Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
From Server A - run Create Basic Task Wizard
AD Rights Management Services

2. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Then use on install image file that contains a single install image.

3. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Import-Module
WDS
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Configure caching on the shared folder and configure offline files to use encryption

4. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Create a Network Load Balancing cluster.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

5. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Repadmin
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
FFL Windows Server 2008 R2
Dsmgmt

6. The Computer Management snap-in allows you to create shares both on...
Assign the application to computers in the PC OU
Implement a domain-based DFS namespace that uses replication
Your machine and remote desktops
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

7. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Install the RSAT tool on their workstation to provide for more efficient network management
Authorization Manager
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Properties of PSO need modified

8. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Recommend Group Policy preferences
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install and share a printer on a server and then enable printer pooling.
Changed manually

9. to increase the reliability of the print server - configure...
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Additional DFS Targets
Printer driver isolation
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

10. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Then configure GlobalNames zones on each domain controller.
Modify the GPO to include folder redirection
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

11. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Test-AppLockerPolicy
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Attach VHD file created by Windows server backup

12. You need to ensure that the guest account on all servers is disabled to
DISABLE slow link detection in the GPO
Utilize IFM (Install From Media)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
dsa.msc - dsamain.exe - ntdsutil.exe

13. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Run adprep /forestprep and adprep /domainprep
Microsoft System Center Data Protection Manager
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Import-Module

14. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Create an e-mail account in AD DS for your RMS users.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Perform an authoritative restore
Install Hyper-V role and convert physical machines into virtual machines

15. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Run the Delegation of Control Wizard on the Staff OU
Modify the schema of LDSInst1
The Group Policy Management Console
CAPublishGP group should have the Manage CA permission.

16. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
dnscmd tool
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

17. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
FFL Windows Server 2008 R2
Active Directory snapshots and Tombstone reanimation
Create an e-mail account in AD DS for your RMS users
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

18. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Test-AppLockerPolicy
MEDV to deploy virtual desktops
dnscmd tool
Microsoft System Center Data Protection Manager

19. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Software Restriction Polices
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Incoming external trust

20. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Implement a Remote Desktop Connection Broker (RD Connection Broker)

21. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Ntfrsutil
dnscmd tool
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Multipath I/O feature

22. If you need to minimize the bandwidth for installation
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Utilize IFM (Install From Media)
Event Log Subscriptions
Disable Site Link Bridging from the IP properties

23. The strongest form of NAP is
Deploy Microsoft System Center Operations Manager (SCOM)
dsa.msc - dsamain.exe - ntdsutil.exe
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

24. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
fsconfig on FSSrv2
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Certificate Templates
FILES option within Ntdsutil

25. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
MEDV to deploy virtual desktops
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Incoming external trust
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

26. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Create a MEDV workspace
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

27. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Repadmin
Site
Create an e-mail account in AD DS for your RMS users.
Active Directory Users and Computers

28. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Dsmgmt
Modify zone transfer settings for company.com zone on DCA
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

29. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Raise the DFL to Windows Server 2008 R2.
Then use Windows Deployment Services (WDS)
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Configure block inheritance on the IT OU

30. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Domain based DFS namespace and configure a DFS replication group
Autonomous mode...This allows the local administrator to approve their own updates.
Deploy the Root CA certificate to the external computers.

31. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Modify properties of RODC server computer account.
Windows XP Mode
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Then use Windows Deployment Services (WDS) on DHCP1.

32. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

33. You need to deploy a sales application that only the sales users must have access to
Modify the schema of LDSInst1
Use a GPO to configure device installation restrictions
Deploy a GPO for the Sales OU
Repadmin

34. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Get-ADUser cmdlet
Ldp
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Implement GPO for all client computers

35. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
New ACCOUNT STORE should be added and configured
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Changed manually

36. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Changed manually
Additional DFS Targets
IIS Manager user account

37. What GPO setting should be configured to prevent all users from running an application?
Folder redirection. Folder redirection is also useful when using roamin profiles.
Modify zone transfer settings for company.com zone on DCA
Software Restriction Polices
Improve the performance of File Servers

38. To be able to user an application from one AD FS with authentication server to another...
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Prestage the computer account in AD
A relying party trust should be created.

39. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Use a GPO to configure device installation restrictions
Enable Windows Remote Management (WinRM) on each server.

40. FFL is...
Win2000
Restore-ADObject cmdlet
New ACCOUNT STORE should be added and configured
Passive file screens

41. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
Windows XP Mode
Upgrading DFS to Windows Server 2008 R2
Attach VHD file created by Windows server backup

42. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Configure caching on the shared folder and configure offline files to use encryption
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
dsa.msc - dsamain.exe - ntdsutil.exe

43. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Share and Storage Management
FFL Windows Server 2008 R2
Run adprep /forestprep and adprep /domainprep

44. To create AD Domain Services snapshot
Ntdsutil
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Test-AppLockerPolicy
Domain based Distributed File System (DFS) will reduce network traffic

45. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

46. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Deploy it by using Group Policy Software Installation method
Properties of PSO need modified
FFL Windows Server 2008 R2
Configure authorization rules for Web developers on each web server

47. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
dnscmd tool
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Implement Windows System Resource Manager (WSRM) and configure user policies
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

48. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Modify the local policy to point to the Internal WSUS server
Your machine and remote desktops
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

49. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Winrm quickconfig
Storage manager for SANs
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
DSMOD - ADUC

50. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Implement Distributed File System Replication (DFSR) on both servers
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Offline domain join
Implement folder redirection by using GPO. Then backup the folder redirection target.