Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In order to manage websites without having to logon you can use
DISABLE slow link detection in the GPO
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
PowerShell 2.0
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

2. When one needs to audit files - folders - printers and the registry enable
Active Directory Users and Computers
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Role Separation

3. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Incoming external trust
Creating a data collector set that kick off a scritp that either move or delete files.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

4. To deploy templates across the organization
Create an e-mail account in AD DS for your RMS users
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Perform an authoritative restore

5. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Modify the schema of LDSInst1
Add the new UPN suffix to the forest.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

6. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

7. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Active Directory Users and Computers utility
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

8. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Add the user to the Domain Admins global group
Ntfrsutil

9. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Configure separate application pools for each application
Deploy a failover cluster that uses Node and File Share Disk Majority
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

10. To configure Administrator Role Separation for an RODC
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Recommend Group Policy preferences
A Distributed File System (DFS) namespace
Active Directory Domains and Trusts

11. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
A relying party trust should be created.
Recommend GPT and basic disks
Administrators is the minimum group membership required to complete this procedure.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

12. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Run the Delegation of Control Wizard on the Staff OU
Implement Windows System Resource Manager (WSRM) and configure user policies
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

13. You need to recommend a BitLocker recovery method you should recommend this.
AD Rights Management Services
Data Recovery Agent
Printer driver isolation
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

14. The strongest form of NAP is
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

15. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Then use Windows Deployment Services (WDS) on DHCP1.
Administrators is the minimum group membership required to complete this procedure.

16. You need to ensure that the guest account on all servers is disabled to
Software Restriction Polices
Domain based DFS namespace and configure a DFS replication group
Discover the run Microsoft Baseline Security Analyzer (MBSA)
From Server1 - run the Create Basic Task Wizard

17. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Enable Windows Remote Management (WinRM) on each server.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Storage manager for SANs
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

18. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Microsoft System Center Data Protection Manager 2010
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Data Recovery Agent

19. To determine size of AD database file...
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
View properties of %systemroot%ntdsntds.dit
Configure separate application pools for each application
Disable Site Link Bridging from the IP properties

20. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Assign the application to all client computers by using a GPO.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Configure an audit policy by editing the default domain policy and configure Event Forwarding

21. To create and additional AD LDS applicaiton directory partition in existing instance...
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Ldp
Implement Network Access Protection (NAP)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

22. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Registry on users computer needs to be modified
Test-AppLockerPolicy
Raise the DFL to Windows Server 2008 R2.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

23. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
A Distributed File System (DFS) namespace
Then use Windows Deployment Services (WDS) on DHCP1.
Deploy Microsoft System Center Operations Manager (SCOM)

24. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Create an e-mail account in AD DS for your RMS users.
Create an e-mail account in AD DS for your RMS users
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

25. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Active Directory Right Management Services (AD RMS)
Administrators is the minimum group membership required to complete this procedure.
Microsoft Desktop Optimization Pack (MDOP)

26. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Configure authorization rules for Web developers on each web server
Folder redirection. Folder redirection is also useful when using roamin profiles.
Network Load Balancing (NLB) cluster

27. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
A Distributed File System (DFS) namespace
Domain based Distributed File System (DFS) will reduce network traffic
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

28. To be able to user an application from one AD FS with authentication server to another...
Dsmgmt
Win2000
Active Directory Right Management Services (AD RMS)
A relying party trust should be created.

29. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

30. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Then configure auto enrollment of certificates and Credential Roaming.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Implement Windows System Resource Manager (WSRM) and configure user policies

31. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Microsoft System Center Data Protection Manager
Configure separate application pools for each application
Active Directory snapshots and Tombstone reanimation

32. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Implement a GPO for each domain
Perform an authoritative restore

33. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Network Load Balancing (NLB) cluster
Event Viewer

34. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Create a MEDV workspace
Then use Windows Deployment Services (WDS)
Encrypting File System (EFS). This can be enabled locally or through a GPO.
802.1.x NAP

35. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Disable Site Link Bridging from the IP properties
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

36. When service account passwords need to be changed for SQL they should be...
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Upgrading DFS to Windows Server 2008 R2
Changed manually
Run the Delegation of Control Wizard on the Staff OU

37. If subnets are connected by CISCO router that is RFC-1542 compliant
Use CISCO IP Helper command to configure.
Active Directory snapshots and Tombstone reanimation
Then use Windows Deployment Services (WDS)
A relying party trust should be created.

38. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Refresh the zone on DNS2
Deploy it by using Group Policy Software Installation method
Create a Network Load Balancing cluster.

39. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Create an Active Directory-Integrated zone.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Implement a GPO for each domain
Implement a domain-based DFS namespace that uses replication

40. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Dynamically expanding VHD's
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

41. You need a solution that meets policy while minimizing hardware and software costs
Create a new Password Settings Object (PSO) for the IT users.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Back up to an external USB drive by using Windows Server Backup
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

42. Jack and Jill go up the hill - both with a buck and a quarter
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Jill came down with 2.50.
Win2000 Native

43. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
AD Rights Management Services
FFL Windows Server 2008 R2
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Deploy the Root CA certificate to the external computers.

44. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Deploy a failover cluster that contains one node in each office.
Dsmgmt
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Modify the local policy to point to the Internal WSUS server

45. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Dsmgmt

46. If users complain that it is hard to find the shared folders on the network implement
Dsmgmt
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Additional DFS Targets
Implement Windows System Resource Manager (WSRM) and configure user policies

47. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Active Directory Domains and Trusts
Create an e-mail account in AD DS for your RMS users.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

48. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Authorization Manager
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Deploy a failover cluster that uses Node and File Share Disk Majority
Run net stop ntds

49. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
802.1.x NAP
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Deploy a GPO for the Sales OU

50. To identify users who bypass the new corporate security policy -
Dynamically expanding VHD's
Configure Audit Special Logon and define Special Groups
Winrm quickconfig
Offline domain join