Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To deploy templates across the organization
Implement folder redirection by using GPO. Then backup the folder redirection target.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

2. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Recommend Group Policy preferences
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Install and share a printer on a server and then enable printer pooling.
Refresh the zone on DNS2

3. You need to design your WSUS infrastructure so that updates are highly available. To do so
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
NOT be able to store that data on an iSCSI SAN
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

4. UPN Suffix xxxx.com needs to be available for user accounts...
Enable Windows Remote Management (WinRM) on each server.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Add the new UPN Suffix to the forest
Subnet object needs to be created

5. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Active Directory snapshots and Tombstone reanimation
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Recommend Group Policy preferences

6. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Your machine and remote desktops

7. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Implement a GPO for each domain
Attach VHD file created by Windows server backup
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up

8. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Add the Windows Server Backup feature and Windows System Image recovery.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Microsoft Desktop Optimization Pack (MDOP) to your company
Install Windows Server Backup and modify the Windows firewall settings

9. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
From Server A - run Create Basic Task Wizard
Implement Windows BitLocker Drive Encryption (BitLocker)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Recommend GPT and basic disks

10. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Windows System Resource Manager (WSRM)
dnscmd
Implement folder redirection by using GPO. Then backup the folder redirection target.
Discover the run Microsoft Baseline Security Analyzer (MBSA)

11. To allow a specifc user or group to manage the address information for the user accounts...
Microsoft Desktop Optimization Pack (MDOP) to your company
Recommend Active Directory delegation
Restore-ADObject cmdlet
Site

12. To ensure that a file on a file server do not leave the organization you must implement this.
Configure event log subscriptions
Create a new Password Settings Object (PSO) for the IT users.
Include a server that runs Microsoft Office SharePoint Server 2010
AD RMS

13. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Raise the DFL to Windows Server 2008 R2.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Event Viewer
Modify properties of RODC server computer account.

14. To recover objects deleted from Active Directory you should recommend
Disable Site Link Bridging from IP Properties
Administrative Role Separation
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Active Directory snapshots and Tombstone reanimation

15. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
File Server Resource Manager (FSRM) quotas and file screens

16. When service account passwords need to be changed for SQL they should be...
DFL needs to be Windows Server 2008
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Changed manually
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.

17. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Implement Distributed File System Replication (DFSR) on both servers
Execute the Set-ADServiceAccount cmdlet
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

18. 4 steps to perform authoritative restore of a deleted OU...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Prestage the computer account in AD
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

19. To allow a user to administer Active Directory
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Add the user to the Domain Admins global group
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

20. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Backup operator's domain local group
Encrypting File System (EFS). This can be enabled locally or through a GPO.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

21. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Implement GPO for all client computers
Network Load Balancing (NLB) cluster
Install Hyper-V role and convert physical machines into virtual machines
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

22. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Then use on install image file that contains a single install image.
Storage manager for SANs
Event Log Subscriptions
Purchase one additional Enterprise License

23. to make shares at a remote location available to users you should implement this.
Offline domain join
Configure offline files and enable manual caching
Changed manually
Domain based Distributed File System (DFS) namespace and DFS Replication.

24. To be able to manage all the corporate servers from a workstation - you must install the
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Add the new UPN suffix to the forest.
FILES option within Ntdsutil
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

25. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Create a Network Load Balancing cluster.
Use local roles options within "dsmgmt"
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

26. When recommending a monitoring solution for an application so that it's events can be stored in a central
AD Rights Management Services
Event Subscriptions
Configure block inheritance on the IT OU
Configure Firewall Group Policies and link them at the Domain level

27. To restore deleted user account from AD Recycle Bin...
Folder redirection. Folder redirection is also useful when using roamin profiles.
Restore-ADObject cmdlet
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

28. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Install Hyper-V role and convert physical machines into virtual machines
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
dnscmd tool

29. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Enable Windows Remote Management (WinRM) on each server.
Execute the Set-ADServiceAccount cmdlet

30. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

31. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Authorization Manager
Microsoft SharePoint Foundation 2010
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

32. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Registry on users computer needs to be modified
Disable Site Link Bridging from IP Properties
Microsoft SharePoint Foundation 2010
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

33. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
Run adprep /forestprep and adprep /domainprep
Create ADMX and ADML files. Configure the GPO and link it to the domain.
A Distributed File System (DFS) namespace
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

34. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Active Directory Domains and Trusts
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition

35. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Group Policy Preferences
Configure authorization rules for Web developers on each web server
Software Restriction Polices
Active Directory Domains and Trusts

36. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Autonomous mode...This allows the local administrator to approve their own updates.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
DFL needs to be Windows Server 2008
Include a server that runs Microsoft Office SharePoint Server 2010

37. Tool to change Directory Services Restore Mode password on Domain Controller...
NOT be able to store that data on an iSCSI SAN
ntdsutil
FFL Windows Server 2008 R2
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

38. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Implement the Windows Search Service.
Configure Firewall Group Policies and link them at the Domain level
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

39. Auditing the deletion of Registry keys on all Domain Controllers
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
A relying party trust should be created.
Use local roles options within "dsmgmt"
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations

40. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Disable Site Link Bridging from IP Properties
Printer driver isolation
dnscmd
Certificate Templates

41. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Configure Audit Special Logon and define Special Groups
Raise the DFL to Windows Server 2008 R2.

42. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
View properties of %systemroot%ntdsntds.dit

43. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Install and share a printer on a server and then enable printer pooling.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

44. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Registry on users computer needs to be modified

45. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Properties of PSO need modified
Additional DFS Targets
Deploy a GPO to the WebSrvOU
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

46. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Active Directory Users and Computers
Administrators is the minimum group membership required to complete this procedure.
AD Domains and Trusts
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office

47. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
An Active Directory subnet object needs to be created.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

48. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

49. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Configure caching on the shared folder (offline files)
Subnet object needs to be created
Windows BitLocker Drive Encryption (Bit Locker)
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

50. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
From Server1 - run the Create Basic Task Wizard
Network Load Balancing (NLB)
CAPublishGP group should have the Manage CA permission.
Perform an authoritative restore