Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Active Directory snapshots and Tombstone reanimation
Implement a GPO for each domain
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication

2. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Enable Windows Remote Management (WinRM) on each server.
Network Load Balancing (NLB) cluster

3. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Role Separation
Ntfrsutil
Dsmgmt
Certificate Templates

4. To configure AD FS so tokens contain information from Active Directory domain...
net stop ntds
Windows BitLocker Drive Encryption (Bit Locker)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
New ACCOUNT STORE should be added and configured

5. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Implement Distributed File System Replication (DFSR) on both servers
Implement File Server Resource Manager (FSRM) quotas on the desired servers

6. To compact AD database...
Modify properties of RODC server computer account.
FILES option within Ntdsutil
Perform an authoritative restore
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition

7. New Password Policy needs to be created for OU different from domain password policy
Create and deploy a logon script that runs Auditpol.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

8. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Recommend Offline Files
Group Policy Preferences
Basic Authentication and SSL

9. 2 ways to relocate user and computer accounts to different OUs
View properties of %systemroot%ntdsntds.dit
Run net stop ntds
DSMOD - ADUC
Modify the schema of LDSInst1

10. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Microsoft System Center Data Protection Manager 2010
Prestage the computer account in AD
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

11. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Test-AppLockerPolicy
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

12. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Enable Credential Roaming
Authorization Manager
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Changed manually

13. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
AD RMS
Microsoft System Center Data Protection Manager 2010
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Deploy a failover cluster that contains one node in each office.

14. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
From Server1 - run the Create Basic Task Wizard
Deploy the Root CA certificate to the external computers.
Ntfrsutil

15. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

16. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Subnet object needs to be created
Recommend Group Policy preferences
Domain based Distributed File System (DFS) will reduce network traffic

17. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Microsoft SharePoint Foundation 2010
Implement a domain-based DFS namespace that uses replication
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

18. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Zone transfer settings
dsa.msc - dsamain.exe - ntdsutil.exe
Assign the application to all client computers by using a GPO.
Windows System Resource Manager (WSRM)

19. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Implement a GPO for each domain
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
From Server1 - run the Create Basic Task Wizard
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

20. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Implement a domain-based DFS namespace that uses replication
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Deploy it by using Group Policy Software Installation method

21. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
IIS Manager user account
Zone transfer settings
Restore-ADObject cmdlet

22. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Use Netsh tool from administrator's computer.
File Server Resource Manager (FSRM) quotas and file screens
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

23. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Network Load Balancing (NLB) cluster
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Dsmgmt

24. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Implement folder redirection by using GPO. Then backup the folder redirection target.
Modify the schema of LDSInst1
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Create a new Password Settings Object (PSO) for the IT users.

25. To make deploying the custom Word dictionary easy
Use the Local Roles options with dsmgmt.
802.1.x NAP
Printer driver isolation
Recommend Group Policy preferences

26. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Configure Firewall Group Policies and link them at the Domain level
Network Load Balancing (NLB) cluster
Site

28. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Subnet object needs to be created
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Data Recovery Agent
Upgrading DFS to Windows Server 2008 R2

29. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Disable Site Link Bridging from IP Properties
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Test-AppLockerPolicy
Create and deploy a logon script that runs Auditpol.

30. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
FFL Windows Server 2008 R2
Test-AppLockerPolicy
Install Windows Server Backup and modify the Windows firewall settings

31. What utility is used to see what accounts cached on RODC?
Create a Central Store
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Active Directory Users and Computers
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

32. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Microsoft System Center Data Protection Manager 2010
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Configure an audit policy by editing the default domain policy and configure Event Forwarding

33. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
dnscmd
Add George to the Domain Admins group.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

34. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Backup operator's domain local group
Ntfrsutil
Set-ADServiceAccount cmdlet
Create a Network Load Balancing cluster.

35. To allow connection to a 256 Kbps ISDN...
Add the user to the Domain Admins global group
DFL needs to be Windows Server 2008
DISABLE slow link detection in the GPO
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

36. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

37. Capture all replication errors from all your DCs to a central location...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
The Group Policy Management console
Autonomous mode...This allows the local administrator to approve their own updates.
Configure event log subscriptions

38. To build a highly secure server cluster with a reduced attack surface area
Windows BitLocker Drive Encryption (Bit Locker)
Configure folder redirection
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Install Windows Server Backup and modify the Windows firewall settings

39. What should be done first to defragment the AD database?
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Run net stop ntds
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)

40. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Utilize IFM (Install From Media)
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Use a GPO to configure device installation restrictions
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

41. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
CAPublishGP group should have the Manage CA permission.
dsa.msc - dsamain.exe - ntdsutil.exe
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

42. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Administrators is the minimum group membership required to complete this procedure.

43. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Implement the Windows Search Service.
New ACCOUNT STORE should be added and configured
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

44. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Enable - ADoptionalFeature cmdlet
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Add the Windows Server Backup feature and Windows System Image recovery.

45. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Active Directory Users and Computers
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

46. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Implement Windows System Resource Manager (WSRM)
Domain based DFS namespace and configure a DFS replication group
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

47. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
File Server Resource Manager (FSRM) quotas and file screens
Administrative Role Separation
Use Netsh tool from administrator's computer.
Create ADMX and ADML files. Configure the GPO and link it to the domain.

48. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Certificate Templates
Create an Active Directory-Integrated zone.
Subnet object needs to be created
Disable Site Link Bridging from IP Properties

49. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Set-ADServiceAccount cmdlet
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Repadmin
Create a new Password Settings Object (PSO) for the IT users.

50. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Run net stop ntds
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Configure separate application pools for each application
Passive file screens