Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
View properties of %systemroot%ntdsntds.dit
Then use Windows BitLocker Drive Encryption
Configure block inheritance on the IT OU
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

2. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Configure separate application pools for each application
Run adprep /forestprep and adprep /domainprep
Basic Authentication and SSL
Create an e-mail account in AD DS for your RMS users.

3. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
fsconfig on FSSrv2

4. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
WDS
Distributed File System (DFS) Replication
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Create a new Password Settings Object (PSO) for the IT users.

5. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Active Directory Domains and Trusts
Enable - ADoptionalFeature cmdlet
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

6. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Configure caching on the shared folder and configure offline files to use encryption
Configure event log subscriptions
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Registry on users computer needs to be modified

7. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure an audit policy by editing the default domain policy and configure Event Forwarding
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

8. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Configure offline files and enable manual caching
Implement Shadow Copies
Modify the local policy to point to the Internal WSUS server

9. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Import-Module
Enable - ADoptionalFeature cmdlet
Administrators is the minimum group membership required to complete this procedure.
Create a MEDV workspace

10. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Authorization Manager
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Encrypting File System (EFS). This can be enabled locally or through a GPO.

11. Enables you to receive emails when domain users locked out of accounts...
Data Recovery Agent
Event Viewer
Modify properties of RODC server computer account.
Create an e-mail account in AD DS for your RMS users

12. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

13. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Administrators is the minimum group membership required to complete this procedure.
Implement Distributed File System Replication (DFSR) on both servers
Use the Local Roles options with dsmgmt.
Configure block inheritance on the IT OU

14. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Active Directory Users and Computers
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

15. To allow connection to a 256 Kbps ISDN...
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
DISABLE slow link detection in the GPO

16. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Use Netsh tool from administrator's computer.
Get-ADUser cmdlet
DSMOD - ADUC

17. To defragment and AD database...
net stop ntds
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Then use Windows Deployment Services (WDS) on DHCP1.
Add the Windows Server Backup feature and Windows System Image recovery.

18. to increase the reliability of the print server - configure...
Microsoft Desktop Optimization Pack (MDOP)
Create an Active Directory-Integrated zone.
Utilize IFM (Install From Media)
Printer driver isolation

19. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Get-ADUser cmdlet
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Assign the application to all client computers by using a GPO.

20. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
An Active Directory subnet object needs to be created.
Create a MEDV workspace
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

21. To build a highly secure server cluster with a reduced attack surface area
New ACCOUNT STORE should be added and configured
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Site
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions

22. If a file server reaches 15% free disk space - you could free up some disk space by
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Creating a data collector set that kick off a scritp that either move or delete files.

23. UPN Suffix xxxx.com needs to be available for user accounts...
Dynamically expanding VHD's
Windows System Resource Manager (WSRM)
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Add the new UPN Suffix to the forest

24. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Implement a domain-based DFS namespace that uses replication
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Implement a GPO for each domain

25. Ensure password length for a group set to 12 characters long while others keep password policy
Create an e-mail account in AD DS for your RMS users
Add-ADFineGrainedPasswordPolicySubject cmdlet
Microsoft Desktop Optimization Pack (MDOP)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

26. To make deploying the custom Word dictionary easy
Dynamically expanding VHD's
Configure block inheritance on the IT OU
Recommend Group Policy preferences
Configure separate application pools for each application

27. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Raise the DFL to Windows Server 2008 R2.
Modify the local policy to point to the Internal WSUS server
Deploy a GPO for the Sales OU

28. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Dsmgmt
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Implement GPO for all client computers
Ntdsutil

29. To backup GPO's in domain and minimize bakcup...
Repadmin
AD Domains and Trusts
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
The Group Policy Management Console

30. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Create an e-mail account in AD DS for your RMS users.
Registry on users computer needs to be modified
Win2000 Native
Active Directory Users and Computers utility

31. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Improve the performance of File Servers
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Configure folder redirection
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

32. You need a solution that meets policy while minimizing hardware and software costs
Then use Windows Deployment Services (WDS) on DHCP1.
Create a new Password Settings Object (PSO) for the IT users.
Modify the local policy to point to the Internal WSUS server
Attach VHD file created by Windows server backup

33. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
A Distributed File System (DFS) namespace
Deploy a failover cluster that contains one node in each office.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

34. For the users that work remotely that need access to files from the corporate office you should...
Recommend Offline Files
WDS
Refresh the zone on DNS2
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

35. Tools to view contents of an OU in an AD snapshot...
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Backup operator's domain local group
dsa.msc - dsamain.exe - ntdsutil.exe
Perform an authoritative restore

36. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
A relying party trust should be created.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.

37. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Administrative Role Separation
Implement a domain-based DFS namespace that uses replication
Implement Windows System Resource Manager (WSRM) and configure user policies

38. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Add-ADFineGrainedPasswordPolicySubject cmdlet
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Deploy it by using Group Policy Software Installation method
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

39. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Assign the application to all client computers by using a GPO.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Configure offline files and enable manual caching

40. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
AD Rights Management Services
AD RMS
Then configure GlobalNames zones on each domain controller.
Active Directory Domains and Trusts

41. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

42. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Refresh the zone on DNS2
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
AD Domains and Trusts
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

43. DFL is...
FILES option within Ntdsutil
Win2000 Native
Printer driver isolation
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

44. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Ntfrsutil
Windows Deployment Services (WDS)

45. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Offline domain join
Install and share a printer on a server and then enable printer pooling.
Create a new Password Settings Object (PSO) for the IT users.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

46. Can be used to install the Windows RE on existing servers
DSMOD
Role Separation
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
WDS

47. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Import-Module
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

48. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Configure Firewall Group Policies and link them at the Domain level
Additional DFS Targets

49. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Dfsrdiag
Authorization Manager role assignment
dnscmd
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

50. To minimize the amount of storage required you should recommend
Dfsrdiag
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Share and Storage Management