Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To restore previous version of script without taking up too much of time...
Modify the GPO to include folder redirection
Attach VHD file created by Windows server backup
Implement folder redirection by using GPO. Then backup the folder redirection target.
Microsoft Desktop Optimization Pack (MDOP)

2. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Autonomous mode...This allows the local administrator to approve their own updates.
Enable Credential Roaming
Offline domain join
Deploy a GPO for the Sales OU

3. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
CAPublishGP group should have the Manage CA permission.
Repadmin
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

4. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
IIS Chared Configuration
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

5. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
DISABLE slow link detection in the GPO
Implement Windows System Resource Manager (WSRM) and configure user policies
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Group Policy Preferences

6. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

7. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Test-AppLockerPolicy

8. If you need to allow an external partner's computer to access internal network resources by using SSTP
Win2000 Native
Deploy the Root CA certificate to the external computers.
Improve the performance of File Servers
Modify zone transfer settings for company.com zone on DCA

9. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Implement the Windows Search Service.
DSMOD - ADUC
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Refresh the zone on DNS2

10. When recommending a monitoring solution for an application so that it's events can be stored in a central
Implement folder redirection by using GPO. Then backup the folder redirection target.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Event Subscriptions
Microsoft Application Virtualization (AppV)

11. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Test-AppLockerPolicy
Ntfrsutil
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Passive file screens

12. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Active Directory Users and Computers
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

13. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Windows Deployment Services (WDS)
Create an e-mail account in AD DS for your RMS users.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Then use Windows Deployment Services (WDS)

14. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Winrm quickconfig
Install Windows Server Backup and modify the Windows firewall settings
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

15. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Use CISCO IP Helper command to configure.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Implement Distributed File System Replication (DFSR) on both servers

16. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Offline domain join
Then install new Server 2008 R2 Enterprise subordinate CA.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

17. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
From Server A - run Create Basic Task Wizard
Folder redirection. Folder redirection is also useful when using roamin profiles.
Add the new UPN Suffix to the forest
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

18. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Back up to an external USB drive by using Windows Server Backup
Configure offline files and enable manual caching
New ACCOUNT STORE should be added and configured
DSMOD - ADUC

19. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
IIS Chared Configuration
Implement the Windows Search Service.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

20. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Network Load Balancing (NLB) cluster
View properties of %systemroot%ntdsntds.dit

21. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Implement one LUN for the quorum and another LUN for the data

22. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

23. If you need to be able to create shared folders on Server 2008 R2
dnscmd
FFL Windows Server 2008 R2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

24. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Dfsrdiag
Discover the run Microsoft Baseline Security Analyzer (MBSA)
DFL needs to be Windows Server 2008

25. To prevent account password from being cached on RODC server...
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Modify properties of RODC server computer account.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

26. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
Dsmgmt
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Then configure GlobalNames zones on each domain controller.

27. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
NOT be able to store that data on an iSCSI SAN

28. To ensure that a file on a file server do not leave the organization you must implement this.
Create a new Password Settings Object (PSO) for the IT users.
AD RMS
Your machine and remote desktops
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

29. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Microsoft Desktop Optimization Pack (MDOP) to your company
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.

30. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Purchase one additional Enterprise License
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Configure RODC for Administrator Role Separation

31. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Repadmin
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Authorization Manager

32. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Recommend Offline Files
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Create a Central Store

33. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Create an Active Directory-Integrated zone.
DFL needs to be Windows Server 2008
Windows Deployment Services (WDS)
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

34. Ensure password length for a group set to 12 characters long while others keep password policy
Offline domain join
Network Load Balancing (NLB) cluster
Add-ADFineGrainedPasswordPolicySubject cmdlet
Use Netsh tool from administrator's computer.

35. To enable the AD Recycle Bin
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Active Directory snapshots and Tombstone reanimation
Enable - ADoptionalFeature cmdlet
Implement File Server Resource Manager (FSRM) quotas on the desired servers

36. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Execute the Set-ADServiceAccount cmdlet
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
AD Rights Management Services
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

37. Need to ensure users receive updated template within five days...
Recommend Offline Files
Upgrading DFS to Windows Server 2008 R2
Registry on users computer needs to be modified
Add the new UPN suffix to the forest.

38. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Event Log Subscriptions
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Execute the Set-ADServiceAccount cmdlet
Add the new UPN Suffix to the forest

39. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
The Group Policy Management Console
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Dsmgmt
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

40. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Site
802.1.x NAP
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Jill came down with 2.50.

41. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Implement one LUN for the quorum and another LUN for the data
Multipath I/O feature
Disable Site Link Bridging from IP Properties
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.

42. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Active Directory Users and Computers utility
CAPublishGP group should have the Manage CA permission.
Set-ADServiceAccount cmdlet
Then install new Server 2008 R2 Enterprise subordinate CA.

43. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Add the new UPN suffix to the forest.
Run net stop ntds
Network Load Balancing (NLB)
ntdsutil

44. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Enable Windows Remote Management (WinRM) on the servers.
Then install new Server 2008 R2 Enterprise subordinate CA.
Enable Credential Roaming
Active Directory Right Management Services (AD RMS)

45. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Implement a domain-based DFS namespace that uses replication
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

46. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
A relying party trust should be created.
Then configure GlobalNames zones on each domain controller.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Domain based DFS namespace and configure a DFS replication group

47. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Upgrading DFS to Windows Server 2008 R2
Test-AppLockerPolicy
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Zone transfer settings

48. GPO setting to prevent all users from running an application
Software Restriction Polices
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Group Policy Preferences
Encrypting File System (EFS). This can be enabled locally or through a GPO.

49. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

50. To create and additional AD LDS applicaiton directory partition in existing instance...
Data Recovery Agent
Additional DFS Targets
Ldp
Active Directory Users and Computers