Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
PDC emulator with w32tm.exe
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Registry on users computer needs to be modified
Use a GPO to configure device installation restrictions

2. To configure AD FS so tokens contain information from Active Directory domain...
Add the new UPN Suffix to the forest
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Configure Audit Special Logon and define Special Groups
New ACCOUNT STORE should be added and configured

3. To recover objects deleted from Active Directory you should recommend
New ACCOUNT STORE should be added and configured
Group Policy Preferences
Active Directory snapshots and Tombstone reanimation
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

4. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Run adprep /forestprep and adprep /domainprep
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Dfsrdiag

5. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Incoming external trust
Implement folder redirection by using GPO. Then backup the folder redirection target.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Use a GPO to configure device installation restrictions

6. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

7. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Run adprep /forestprep and adprep /domainprep
Microsoft SharePoint Foundation 2010
DSMOD
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

8. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Software Restriction Polices
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

9. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations

10. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Dfsrdiag
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Then use Windows Deployment Services (WDS)
Authorization Manager

11. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
CAPublishGP group should have the Manage CA permission.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

12. The strongest form of NAP is
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Storage manager for SANs
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Incoming external trust

13. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Deploy a GPO to the WebSrvOU
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

14. If you need to delegate control of server to remote admins group
Configure event log subscriptions
Configure RODC for Administrator Role Separation
Active Directory snapshots and Tombstone reanimation
Dsmgmt

15. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Configure block inheritance on the IT OU
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Configure Firewall Group Policies and link them at the Domain level
IIS Manager user account

16. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Assign the application to computers in the PC OU
Include a server that runs Microsoft Office SharePoint Server 2010
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
djoin /requesteodj from internal server - djoin /provision from outside server/PC

17. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Dfsrdiag
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Enable Credential Roaming
Win2000 Native

18. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Registry on users computer needs to be modified
Win2000
Ntfrsutil

19. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
DFL needs to be Windows Server 2008
Then install new Server 2008 R2 Enterprise subordinate CA.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Active Directory Right Management Services (AD RMS)

20. What should be done first to defragment the AD database?
Windows XP Mode
Run net stop ntds
Administrative Role Separation
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

21. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Backup operator's domain local group
Event Log Subscriptions
Configure Firewall Group Policies and link them at the Domain level
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

22. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
DFL needs to be Windows Server 2008
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
fsconfig on FSSrv2
Deploy the Root CA certificate to the external computers.

23. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Raise the DFL to Windows Server 2008 R2.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

24. Need to access some resources in another domain that is part of another forest...What trust is created?
Implement folder redirection by using GPO. Then backup the folder redirection target.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Incoming external trust

25. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Windows System Resource Manager (WSRM)
Run adprep /forestprep and adprep /domainprep
AD RMS
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

26. To identify users who bypass the new corporate security policy -
Configure Audit Special Logon and define Special Groups
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Multipath I/O feature
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

27. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

28. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Windows BitLocker Drive Encryption (Bit Locker)
Create a Network Load Balancing cluster.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Deploy a failover cluster that uses Node and File Share Disk Majority

29. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Implement Distributed File System Replication (DFSR) on both servers
Then use Windows Deployment Services (WDS)
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.

30. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Use CISCO IP Helper command to configure.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Modify zone transfer settings for company.com zone on DCA

31. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Test-AppLockerPolicy
Refresh the zone on DNS2
Multipath I/O feature
Configure block inheritance on the IT OU

32. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Microsoft Desktop Optimization Pack (MDOP)
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Storage manager for SANs
Create a Network Load Balancing cluster.

33. What should be done to ensure changes made to AD objects can be logged?
Deploy a GPO for the Sales OU
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Set-ADServiceAccount cmdlet
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

34. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Data Recovery Agent
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Authorization Manager

35. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Add George to the Domain Admins group.
Implement the Windows Search Service.
Dsmgmt

36. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Software Restriction Polices
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Use a GPO to configure device installation restrictions
Enable - ADoptionalFeature cmdlet

37. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Dsmgmt
Create an Active Directory-Integrated zone.

38. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
802.1.x NAP

39. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
Run net stop ntds
A Distributed File System (DFS) namespace
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Win2000

40. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

41. DFL is...
Win2000 Native
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Active Directory Domains and Trusts
Ensure your account - or the group is a member of the local Administrators group for that specific server.

42. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Software Restriction Polices
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

43. To make deploying the custom Word dictionary easy
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Implement Distributed File System Replication (DFSR) on both servers
Recommend Group Policy preferences

44. To modify several user accounts to a new UPN suffix
Then use Windows Deployment Services (WDS)
Active Directory Users and Computers utility
Storage manager for SANs
Microsoft Desktop Optimization Pack (MDOP) to your company

45. In order to manage websites without having to logon you can use
Install and share a printer on a server and then enable printer pooling.
Active Directory Domains and Trusts
PowerShell 2.0
Perform an authoritative restore

46. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Modify the local policy to point to the Internal WSUS server
Windows Server 2003
WSUS server in the branch office in replica mode.
Run auditpol and then configure the Security settings of the Domain Controllers OU.

47. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Repadmin
Windows XP Mode
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication

48. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Active Directory snapshots and Tombstone reanimation
Add-ADFineGrainedPasswordPolicySubject cmdlet
A relying party trust should be created.
Run the Delegation of Control Wizard on the Staff OU

49. Striped volumes
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Improve the performance of File Servers
Refresh the zone on DNS2
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

50. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Active Directory Domains and Trusts
Deploy it by using Group Policy Software Installation method
Registry on users computer needs to be modified
Recommend GPT and basic disks