Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
An Active Directory subnet object needs to be created.
Raise the DFL to Windows Server 2008 R2.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

2. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Group Policy Preferences
Network Load Balancing (NLB) cluster
Install the RSAT tool on their workstation to provide for more efficient network management

3. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Upgrading DFS to Windows Server 2008 R2
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Configure caching on the shared folder and configure offline files to use encryption

4. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Registry on users computer needs to be modified
Configure the zone as an Activde Directory-Integrated zone.
File Server Resource Manager (FSRM) quotas and file screens

5. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Use a GPO to configure device installation restrictions
Then install new Server 2008 R2 Enterprise subordinate CA.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

6. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Then configure auto enrollment of certificates and Credential Roaming.
Add the new UPN Suffix to the forest
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

7. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Additional DFS Targets
Active Directory Right Management Services (AD RMS)

8. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

9. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Create a standard secondary of domain and create standard secondary of other domain.
Winrm quickconfig
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

10. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Service user account for AD LDS
Configure RODC for Administrator Role Separation
Passive file screens
Create an e-mail account in AD DS for your RMS users

11. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Use a GPO to configure device installation restrictions
New ACCOUNT STORE should be added and configured
Jill came down with 2.50.

12. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create and deploy a logon script that runs Auditpol.
Dsmgmt
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Recommend Group Policy preferences

13. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Windows Deployment Services (WDS)
MEDV to deploy virtual desktops
Deploy a GPO for the Sales OU
Ntfrsutil

14. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Event Viewer
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

15. For the users that work remotely that need access to files from the corporate office you should...
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
DSMOD
Recommend Offline Files
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

16. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
dnscmd tool
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Domain based Distributed File System (DFS) namespace and DFS Replication.

17. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Event Subscriptions
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Site

18. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Create an e-mail account in AD DS for your RMS users.
fsconfig on FSSrv2
Configure event log subscriptions

19. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Implement folder redirection by using GPO. Then backup the folder redirection target.
The Group Policy Management Console
Jill came down with 2.50.
Use local roles options within "dsmgmt"

20. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Implement a GPO for each domain
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Deploy a GPO to the WebSrvOU
dnscmd

21. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
The Group Policy Management Console
802.1.x NAP
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

22. When recommending a monitoring solution for an application so that it's events can be stored in a central
Group Policy Preferences
Event Subscriptions
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

23. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Domain based DFS namespace and configure a DFS replication group
Encrypting File System (EFS). This can be enabled locally or through a GPO.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

24. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Then use Windows Deployment Services (WDS)
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Modify the GPO to include folder redirection
Add George to the Domain Admins group.

25. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Then configure auto enrollment of certificates and Credential Roaming.
Refresh the zone on DNS2

26. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
An Active Directory subnet object needs to be created.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Configure authorization rules for Web developers on each web server

27. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
From Server A - run Create Basic Task Wizard
View properties of %systemroot%ntdsntds.dit
ntdsutil
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication

28. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Offline domain join
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
New ACCOUNT STORE should be added and configured

29. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Microsoft Desktop Optimization Pack (MDOP) to your company
Authorization Manager role assignment
FFL Windows Server 2008 R2
Repadmin

30. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Test-AppLockerPolicy
Subnet object needs to be created

31. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Purchase one additional Enterprise License
Additional DFS Targets
Then use Windows BitLocker Drive Encryption
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

32. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Deploy Microsoft System Center Operations Manager (SCOM)
Implement Distributed File System Replication (DFSR) on both servers
Increase the tombstone lifetime for the forest.

33. To make deploying the custom Word dictionary easy
Recommend Group Policy preferences
Disable Site Link Bridging from IP Properties
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

34. A specific application requires registry modifications to be in place before installing; you should use
Utilize IFM (Install From Media)
Active Directory Right Management Services (AD RMS)
Group Policy Preferences
Winrm quickconfig

35. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Add the new UPN suffix to the forest.
Recommend GPT and basic disks
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Active Directory Right Management Services (AD RMS)

36. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Configure event log subscriptions
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Certificate Templates

37. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

38. If you need to ensure that data is protected by BitLocker then you will...
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Create an e-mail account in AD DS for your RMS users
Registry on users computer needs to be modified
NOT be able to store that data on an iSCSI SAN

39. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Modify zone transfer settings for company.com zone on DCA
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

40. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Then use Windows BitLocker Drive Encryption
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.

41. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Windows Deployment Services (WDS)
Domain based DFS namespace and configure a DFS replication group

42. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Configure Firewall Group Policies and link them at the Domain level
Network Load Balancing (NLB)
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP

43. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Ntdsutil
Dfsrdiag
Implement folder redirection by using GPO. Then backup the folder redirection target.
PDC emulator with w32tm.exe

44. If users complain that it is hard to find the shared folders on the network implement
Offline domain join
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Additional DFS Targets
Then install new Server 2008 R2 Enterprise subordinate CA.

45. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Purchase one additional Enterprise License
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

46. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Implement the Windows Search Service.
Modify zone transfer settings for company.com zone on DCA
IIS Chared Configuration

47. When deploying an application using the Group Policy distribution method assign the...
Windows Deployment Services (WDS)
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

48. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Utilize IFM (Install From Media)
Domain based Distributed File System (DFS) namespace and DFS Replication.
Deploy a GPO for the Sales OU

49. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
AD RMS
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Implement a Remote Desktop Connection Broker (RD Connection Broker)

50. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Create a new Password Settings Object (PSO) for the IT users.
Run net stop ntds
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Administrators is the minimum group membership required to complete this procedure.