Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Get-ADUser cmdlet
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

2. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Active Directory Right Management Services (AD RMS)
Incoming external trust
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

3. To allow connection to a 256 Kbps ISDN...
Implement Shadow Copies
Windows System Resource Manager (WSRM)
DISABLE slow link detection in the GPO
Configure separate application pools for each application

4. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Configure the zone as an Activde Directory-Integrated zone.
Create an e-mail account in AD DS for your RMS users

5. In order to ensure highly available Windows Update servers you should create this.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
net stop ntds
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

6. Enables you to receive emails when domain users locked out of accounts...
Implement Shadow Copies
Event Viewer
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
FFL Windows Server 2008 R2

7. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Backup operator's domain local group

8. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Install From Media IFM
Implement a domain-based DFS namespace that uses replication
Jill came down with 2.50.

9. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Microsoft Desktop Optimization Pack (MDOP) to your company
Get-ADUser cmdlet
Configure an audit policy by editing the default domain policy and configure Event Forwarding
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

10. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
MEDV to deploy virtual desktops
Then use Windows Deployment Services (WDS) on DHCP1.
Modify the schema of LDSInst1

11. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Utilize IFM (Install From Media)
Ntfrsutil
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Domain based Distributed File System (DFS) namespace and DFS Replication.

12. 4 steps to perform authoritative restore of a deleted OU...
Recommend Group Policy preferences
DSMOD
Create ADMX and ADML files. Configure the GPO and link it to the domain.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

13. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

14. What should be done to ensure changes made to AD objects can be logged?
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Then use on install image file that contains a single install image.
Add the new UPN Suffix to the forest
Create a Network Load Balancing cluster.

15. To backup Virtual Machines
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
From Server A - run Create Basic Task Wizard
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

16. When one needs to audit files - folders - printers and the registry enable
Run adprep /forestprep and adprep /domainprep
Deploy a GPO for the Sales OU
Configure separate application pools for each application
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

17. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

18. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Modify the schema of LDSInst1
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Then install new Server 2008 R2 Enterprise subordinate CA.

19. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Configure folder redirection
Implement a GPO for each domain
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Windows System Resource Manager (WSRM)

20. What should be done to resolve names by using GlobalNames zone?
Active Directory Domains and Trusts
dnscmd tool
Win2000 Native
Enable - ADoptionalFeature cmdlet

21. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Administrators is the minimum group membership required to complete this procedure.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
AD Rights Management Services
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).

22. To make deploying the custom Word dictionary easy
Certificate Templates
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Upgrading DFS to Windows Server 2008 R2
Recommend Group Policy preferences

23. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement one LUN for the quorum and another LUN for the data
Then use Windows BitLocker Drive Encryption
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

24. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Then use Windows BitLocker Drive Encryption
Modify the schema of LDSInst1
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
dnscmd tool

25. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Enable Windows Remote Management (WinRM) on the servers.
Implement folder redirection by using GPO. Then backup the folder redirection target.
802.1.x NAP

26. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Configure folder redirection
Then configure GlobalNames zones on each domain controller.
Configure authorization rules for Web developers on each web server
Dfsrdiag

27. Jack and Jill go up the hill - both with a buck and a quarter
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Implement one LUN for the quorum and another LUN for the data
Then use Windows BitLocker Drive Encryption
Jill came down with 2.50.

28. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
DFL needs to be Windows Server 2008
FFL Windows Server 2008 R2
Test-AppLockerPolicy
AD Rights Management Services

29. To build a highly secure server cluster with a reduced attack surface area
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

30. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Event Subscriptions
Add the Windows Server Backup feature and Windows System Image recovery.
Configure caching on the shared folder and configure offline files to use encryption
IIS Chared Configuration

31. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Microsoft Desktop Optimization Pack (MDOP)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
dnscmd
net stop ntds

32. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Implement Network Access Protection (NAP) that uses 802.1x enforcement
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Modify zone transfer settings for company.com zone on DCA

33. to increase the reliability of the print server - configure...
Printer driver isolation
Create and deploy a logon script that runs Auditpol.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Service user account for AD LDS

34. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Recommend Group Policy preferences
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Implement Windows System Resource Manager (WSRM) and configure user policies

35. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
DFL needs to be Windows Server 2008
Storage manager for SANs

36. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
New ACCOUNT STORE should be added and configured
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Enable Windows Remote Management (WinRM) on each server.

37. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Upgrading DFS to Windows Server 2008 R2
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Role Separation

38. What shold be done to configure AD RMS so users can protect their data?
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Create an e-mail account in AD DS for your RMS users
Network Load Balancing (NLB) cluster
djoin /requesteodj from internal server - djoin /provision from outside server/PC

39. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
AD Domains and Trusts
Deploy a failover cluster that contains one node in each office.
Win2000

40. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Use Netsh tool from administrator's computer.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Microsoft Desktop Optimization Pack (MDOP)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

41. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Incoming external trust
fsconfig on FSSrv2
Site
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

42. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
File Server Resource Manager (FSRM) quotas and file screens
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement one LUN for the quorum and another LUN for the data

43. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Site
Win2000
AD Rights Management Services
Domain based DFS namespace and configure a DFS replication group

44. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Install Hyper-V role and convert physical machines into virtual machines
Modify the GPO to include folder redirection
A Distributed File System (DFS) namespace
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

45. To restore deleted user account from AD Recycle Bin...
Service user account for AD LDS
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
DSMOD
Restore-ADObject cmdlet

46. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
AD Rights Management Services
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Dsmgmt

47. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Configure offline files and enable manual caching
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

48. If you need to encrypt all data on all disks
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Then use Windows BitLocker Drive Encryption
Additional DFS Targets

49. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Then use Windows Deployment Services (WDS) on DHCP1.
Properties of PSO need modified
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Implement Shadow Copies

50. A specific application requires registry modifications to be in place before installing; you should use
Microsoft Desktop Optimization Pack (MDOP) to your company
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Raise the DFL to Windows Server 2008 R2.
Group Policy Preferences