Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Administrative Role Separation
Basic Authentication and SSL
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Create a standard secondary of domain and create standard secondary of other domain.

2. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
DSMOD - ADUC
Create a new Password Settings Object (PSO) for the IT users.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Use a GPO to configure device installation restrictions

3. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

4. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Network Load Balancing (NLB)
Group Policy Preferences
NOT be able to store that data on an iSCSI SAN
Add the Windows Server Backup feature and Windows System Image recovery.

5. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Deploy the Root CA certificate to the external computers.
Modify the GPO to include folder redirection
Modify the schema of LDSInst1

6. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Configure separate application pools for each application
Create a Network Load Balancing cluster.
Import-Module
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

7. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Event Log Subscriptions
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Implement Windows System Resource Manager (WSRM)
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

8. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Software Restriction Polices
Zone transfer settings
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

9. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Deploy a GPO for the Sales OU
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Test-AppLockerPolicy
Modify the schema of LDSInst1

10. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Share and Storage Management
Implement Distributed File System Replication (DFSR) on both servers
Implement a GPO for each domain

11. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
From Server1 - run the Create Basic Task Wizard
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Repadmin

12. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Then configure GlobalNames zones on each domain controller.
Enable Windows Remote Management (WinRM) on each server.
Increase the tombstone lifetime for the forest.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

13. When service account passwords need to be changed for SQL they should be...
Import-Module
Then use Windows BitLocker Drive Encryption
Repadmin
Changed manually

14. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Domain based Distributed File System (DFS) will reduce network traffic
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

15. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Run the Delegation of Control Wizard on the Staff OU
Install Hyper-V role and convert physical machines into virtual machines
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

16. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Configure folder redirection
Deploy the Root CA certificate to the external computers.
Folder redirection. Folder redirection is also useful when using roamin profiles.

17. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Microsoft Desktop Optimization Pack (MDOP)
Administrators is the minimum group membership required to complete this procedure.

18. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Distributed File System (DFS) Replication
Printer driver isolation
Multipath I/O feature
Run auditpol and then configure the Security settings of the Domain Controllers OU.

19. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Test-AppLockerPolicy
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

20. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Active Directory snapshots and Tombstone reanimation
WSUS server in the branch office in replica mode.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

21. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
FFL Windows Server 2008 R2
Then configure auto enrollment of certificates and Credential Roaming.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

22. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Modify the schema of LDSInst1
Enable Credential Roaming
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

23. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Back up to an external USB drive by using Windows Server Backup
FILES option within Ntdsutil
Implement one LUN for the quorum and another LUN for the data
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

24. To modify several user accounts to a new UPN suffix
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
New ACCOUNT STORE should be added and configured
Active Directory Users and Computers utility

25. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Basic Authentication and SSL

26. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Purchase one additional Enterprise License
Microsoft Desktop Optimization Pack (MDOP)
NOT be able to store that data on an iSCSI SAN
Add the new UPN suffix to the forest.

27. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Use the Local Roles options with dsmgmt.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

28. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Restore-ADObject cmdlet
Configure Audit Special Logon and define Special Groups
Registry on users computer needs to be modified
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

29. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Modify the schema of LDSInst1
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

30. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
net stop ntds
Dsmgmt

31. To backup to tape/robotic tape and to backup VMs you must use...
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Microsoft System Center Data Protection Manager 2010
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Domain based Distributed File System (DFS) will reduce network traffic

32. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Install From Media IFM
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

33. to protect file servers and hard disks that may be at risk of being accessed or stolen
dsa.msc - dsamain.exe - ntdsutil.exe
Dsmgmt
Implement Windows BitLocker Drive Encryption (BitLocker)
Implement Windows System Resource Manager (WSRM)

34. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
From Server1 - run the Create Basic Task Wizard
Dynamically expanding VHD's
Authorization Manager
Jill came down with 2.50.

35. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Windows BitLocker Drive Encryption (Bit Locker)
Dsmgmt
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

36. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Windows XP Mode
Network Load Balancing (NLB)
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Implement Network Access Protection (NAP) that uses 802.1x enforcement

37. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Implement a GPO for each domain
Active Directory Right Management Services (AD RMS)
Certificate Templates
DSMOD - ADUC

38. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Multipath I/O feature
Import-Module

39. To backup GPO's in domain and minimize bakcup...
The Group Policy Management Console
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Then configure auto enrollment of certificates and Credential Roaming.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office

40. To allow a user to administer Active Directory
dnscmd tool
Add the user to the Domain Admins global group
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Configure separate application pools for each application

41. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

42. To add a server with AD FS 2.0 role to an existing AD FS farm...
Run the Delegation of Control Wizard on the Staff OU
Microsoft Desktop Optimization Pack (MDOP) to your company
fsconfig on FSSrv2
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

43. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Microsoft System Center Data Protection Manager 2010
Configure Firewall Group Policies and link them at the Domain level
Test-AppLockerPolicy
Use the Local Roles options with dsmgmt.

44. To allow a specifc user or group to manage the address information for the user accounts...
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Recommend Active Directory delegation
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

45. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Event Viewer
Create an Active Directory-Integrated zone.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Discover the run Microsoft Baseline Security Analyzer (MBSA)

46. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

47. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Prestage the computer account in AD
Active Directory Domains and Trusts
Group Policy Preferences
Distributed File System (DFS) Replication

48. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Registry on users computer needs to be modified
802.1.x NAP
IIS Manager user account

49. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Your machine and remote desktops
Configure caching on the shared folder (offline files)
Configure Firewall Group Policies and link them at the Domain level
Implement File Server Resource Manager (FSRM) quotas on the desired servers

50. What should be done so application does not fail after 30 days while still keeping password policy in mind?
PDC emulator with w32tm.exe
Set-ADServiceAccount cmdlet
Modify zone transfer settings for company.com zone on DCA
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.