Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Dsmgmt

2. To determine size of AD database file...
View properties of %systemroot%ntdsntds.dit
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Recommend Offline Files
PDC emulator with w32tm.exe

3. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

4. To ensure that a file on a file server do not leave the organization you must implement this.
Certificate Templates
AD RMS
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Create ADMX and ADML files. Configure the GPO and link it to the domain.

5. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Import-Module
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

6. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Creating a data collector set that kick off a scritp that either move or delete files.
Add George to the Domain Admins group.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

7. Capture all replication errors from all your DCs to a central location...
Assign the application to computers in the PC OU
Configure event log subscriptions
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Increase the tombstone lifetime for the forest.

8. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Perform an authoritative restore
DFL needs to be Windows Server 2008
Event Log Subscriptions
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

9. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Ntfrsutil
Site
MEDV to deploy virtual desktops

10. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Modify the local policy to point to the Internal WSUS server
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Run the Delegation of Control Wizard on the Staff OU

11. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Implement one LUN for the quorum and another LUN for the data
Autonomous mode...This allows the local administrator to approve their own updates.
Assign the application to all client computers by using a GPO.
Upgrading DFS to Windows Server 2008 R2

12. To defragment and AD database...
PDC emulator with w32tm.exe
net stop ntds
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Execute the Set-ADServiceAccount cmdlet

13. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Passive file screens
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Configure caching on the shared folder (offline files)

14. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
FILES option within Ntdsutil
Microsoft System Center Data Protection Manager
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Create an e-mail account in AD DS for your RMS users.

15. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Implement Shadow Copies
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Install Hyper-V role and convert physical machines into virtual machines

16. 4 steps to perform offline Defragmentation of AD database...
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Event Log Subscriptions
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

17. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Multipath I/O feature
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Then configure auto enrollment of certificates and Credential Roaming.

18. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Add the Windows Server Backup feature and Windows System Image recovery.
Implement one LUN for the quorum and another LUN for the data
Deploy the Root CA certificate to the external computers.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

19. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Microsoft Desktop Optimization Pack (MDOP) to your company
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

20. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Incoming external trust
Authorization Manager
Implement Windows System Resource Manager (WSRM) and configure user policies

21. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Implement Network Access Protection (NAP)
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Group Policy Preferences
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

22. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Use CISCO IP Helper command to configure.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Include a server that runs Microsoft Office SharePoint Server 2010

23. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
Implement Windows System Resource Manager (WSRM) and configure user policies
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Active Directory snapshots and Tombstone reanimation

24. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Microsoft Desktop Optimization Pack (MDOP)
Winrm quickconfig
Enable Credential Roaming
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

25. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Then use Windows Deployment Services (WDS)
Implement a domain-based DFS namespace that uses replication
Implement GPO for all client computers
Ntfrsutil

26. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Modify the schema of LDSInst1
DFL needs to be Windows Server 2008
Configure caching on the shared folder (offline files)

27. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Storage manager for SANs
Configure offline files and enable manual caching
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Then configure auto enrollment of certificates and Credential Roaming.

28. to prevent VMs from receiving updats from a group policy
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Folder redirection. Folder redirection is also useful when using roamin profiles.

29. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
A relying party trust should be created.
Assign the application to computers in the PC OU
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.

30. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Modify zone transfer settings for company.com zone on DCA
Configure folder redirection
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Implement folder redirection by using GPO. Then backup the folder redirection target.

31. If users complain that it is hard to find the shared folders on the network implement
Additional DFS Targets
Purchase one additional Enterprise License
Include a server that runs Microsoft Office SharePoint Server 2010
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

32. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Install Hyper-V role and convert physical machines into virtual machines
Domain based DFS namespace and configure a DFS replication group
Microsoft Application Virtualization (AppV)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

33. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Modify properties of RODC server computer account.
Network Load Balancing (NLB)
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Then configure GlobalNames zones on each domain controller.

34. Enables you to receive emails when domain users locked out of accounts...
Perform an authoritative restore
Event Viewer
Install From Media IFM
Disable Site Link Bridging from the IP properties

35. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Test-AppLockerPolicy
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Implement the Windows Search Service.
dnscmd tool

36. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Add-ADFineGrainedPasswordPolicySubject cmdlet
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
dnscmd
Deploy it by using Group Policy Software Installation method

37. To prevent account password from being cached on RODC server...
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Create a MEDV workspace
Modify properties of RODC server computer account.

38. To add a new UPN for all user accounts...
AD Domains and Trusts
Install Windows Server Backup and modify the Windows firewall settings
Implement GPO for all client computers
Deploy the Root CA certificate to the external computers.

39. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
From Server A - run Create Basic Task Wizard
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Passive file screens
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition

40. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Subnet object needs to be created

41. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Execute the Set-ADServiceAccount cmdlet
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Offline domain join
Domain based DFS namespace and configure a DFS replication group

42. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

43. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

44. To add a server with AD FS 2.0 role to an existing AD FS farm...
A Distributed File System (DFS) namespace
fsconfig on FSSrv2
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Test-AppLockerPolicy

45. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Then use on install image file that contains a single install image.
DFL needs to be Windows Server 2008

46. If you want to implement BitLocker and store recovery informaiton in a central location
Creating a data collector set that kick off a scritp that either move or delete files.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Recommend Active Directory delegation

47. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Install Windows Server Backup and modify the Windows firewall settings
View properties of %systemroot%ntdsntds.dit
Autonomous mode...This allows the local administrator to approve their own updates.
Configure block inheritance on the IT OU

48. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Install Windows Server Backup and modify the Windows firewall settings
Incoming external trust
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

49. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Incoming external trust
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Active Directory Right Management Services (AD RMS)

50. To restore deleted user account from AD Recycle Bin...
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Dfsrdiag
Disable Site Link Bridging from the IP properties
Restore-ADObject cmdlet