Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Implement one LUN for the quorum and another LUN for the data
Set-ADServiceAccount cmdlet
Install Hyper-V role and convert physical machines into virtual machines

2. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Install and share a printer on a server and then enable printer pooling.
Multipath I/O feature
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Test-AppLockerPolicy

3. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Create a new Password Settings Object (PSO) for the IT users.
Network Load Balancing (NLB) cluster

4. Ensure password length for a group set to 12 characters long while others keep password policy
Dsmgmt
Event Viewer
Add-ADFineGrainedPasswordPolicySubject cmdlet
Active Directory Users and Computers utility

5. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Creating a data collector set that kick off a scritp that either move or delete files.
Microsoft Application Virtualization (AppV)

6. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
FFL Windows Server 2008 R2
Network Load Balancing (NLB) cluster
Raise the DFL to Windows Server 2008 R2.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

7. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Windows BitLocker Drive Encryption (Bit Locker)
AD Domains and Trusts

8. To join a server/PC outside of the domain to the network...
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Install the RSAT tool on their workstation to provide for more efficient network management
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

9. 4 steps to perform authoritative restore of a deleted OU...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Utilize IFM (Install From Media)

10. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
From Server A - run Create Basic Task Wizard
From Server1 - run the Create Basic Task Wizard
Ntdsutil
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

11. Can be used to install the Windows RE on existing servers
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Windows Deployment Services (WDS)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
WDS

12. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Run the Delegation of Control Wizard on the Staff OU
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Incoming external trust
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP

13. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Then configure auto enrollment of certificates and Credential Roaming.
Role Separation
Modify properties of RODC server computer account.
Create and deploy a logon script that runs Auditpol.

14. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Jill came down with 2.50.
Implement Distributed File System Replication (DFSR) on both servers
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

15. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Use local roles options within "dsmgmt"
Improve the performance of File Servers
Incoming external trust

16. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Implement folder redirection by using GPO. Then backup the folder redirection target.
MEDV to deploy virtual desktops
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

17. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Windows XP Mode
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

18. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
Zone transfer settings
A Distributed File System (DFS) namespace
Group Policy Preferences
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

19. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Modify zone transfer settings for company.com zone on DCA
DFL needs to be Windows Server 2008
AD Domains and Trusts
Additional DFS Targets

20. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Creating a data collector set that kick off a scritp that either move or delete files.
Install and share a printer on a server and then enable printer pooling.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

21. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Printer driver isolation
Storage manager for SANs
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

22. What utility is used to see what accounts cached on RODC?
Configure caching on the shared folder and configure offline files to use encryption
Software Restriction Polices
Active Directory Users and Computers
Windows Deployment Services (WDS)

23. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Enable Windows Remote Management (WinRM) on each server.

24. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Configure caching on the shared folder and configure offline files to use encryption
Then use Windows Deployment Services (WDS)
Domain based DFS namespace and configure a DFS replication group
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

25. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Deploy Microsoft System Center Operations Manager (SCOM)
dsa.msc - dsamain.exe - ntdsutil.exe
Add George to the Domain Admins group.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

26. If users complain that it is hard to find the shared folders on the network implement
Additional DFS Targets
Basic Authentication and SSL
A Distributed File System (DFS) namespace
Then configure auto enrollment of certificates and Credential Roaming.

27. To make deploying the custom Word dictionary easy
Prestage the computer account in AD
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Then use on install image file that contains a single install image.
Recommend Group Policy preferences

28. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Deploy a GPO to the WebSrvOU
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

29. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Add George to the Domain Admins group.
Administrators is the minimum group membership required to complete this procedure.
Then install new Server 2008 R2 Enterprise subordinate CA.
PDC emulator with w32tm.exe

30. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Service user account for AD LDS
Implement Distributed File System Replication (DFSR) on both servers
Basic Authentication and SSL

31. In order to manage websites without having to logon you can use
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
PowerShell 2.0
Distributed File System (DFS) Replication

32. If you need to ensure that data is protected by BitLocker then you will...
NOT be able to store that data on an iSCSI SAN
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Event Subscriptions

33. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Test-AppLockerPolicy
Run net stop ntds
Network Load Balancing (NLB)

34. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
dnscmd
Network Load Balancing (NLB)
CAPublishGP group should have the Manage CA permission.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication

35. You need to recommend a BitLocker recovery method you should recommend this.
Domain based Distributed File System (DFS) will reduce network traffic
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Data Recovery Agent
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

36. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy the Root CA certificate to the external computers.
Windows System Resource Manager (WSRM)
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

37. 2 ways to relocate user and computer accounts to different OUs
DSMOD - ADUC
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
A relying party trust should be created.

38. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
An Active Directory subnet object needs to be created.
Dsmgmt

39. You need to ensure that the guest account on all servers is disabled to
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Enable Windows Remote Management (WinRM) on each server.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

40. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

41. To add a new UPN for all user accounts...
Configure Firewall Group Policies and link them at the Domain level
Network Load Balancing (NLB) cluster
AD Domains and Trusts
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

42. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Back up to an external USB drive by using Windows Server Backup
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Ntfrsutil
Your machine and remote desktops

43. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Authorization Manager
Windows Server 2003
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

44. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Enable Credential Roaming
Create a Network Load Balancing cluster.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Disable Site Link Bridging from the IP properties

45. To backup GPO's in domain and minimize bakcup...
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
The Group Policy Management Console
802.1.x NAP
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

46. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Improve the performance of File Servers
Configure an audit policy by editing the default domain policy and configure Event Forwarding

47. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Implement a domain-based DFS namespace that uses replication
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
WDS
Configure caching on the shared folder (offline files)

48. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Passive file screens
Event Log Subscriptions

49. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Administrative Role Separation
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Configure event log subscriptions

50. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Implement Windows System Resource Manager (WSRM) and configure user policies