Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If you need to delegate control of server to remote admins group
View properties of %systemroot%ntdsntds.dit
Configure RODC for Administrator Role Separation
New ACCOUNT STORE should be added and configured
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

2. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Win2000
Role Separation
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

3. PowerShell script to create user accounts with passwords from a file called password.csv
fsconfig on FSSrv2
Prestage the computer account in AD
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

4. If you need to be able to create shared folders on Server 2008 R2
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
WSUS server in the branch office in replica mode.

5. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Repadmin
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Implement Windows BitLocker Drive Encryption (BitLocker)
Configure an audit policy by editing the default domain policy and configure Event Forwarding

6. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
Configure separate application pools for each application
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
CAPublishGP group should have the Manage CA permission.

7. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Execute the Set-ADServiceAccount cmdlet
Configure caching on the shared folder (offline files)

8. To join a server/PC outside of the domain to the network...
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Group Policy Preferences

9. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Install From Media IFM
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
An Active Directory subnet object needs to be created.

10. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Add-ADFineGrainedPasswordPolicySubject cmdlet
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Run adprep /forestprep and adprep /domainprep
Distributed File System (DFS) Replication

11. To allow a specifc user or group to manage the address information for the user accounts...
Recommend Active Directory delegation
Add George to the Domain Admins group.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Run auditpol and then configure the Security settings of the Domain Controllers OU.

12. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Improve the performance of File Servers
Install From Media IFM
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

13. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Share and Storage Management
IIS Manager user account
Windows System Resource Manager (WSRM)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

14. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
CAPublishGP group should have the Manage CA permission.
IIS Manager user account
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

15. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Windows BitLocker Drive Encryption (Bit Locker)

16. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Enable Credential Roaming
Offline domain join
Deploy it by using Group Policy Software Installation method

17. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Domain based Distributed File System (DFS) namespace and DFS Replication.
Add the Windows Server Backup feature and Windows System Image recovery.
Then configure GlobalNames zones on each domain controller.
Implement Distributed File System Replication (DFSR) on both servers

18. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
CAPublishGP group should have the Manage CA permission.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Network Load Balancing (NLB) cluster
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

19. What should be done first to defragment the AD database?
Run net stop ntds
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Configure offline files and enable manual caching

20. to make shares at a remote location available to users you should implement this.
Role Separation
A relying party trust should be created.
Domain based Distributed File System (DFS) namespace and DFS Replication.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

21. In order to manage websites without having to logon you can use
PowerShell 2.0
Assign the application to all client computers by using a GPO.
Assign the application to computers in the PC OU
Then use Windows Deployment Services (WDS) on DHCP1.

22. New password settings object (PSO) created and needs to be applied to user
A relying party trust should be created.
Prestage the computer account in AD
Then install new Server 2008 R2 Enterprise subordinate CA.
Properties of PSO need modified

23. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Raise the DFL to Windows Server 2008 R2.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Enable Windows Remote Management (WinRM) on the servers.

24. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Run adprep /forestprep and adprep /domainprep
Purchase one additional Enterprise License
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

25. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Implement folder redirection by using GPO. Then backup the folder redirection target.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
AD RMS

26. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Domain based DFS namespace and configure a DFS replication group
Event Log Subscriptions
Implement one LUN for the quorum and another LUN for the data
File Server Resource Manager (FSRM) quotas and file screens

27. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Create a Network Load Balancing cluster.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Storage manager for SANs
Implement a Remote Desktop Connection Broker (RD Connection Broker)

28. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Authorization Manager
The Group Policy Management console
Share and Storage Management

29. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Implement Windows System Resource Manager (WSRM) and configure user policies
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Install Hyper-V role and convert physical machines into virtual machines

30. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Dsmgmt

31. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Use the Local Roles options with dsmgmt.
Dynamically expanding VHD's
Zone transfer settings
Encrypting File System (EFS). This can be enabled locally or through a GPO.

32. to prevent VMs from receiving updats from a group policy
Create an e-mail account in AD DS for your RMS users.
Offline domain join
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Run the Delegation of Control Wizard on the Staff OU

33. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Purchase one additional Enterprise License
Administrators is the minimum group membership required to complete this procedure.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

34. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Software Restriction Polices
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Use local roles options within "dsmgmt"
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

35. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
PowerShell 2.0
Windows BitLocker Drive Encryption (Bit Locker)
Site
Utilize IFM (Install From Media)

36. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Assign the application to computers in the PC OU

37. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Configure offline files and enable manual caching
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

38. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Set-ADServiceAccount cmdlet
Active Directory Users and Computers
Dfsrdiag

39. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

40. GPO setting to prevent all users from running an application
Implement Distributed File System Replication (DFSR) on both servers
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
File Server Resource Manager (FSRM) quotas and file screens
Software Restriction Polices

41. To ensure that a file on a file server do not leave the organization you must implement this.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
AD RMS

42. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Microsoft Application Virtualization (AppV)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Deploy Microsoft System Center Operations Manager (SCOM)
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

43. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Deploy a failover cluster that contains one node in each office.
Win2000 Native
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

44. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Configure block inheritance on the IT OU
Deploy a failover cluster that uses Node and File Share Disk Majority
Install Windows Server Backup and modify the Windows firewall settings
Create a MEDV workspace

45. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Dsmgmt
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

46. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
IIS Chared Configuration
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Install Hyper-V role and convert physical machines into virtual machines
PowerShell 2.0

47. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Add the Windows Server Backup feature and Windows System Image recovery.
net stop ntds

48. To minimize the amount of storage required you should recommend
Dfsrdiag
Share and Storage Management
Implement Distributed File System Replication (DFSR) on both servers
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

49. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

50. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
ntdsutil
Install the RSAT tool on their workstation to provide for more efficient network management
Deploy Microsoft System Center Operations Manager (SCOM)
Active Directory Domains and Trusts