Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Subnet object needs to be created
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
AD Domains and Trusts
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).

2. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
From Server A - run Create Basic Task Wizard
Enable Windows Remote Management (WinRM) on each server.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

3. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Site
Dsmgmt
Set-ADServiceAccount cmdlet

4. To allow connection to a 256 Kbps ISDN...
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
DISABLE slow link detection in the GPO
DSMOD - ADUC
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

5. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
The Group Policy Management console
Group Policy Preferences
A Distributed File System (DFS) namespace
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

6. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
IIS Chared Configuration
Additional DFS Targets
Microsoft SharePoint Foundation 2010
A Distributed File System (DFS) namespace

7. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Use the Local Roles options with dsmgmt.
Refresh the zone on DNS2
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Then configure GlobalNames zones on each domain controller.

8. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Configure authorization rules for Web developers on each web server
Disable Site Link Bridging from IP Properties
Use local roles options within "dsmgmt"
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

9. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Create an Active Directory-Integrated zone.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

10. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

11. UPN Suffix xxxx.com needs to be available for user accounts...
Create a standard secondary of domain and create standard secondary of other domain.
Recommend GPT and basic disks
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Add the new UPN Suffix to the forest

12. To minimize the amount of storage required you should recommend
Improve the performance of File Servers
IIS Chared Configuration
DFL needs to be Windows Server 2008
Share and Storage Management

13. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Then use Windows BitLocker Drive Encryption
Configure caching on the shared folder (offline files)
Purchase one additional Enterprise License
Install Windows Server Backup and modify the Windows firewall settings

14. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Improve the performance of File Servers
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Incoming external trust
Administrative Role Separation

15. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Add the new UPN suffix to the forest.
Ntdsutil
Then use on install image file that contains a single install image.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

16. To join a server/PC outside of the domain to the network...
An Active Directory subnet object needs to be created.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Configure folder redirection

17. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Modify properties of RODC server computer account.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
802.1.x NAP
Configure folder redirection

18. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Basic Authentication and SSL
Implement Windows System Resource Manager (WSRM)

19. If you need to minimize the bandwidth for installation
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Then use on install image file that contains a single install image.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Utilize IFM (Install From Media)

20. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Set-ADServiceAccount cmdlet
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Repadmin
Configure offline files and enable manual caching

21. The Computer Management snap-in allows you to create shares both on...
Data Recovery Agent
Your machine and remote desktops
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Recommend Offline Files

22. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Microsoft System Center Data Protection Manager 2010
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Microsoft Desktop Optimization Pack (MDOP)

23. When service account passwords need to be changed for SQL they should be...
Changed manually
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Administrators is the minimum group membership required to complete this procedure.
Run net stop ntds

24. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Create and deploy a logon script that runs Auditpol.
Assign the application to all client computers by using a GPO.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

25. To ensure that a file on a file server do not leave the organization you must implement this.
Ntfrsutil
Modify zone transfer settings for company.com zone on DCA
Refresh the zone on DNS2
AD RMS

26. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
A relying party trust should be created.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Data Recovery Agent

27. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Then configure GlobalNames zones on each domain controller.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.

28. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Then use Windows Deployment Services (WDS) on DHCP1.
Test-AppLockerPolicy
DISABLE slow link detection in the GPO

29. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Implement a GPO for each domain
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
An Active Directory subnet object needs to be created.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.

30. What should be done first to defragment the AD database?
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Recommend GPT and basic disks
Run net stop ntds

31. What GPO setting should be configured to prevent all users from running an application?
Test-AppLockerPolicy
Configure RODC for Administrator Role Separation
Software Restriction Polices
Deploy a failover cluster that uses Node and File Share Disk Majority

32. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Attach VHD file created by Windows server backup
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Domain based Distributed File System (DFS) namespace and DFS Replication.

33. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Create an Active Directory-Integrated zone.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).

34. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Administrative Role Separation
An Active Directory subnet object needs to be created.
File Server Resource Manager (FSRM) quotas and file screens
Configure the zone as an Activde Directory-Integrated zone.

35. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Ntfrsutil
Create a Central Store
PDC emulator with w32tm.exe

36. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Configure caching on the shared folder and configure offline files to use encryption
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Install Windows Server Backup and modify the Windows firewall settings

37. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Modify properties of RODC server computer account.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

38. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Implement a GPO for each domain
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Event Log Subscriptions
Ldp

39. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Create an Active Directory-Integrated zone.

40. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
The Group Policy Management console
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.

41. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Dsmgmt
Windows System Resource Manager (WSRM)
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

42. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Configure event log subscriptions
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Microsoft Desktop Optimization Pack (MDOP)

43. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
DSMOD
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

44. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
dnscmd tool
Implement Windows System Resource Manager (WSRM) and configure user policies
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Site

45. You need a solution that meets policy while minimizing hardware and software costs
Create a new Password Settings Object (PSO) for the IT users.
Configure the zone as an Activde Directory-Integrated zone.
Implement the Windows Search Service.
Passive file screens

46. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Group Policy Preferences
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Deploy Microsoft System Center Operations Manager (SCOM)
Test-AppLockerPolicy

47. To defragment and AD database...
net stop ntds
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Get-ADUser cmdlet
Create an e-mail account in AD DS for your RMS users.

48. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
DSMOD - ADUC
Create a standard secondary of domain and create standard secondary of other domain.

49. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Implement Network Access Protection (NAP)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Execute the Set-ADServiceAccount cmdlet

50. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
802.1.x NAP
Disable Site Link Bridging from IP Properties
Service user account for AD LDS
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise