Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Distributed File System (DFS) Replication
Run adprep /forestprep and adprep /domainprep
Active Directory Domains and Trusts

2. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Registry on users computer needs to be modified
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Recommend GPT and basic disks
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

3. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
dsa.msc - dsamain.exe - ntdsutil.exe
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Upgrading DFS to Windows Server 2008 R2
Software Restriction Polices

4. The Computer Management snap-in allows you to create shares both on...
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Deploy it by using Group Policy Software Installation method
Your machine and remote desktops

5. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Domain based Distributed File System (DFS) will reduce network traffic
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

6. To enable the AD Recycle Bin
CAPublishGP group should have the Manage CA permission.
Enable - ADoptionalFeature cmdlet
Group Policy Preferences
Raise the DFL to Windows Server 2008 R2.

7. If you need to delegate control of server to remote admins group
Passive file screens
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Configure RODC for Administrator Role Separation

8. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Install and share a printer on a server and then enable printer pooling.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
802.1.x NAP
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

9. You need to relocate an AD LDS instance from C: Drive to D: Drive
Modify the schema of LDSInst1
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Use a GPO to configure device installation restrictions
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

10. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Prestage the computer account in AD
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.

11. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

12. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Configure caching on the shared folder and configure offline files to use encryption
Administrators is the minimum group membership required to complete this procedure.
dsa.msc - dsamain.exe - ntdsutil.exe
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

13. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

14. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Microsoft Desktop Optimization Pack (MDOP) to your company
Microsoft SharePoint Foundation 2010
Active Directory Users and Computers
Add the Windows Server Backup feature and Windows System Image recovery.

15. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Deploy a GPO for the Sales OU
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

16. If a file server reaches 15% free disk space - you could free up some disk space by
Domain based DFS namespace and configure a DFS replication group
Add the new UPN suffix to the forest.
Refresh the zone on DNS2
Creating a data collector set that kick off a scritp that either move or delete files.

17. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Dfsrdiag

18. DFL is...
PDC emulator with w32tm.exe
Configure caching on the shared folder (offline files)
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Win2000 Native

19. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Include a server that runs Microsoft Office SharePoint Server 2010
Create and deploy a logon script that runs Auditpol.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Windows System Resource Manager (WSRM)

20. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Set-ADServiceAccount cmdlet
Then use Windows BitLocker Drive Encryption

21. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Windows XP Mode
Incoming external trust
Disable Site Link Bridging from IP Properties
Multipath I/O feature

22. Capture all replication errors from all your DCs to a central location...
Modify the local policy to point to the Internal WSUS server
Run adprep /forestprep and adprep /domainprep
View properties of %systemroot%ntdsntds.dit
Configure event log subscriptions

23. What role to keep same time as an external server?
Deploy a failover cluster that uses Node and File Share Disk Majority
PDC emulator with w32tm.exe
Implement Shadow Copies
Your machine and remote desktops

24. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Event Subscriptions
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Increase the tombstone lifetime for the forest.
Implement a GPO for each domain

25. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Configure an audit policy by editing the default domain policy and configure Event Forwarding
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

26. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Include a server that runs Microsoft Office SharePoint Server 2010

27. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Recommend Offline Files
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Additional DFS Targets
Network Load Balancing (NLB)

28. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

29. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
The Group Policy Management Console
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

30. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Network Load Balancing (NLB) cluster
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Windows System Resource Manager (WSRM)
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

31. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Recommend Offline Files
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Utilize IFM (Install From Media)
Refresh the zone on DNS2

32. To ensure that a file on a file server do not leave the organization you must implement this.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Active Directory Users and Computers
AD RMS

33. To modify several user accounts to a new UPN suffix
Active Directory Users and Computers utility
Run adprep /forestprep and adprep /domainprep
Properties of PSO need modified
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

34. What utility is used to see what accounts cached on RODC?
Active Directory Users and Computers utility
Install Hyper-V role and convert physical machines into virtual machines
Active Directory Users and Computers
Your machine and remote desktops

35. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Additional DFS Targets
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Raise the DFL to Windows Server 2008 R2.

36. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
PDC emulator with w32tm.exe
Get-ADUser cmdlet
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

37. If you want to implement BitLocker and store recovery informaiton in a central location
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Multipath I/O feature
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.

38. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Autonomous mode...This allows the local administrator to approve their own updates.
Repadmin

39. To minimize the amount of storage required you should recommend
AD Domains and Trusts
Add-ADFineGrainedPasswordPolicySubject cmdlet
Share and Storage Management
Group Policy Preferences

40. To compact AD database...
From Server1 - run the Create Basic Task Wizard
Offline domain join
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
FILES option within Ntdsutil

41. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Create an e-mail account in AD DS for your RMS users.
Then use Windows BitLocker Drive Encryption
Implement Distributed File System Replication (DFSR) on both servers
MEDV to deploy virtual desktops

42. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Configure block inheritance on the IT OU
WDS
Modify the local policy to point to the Internal WSUS server
Add the new UPN Suffix to the forest

43. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Create an Active Directory-Integrated zone.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Microsoft Desktop Optimization Pack (MDOP)

44. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Then use Windows Deployment Services (WDS)
Create and deploy a logon script that runs Auditpol.
Microsoft System Center Data Protection Manager 2010
Run adprep /forestprep and adprep /domainprep

45. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Purchase one additional Enterprise License
Deploy a GPO for the Sales OU
Test-AppLockerPolicy

46. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Win2000

47. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Dsmgmt
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Implement Network Access Protection (NAP)

48. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
PDC emulator with w32tm.exe
IIS Chared Configuration
Modify the GPO to include folder redirection
FFL Windows Server 2008 R2

49. to increase the reliability of the print server - configure...
Printer driver isolation
Zone transfer settings
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
A Distributed File System (DFS) namespace

50. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Test-AppLockerPolicy
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.