Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Enables you to receive emails when domain users locked out of accounts...
Configure separate application pools for each application
Improve the performance of File Servers
Event Viewer
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

2. 4 steps to perform authoritative restore of a deleted OU...
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
802.1.x NAP
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

3. to protect file servers and hard disks that may be at risk of being accessed or stolen
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Dsmgmt
Implement Windows BitLocker Drive Encryption (BitLocker)
Utilize IFM (Install From Media)

4. UPN Suffix xxxx.com needs to be available for user accounts...
Add the new UPN Suffix to the forest
Ntdsutil
Windows System Resource Manager (WSRM)
Implement GPO for all client computers

5. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Ntdsutil
Distributed File System (DFS) Replication
Run the Delegation of Control Wizard on the Staff OU
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

6. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Raise the DFL to Windows Server 2008 R2.
Windows BitLocker Drive Encryption (Bit Locker)
WDS
Jill came down with 2.50.

7. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Configure Audit Special Logon and define Special Groups
DFL needs to be Windows Server 2008

8. To join a server/PC outside of the domain to the network...
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Then use on install image file that contains a single install image.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

9. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Recommend Active Directory delegation
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

10. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Enable - ADoptionalFeature cmdlet
Improve the performance of File Servers

11. to prevent VMs from receiving updats from a group policy
WDS
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

12. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Additional DFS Targets

13. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
AD Domains and Trusts
Deploy a failover cluster that uses Node and File Share Disk Majority
Configure block inheritance on the IT OU
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

14. What role to keep same time as an external server?
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
PDC emulator with w32tm.exe
fsconfig on FSSrv2

15. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Incoming external trust
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Configure folder redirection

16. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Zone transfer settings

17. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Create a MEDV workspace
Refresh the zone on DNS2

18. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Deploy the Root CA certificate to the external computers.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Then use Windows Deployment Services (WDS) on DHCP1.

19. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Assign the application to computers in the PC OU
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Windows System Resource Manager (WSRM)
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

20. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Create a MEDV workspace
AD Rights Management Services
Network Load Balancing (NLB)
Domain based DFS namespace and configure a DFS replication group

21. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
NOT be able to store that data on an iSCSI SAN
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Add George to the Domain Admins group.

22. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Then use on install image file that contains a single install image.
Create a MEDV workspace
Use CISCO IP Helper command to configure.
DISABLE slow link detection in the GPO

23. If you need to encrypt all data on all disks
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Add the user to the Domain Admins global group
Then use Windows BitLocker Drive Encryption

24. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Increase the tombstone lifetime for the forest.
Properties of PSO need modified
Jill came down with 2.50.
Configure offline files and enable manual caching

25. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Implement Windows BitLocker Drive Encryption (BitLocker)
Then use Windows BitLocker Drive Encryption
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

26. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Install From Media IFM
IIS Manager user account
FILES option within Ntdsutil
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

27. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Then configure auto enrollment of certificates and Credential Roaming.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Incoming external trust

28. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Run the Delegation of Control Wizard on the Staff OU
dnscmd
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

29. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Domain based Distributed File System (DFS) will reduce network traffic
Microsoft Application Virtualization (AppV)
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

30. To be able to user an application from one AD FS with authentication server to another...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
A relying party trust should be created.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Then configure GlobalNames zones on each domain controller.

31. PowerShell script to create user accounts with passwords from a file called password.csv
WDS
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Create an Active Directory-Integrated zone.
DFL needs to be Windows Server 2008

32. When service account passwords need to be changed for SQL they should be...
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Enable Windows Remote Management (WinRM) on each server.
Changed manually

33. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
PDC emulator with w32tm.exe
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Microsoft Desktop Optimization Pack (MDOP)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

34. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Set-ADServiceAccount cmdlet
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
FFL Windows Server 2008 R2

35. For the users that work remotely that need access to files from the corporate office you should...
From Server A - run Create Basic Task Wizard
Recommend Offline Files
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Deploy Microsoft System Center Operations Manager (SCOM)

36. To allow connection to a 256 Kbps ISDN...
DISABLE slow link detection in the GPO
Prestage the computer account in AD
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Run auditpol and then configure the Security settings of the Domain Controllers OU.

37. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
The Group Policy Management console
AD RMS
From Server1 - run the Create Basic Task Wizard
Windows XP Mode

38. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
fsconfig on FSSrv2
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

39. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Create and deploy a logon script that runs Auditpol.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

40. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Microsoft System Center Data Protection Manager 2010
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Your machine and remote desktops

41. If you need to minimize the bandwidth for installation
Domain based DFS namespace and configure a DFS replication group
Utilize IFM (Install From Media)
Offline domain join
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

42. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Microsoft System Center Data Protection Manager 2010
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Event Viewer
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

43. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows System Resource Manager (WSRM)
Multipath I/O feature
Incoming external trust
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

44. Striped volumes
Run the Delegation of Control Wizard on the Staff OU
Improve the performance of File Servers
Configure offline files and enable manual caching
Modify the local policy to point to the Internal WSUS server

45. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Ntfrsutil
Win2000
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Install Windows Server Backup and modify the Windows firewall settings

46. To add a new UPN for all user accounts...
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Deploy a GPO to the WebSrvOU
AD Domains and Trusts
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

47. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Microsoft Application Virtualization (AppV)
Run auditpol and then configure the Security settings of the Domain Controllers OU.
FILES option within Ntdsutil
net stop ntds

48. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Implement Windows System Resource Manager (WSRM) and configure user policies
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Deploy a GPO for the Sales OU

49. To restore deleted user account from AD Recycle Bin...
Restore-ADObject cmdlet
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Dsmgmt
Enable Windows Remote Management (WinRM) on the servers.

50. What GPO setting should be configured to prevent all users from running an application?
Use Netsh tool from administrator's computer.
AD Domains and Trusts
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Software Restriction Polices