoptionalFeature cmdlet

26. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
NOT be able to store that data on an iSCSI SAN

27. To defragment and AD database...
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
net stop ntds
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
New ACCOUNT STORE should be added and configured

28. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

29. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Refresh the zone on DNS2
Implement a Remote Desktop Connection Broker (RD Connection Broker)
A relying party trust should be created.

30. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Install From Media IFM
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Install the RSAT tool on their workstation to provide for more efficient network management

31. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Increase the tombstone lifetime for the forest.
Site

32. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
WSUS server in the branch office in replica mode.
Configure authorization rules for Web developers on each web server

33. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Install Hyper-V role and convert physical machines into virtual machines
From Server A - run Create Basic Task Wizard
Microsoft System Center Data Protection Manager
Create a Central Store

34. To be able to user an application from one AD FS with authentication server to another...
Install Windows Server Backup and modify the Windows firewall settings
A relying party trust should be created.
ntdsutil
Deploy a GPO for the Sales OU

35. To allow a user to administer Active Directory
Add the user to the Domain Admins global group
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
A Distributed File System (DFS) namespace

36. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
AD Rights Management Services
Zone transfer settings
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

37. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Active Directory Right Management Services (AD RMS)
Multipath I/O feature
Increase the tombstone lifetime for the forest.
Modify the local policy to point to the Internal WSUS server

38. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

39. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Ntdsutil
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Perform an authoritative restore
Configure RODC for Administrator Role Separation

40. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Enable Windows Remote Management (WinRM) on each server.
Dynamically expanding VHD's
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Enable - ADoptionalFeature cmdlet

41. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
802.1.x NAP
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Implement Shadow Copies
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

42. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Software Restriction Polices
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Dfsrdiag
Jill came down with 2.50.

43. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Execute the Set-ADServiceAccount cmdlet
Enable - ADoptionalFeature cmdlet
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

44. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add George to the Domain Admins group.
Incoming external trust
WSUS server in the branch office in replica mode.
FFL Windows Server 2008 R2

45. What shold be done to configure AD RMS so users can protect their data?
Dsmgmt
Create an e-mail account in AD DS for your RMS users
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Authorization Manager

46. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

47. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Implement Distributed File System Replication (DFSR) on both servers
Create a MEDV workspace
Domain based Distributed File System (DFS) will reduce network traffic
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.

48. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Execute the Set-ADServiceAccount cmdlet
Incoming external trust
Microsoft Application Virtualization (AppV)

49. You need a solution that meets policy while minimizing hardware and software costs
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Create a new Password Settings Object (PSO) for the IT users.
Deploy a GPO for the Sales OU
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

50. To restore previous version of script without taking up too much of time...
Test-AppLockerPolicy
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Attach VHD file created by Windows server backup
Then use Windows BitLocker Drive Encryption