Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Recommend GPT and basic disks
Assign the application to computers in the PC OU
Active Directory Users and Computers utility
Modify zone transfer settings for company.com zone on DCA

2. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Test-AppLockerPolicy
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

3. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Install Windows Server Backup and modify the Windows firewall settings
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

4. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

5. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Implement Network Access Protection (NAP)
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

6. To ensure that a file on a file server do not leave the organization you must implement this.
Configure separate application pools for each application
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
AD RMS

7. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Dfsrdiag
Import-Module
Upgrading DFS to Windows Server 2008 R2
PowerShell 2.0

8. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Group Policy Preferences
Deploy the Root CA certificate to the external computers.
Windows BitLocker Drive Encryption (Bit Locker)
Install and share a printer on a server and then enable printer pooling.

9. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Windows XP Mode
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Test-AppLockerPolicy

10. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Implement folder redirection by using GPO. Then backup the folder redirection target.
An Active Directory subnet object needs to be created.
DISABLE slow link detection in the GPO
Add the user to the Domain Admins global group

11. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Offline domain join
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

12. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Your machine and remote desktops
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Certificate Templates

13. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Enable Windows Remote Management (WinRM) on the servers.
File Server Resource Manager (FSRM) quotas and file screens
Recommend Group Policy preferences
Configure folder redirection

14. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Implement Network Access Protection (NAP)
Storage manager for SANs
Windows BitLocker Drive Encryption (Bit Locker)
Purchase one additional Enterprise License

15. Auditing the deletion of Registry keys on all Domain Controllers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Microsoft Desktop Optimization Pack (MDOP)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

16. To join a server/PC outside of the domain to the network...
Microsoft Desktop Optimization Pack (MDOP)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Install From Media IFM
djoin /requesteodj from internal server - djoin /provision from outside server/PC

17. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Purchase one additional Enterprise License
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Deploy Microsoft System Center Operations Manager (SCOM)

18. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.

19. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
FFL Windows Server 2008 R2
Create and deploy a logon script that runs Auditpol.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

20. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
The Group Policy Management console
Active Directory Users and Computers utility
Upgrading DFS to Windows Server 2008 R2
FILES option within Ntdsutil

21. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Microsoft Desktop Optimization Pack (MDOP) to your company
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Domain based Distributed File System (DFS) namespace and DFS Replication.

22. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Configure folder redirection
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Then configure GlobalNames zones on each domain controller.
Use CISCO IP Helper command to configure.

23. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
Printer driver isolation
Certificate Templates
MEDV to deploy virtual desktops

24. If you want to implement BitLocker and store recovery informaiton in a central location
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Microsoft Desktop Optimization Pack (MDOP)
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
The Group Policy Management console

25. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Active Directory Right Management Services (AD RMS)
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

26. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Implement a GPO for each domain
net stop ntds
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Configure an audit policy by editing the default domain policy and configure Event Forwarding

27. To restore previous version of script without taking up too much of time...
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Attach VHD file created by Windows server backup

28. If you need to allow an external partner's computer to access internal network resources by using SSTP
DFL needs to be Windows Server 2008
Deploy the Root CA certificate to the external computers.
Active Directory Users and Computers utility
Subnet object needs to be created

29. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Implement Distributed File System Replication (DFSR) on both servers
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

30. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

31. A specific application requires registry modifications to be in place before installing; you should use
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Active Directory Users and Computers utility
Group Policy Preferences
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

32. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Distributed File System (DFS) Replication
Service user account for AD LDS
Configure caching on the shared folder and configure offline files to use encryption

33. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Repadmin
File Server Resource Manager (FSRM) quotas and file screens
Configure Audit Special Logon and define Special Groups
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

34. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Administrators is the minimum group membership required to complete this procedure.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

35. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Microsoft Desktop Optimization Pack (MDOP)
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Add-ADFineGrainedPasswordPolicySubject cmdlet
Create an Active Directory-Integrated zone.

36. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Active Directory Users and Computers
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Modify the GPO to include folder redirection
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

37. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Domain based DFS namespace and configure a DFS replication group
DFL needs to be Windows Server 2008
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

38. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Changed manually
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Service user account for AD LDS
Configure caching on the shared folder (offline files)

39. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Create an Active Directory-Integrated zone.
Deploy a failover cluster that contains one node in each office.
Run the Delegation of Control Wizard on the Staff OU

40. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement the Windows Search Service.
Enable Credential Roaming
Microsoft Desktop Optimization Pack (MDOP) to your company
Implement File Server Resource Manager (FSRM) quotas on the desired servers

41. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Administrative Role Separation
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Recommend Offline Files
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

42. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Create an e-mail account in AD DS for your RMS users.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Implement a GPO for each domain

43. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Active Directory Domains and Trusts
Ldp
Implement Shadow Copies
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

44. To create and additional AD LDS applicaiton directory partition in existing instance...
Ldp
Folder redirection. Folder redirection is also useful when using roamin profiles.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up

45. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Microsoft System Center Data Protection Manager
Create an Active Directory-Integrated zone.
Network Load Balancing (NLB)
FFL Windows Server 2008 R2

46. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Implement Windows System Resource Manager (WSRM) and configure user policies
Microsoft Desktop Optimization Pack (MDOP) to your company
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

47. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Configure caching on the shared folder (offline files)
Create a standard secondary of domain and create standard secondary of other domain.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Add the Windows Server Backup feature and Windows System Image recovery.

48. If you want to allow single-label name resolution
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Then configure GlobalNames zones on each domain controller.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Registry on users computer needs to be modified

49. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Then use Windows Deployment Services (WDS)
Install From Media IFM
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

50. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Implement a domain-based DFS namespace that uses replication
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
net stop ntds