Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Modify the local policy to point to the Internal WSUS server
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

2. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Ntfrsutil
Create a new Password Settings Object (PSO) for the IT users.
Network Load Balancing (NLB) cluster
Zone transfer settings

3. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Create a standard secondary of domain and create standard secondary of other domain.
Event Subscriptions
Then configure auto enrollment of certificates and Credential Roaming.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

4. to make shares at a remote location available to users you should implement this.
Create and deploy a logon script that runs Auditpol.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Install From Media IFM
Domain based Distributed File System (DFS) namespace and DFS Replication.

5. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Windows XP Mode
net stop ntds

6. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Configure RODC for Administrator Role Separation
Properties of PSO need modified
Then install new Server 2008 R2 Enterprise subordinate CA.
Raise the DFL to Windows Server 2008 R2.

7. When service account passwords need to be changed for SQL they should be...
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Zone transfer settings
Changed manually

8. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Install Hyper-V role and convert physical machines into virtual machines
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

9. To configure Administrator Role Separation for an RODC
Then use Windows Deployment Services (WDS) on DHCP1.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Registry on users computer needs to be modified
Winrm quickconfig

10. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Implement one LUN for the quorum and another LUN for the data
Add the new UPN suffix to the forest.
Increase the tombstone lifetime for the forest.

11. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
WSUS server in the branch office in replica mode.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Create and deploy a logon script that runs Auditpol.

12. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Domain based Distributed File System (DFS) namespace and DFS Replication.
Configure Audit Special Logon and define Special Groups
Configure block inheritance on the IT OU
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

13. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Certificate Templates
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

14. To delegate authority to users to manage only certain areas in Hyper-V use the
Prestage the computer account in AD
Disable Site Link Bridging from IP Properties
Recommend GPT and basic disks
Authorization Manager role assignment

15. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Administrative Role Separation
Deploy a failover cluster that uses Node and File Share Disk Majority
Deploy Microsoft System Center Operations Manager (SCOM)
dnscmd

16. If you need to minimize the bandwidth for installation
Utilize IFM (Install From Media)
View properties of %systemroot%ntdsntds.dit
AD RMS
Assign the application to computers in the PC OU

17. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Back up to an external USB drive by using Windows Server Backup
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Upgrading DFS to Windows Server 2008 R2
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

18. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Dfsrdiag
Active Directory Users and Computers

19. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Purchase one additional Enterprise License
Authorization Manager role assignment
Create an Active Directory-Integrated zone.
Active Directory Domains and Trusts

20. You need to recommend a BitLocker recovery method you should recommend this.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Implement one LUN for the quorum and another LUN for the data
Data Recovery Agent
Create an Active Directory-Integrated zone.

21. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition

22. To create AD Domain Services snapshot
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Ntdsutil
From Server1 - run the Create Basic Task Wizard
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up

23. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Incoming external trust
Authorization Manager role assignment
Execute the Set-ADServiceAccount cmdlet
Implement the Windows Search Service.

24. What should be done first to defragment the AD database?
Configure folder redirection
Run net stop ntds
Authorization Manager role assignment
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

25. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Distributed File System (DFS) Replication
Install Hyper-V role and convert physical machines into virtual machines
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

26. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
View properties of %systemroot%ntdsntds.dit
Create a new Password Settings Object (PSO) for the IT users.
Implement Distributed File System Replication (DFSR) on both servers
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

27. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Implement a GPO for each domain
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

28. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Use the Local Roles options with dsmgmt.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Configure block inheritance on the IT OU

29. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
DISABLE slow link detection in the GPO
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Discover the run Microsoft Baseline Security Analyzer (MBSA)

30. To enable the AD Recycle Bin
AD Domains and Trusts
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Enable - ADoptionalFeature cmdlet

31. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Microsoft Desktop Optimization Pack (MDOP) to your company
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Network Load Balancing (NLB) cluster
Jill came down with 2.50.

32. Auditing the deletion of Registry keys on all Domain Controllers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Repadmin
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Enable - ADoptionalFeature cmdlet

33. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

34. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Include a server that runs Microsoft Office SharePoint Server 2010
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Certificate Templates
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.

35. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
New ACCOUNT STORE should be added and configured
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

36. What should be done to ensure changes made to AD objects can be logged?
Modify properties of RODC server computer account.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Modify the schema of LDSInst1

37. To allow connection to a 256 Kbps ISDN...
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
AD RMS
DISABLE slow link detection in the GPO
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

38. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Storage manager for SANs
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

39. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Microsoft Application Virtualization (AppV)
Create a MEDV workspace
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
WSUS server in the branch office in replica mode.

40. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Microsoft Application Virtualization (AppV)
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Disable Site Link Bridging from IP Properties

41. To add a server with AD FS 2.0 role to an existing AD FS farm...
Prestage the computer account in AD
fsconfig on FSSrv2
Deploy a GPO for the Sales OU
Windows BitLocker Drive Encryption (Bit Locker)

42. To determine size of AD database file...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Autonomous mode...This allows the local administrator to approve their own updates.
View properties of %systemroot%ntdsntds.dit
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

43. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Domain based DFS namespace and configure a DFS replication group
From Server A - run Create Basic Task Wizard

44. What role to keep same time as an external server?
Domain based Distributed File System (DFS) namespace and DFS Replication.
PDC emulator with w32tm.exe
Create an e-mail account in AD DS for your RMS users
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up

45. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Deploy Microsoft System Center Operations Manager (SCOM)
Create an Active Directory-Integrated zone.
Software Restriction Polices

46. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Run the Delegation of Control Wizard on the Staff OU
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Configure block inheritance on the IT OU

47. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Service user account for AD LDS
Add the user to the Domain Admins global group
WSUS server in the branch office in replica mode.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

48. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Configure caching on the shared folder (offline files)
Add the user to the Domain Admins global group

49. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Repadmin
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

50. PowerShell script to create user accounts with passwords from a file called password.csv
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Use Netsh tool from administrator's computer.
Administrative Role Separation
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}