table of contents - testout€¦ · web viewrevised 2016/05/17. testout server pro: ... module 1...

Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them.

TestOut Server Pro:Advanced Services – English 3.1.x

Revised 2016/05/17

Table of Contents

Course Overview...................................................................................................4Course Introduction for Instructors........................................................................6Section 1.1: Multi-Domain Forests........................................................................8Section 1.2: Cross-Forest Trusts.........................................................................10Section 1.3: External, Shortcut and Realm Trusts...............................................12Section 1.4: Sites Overview.................................................................................14Section 1.5: Managing Sites................................................................................16Section 1.6: Managing Replication......................................................................18Section 1.7: Read-Only Domain Controllers (RODCs)........................................20Section 1.8: RODC Management........................................................................22Section 2.1: Network File System (NFS).............................................................24

Section 2.2: BranchCache...................................................................................26Section 2.3: Dynamic Access Control (DAC)......................................................28Section 2.4: DAC Management...........................................................................30Section 2.5: Advanced Storage...........................................................................32Section 2.6: Storage Optimization.......................................................................34Section 3.1: Windows Server Backup.................................................................36Section 3.2: Restore from Backup.......................................................................38Section 3.3: Volume Shadow Copies..................................................................40Section 3.4: Boot Configuration Data (BCD) Store..............................................42Section 4.1: DHCP Overview..............................................................................44Section 4.2: DHCP Scopes.................................................................................46Section 4.3: DHCP and IPv6...............................................................................48Section 4.4: DHCP High Availability....................................................................50Section 4.5: IPAM Overview................................................................................52Section 4.6: IPAM Configuration.........................................................................54Section 4.7: IPAM Management..........................................................................56Section 5.1: DNS Security...................................................................................57Section 5.2: Advanced DNS Settings..................................................................59Section 5.3: GlobalNames Zones........................................................................61Section 6.1: Virtual Machine Management..........................................................63Section 6.2: Hyper-V High Availability.................................................................65Section 7.1: Network Load Balancing..................................................................67Section 7.2: Network Load Balancing Management............................................69Section 7.3: Failover Clustering...........................................................................71Section 7.4: Failover Cluster Management.........................................................74Section 7.5: Failover Clustered Role Management.............................................76


LESSON PLAN

Section 7.6: Failover Cluster with Hyper-V..........................................................78Section 8.1: Active Directory Certificate Services Overview................................80Section 8.2: Certificate Management..................................................................82Section 8.3: Certificate Revocation.....................................................................84Section 8.4: Certificate Templates.......................................................................86Section 8.5: Certificate Autoenrollment...............................................................88Section 8.6: Key Archival and Recovery.............................................................90Section 8.7: Certificate Authority (CA) Management...........................................92Section 8.8: CA Backup and Recovery...............................................................94Section 9.1: AD RMS Overview...........................................................................95Section 9.2: AD RMS Installation........................................................................97Section 9.3: AD RMS Client Deployments..........................................................99Section 9.4: AD RMS Templates.......................................................................100Section 10.1: AD FS Overview..........................................................................102Section 10.2: AD FS Certificates.......................................................................103Section 10.3: Resource Partner........................................................................104Section 10.4: Accounts Partner.........................................................................106Section 10.5: AD FS Proxies.............................................................................107Section 10.6: AD FS and Cloud Services..........................................................109Section 10.7: AD FS and AD RMS....................................................................110Server Pro: Advanced Services Practice Exams...............................................112Microsoft 70-412 Practice Exams......................................................................113Appendix A: Approximate Time for the Course.................................................114Appendix B: Exam 70-412: Configuring Advanced Windows Server 2012 Services Objectives...........................................................................................117Appendix C: Server Pro: Advanced Services Objectives..................................123


Course OverviewThis course prepares students for TestOut’s Server Pro: Advanced Services exam and Microsoft’s 70-412 certification exam.

Module 1 – Active Directory InfrastructureThis module teaches the students details about the infrastructure of Active Directory and how to manage the elements involved.

Module 2 – File and Storage SolutionsIn this module students will learn about file and storage solutions, such as file sharing, using BranchCache, implementing and managing Dynamic Access Control, configuring iSCSI, and storage spaces.

Module 3 – Disaster Recovery This module teaches students about backing up and restoring data, implementing shadow copies, and finding tools to assist in system recovery.

Module 4 – Advanced DHCPThis module examines using Dynamic Host Configuration Protocol (DHCP) and IPAM to centralize and streamline management of IP address assignments.

Module 5 – Advanced DNSIn this module students will learn concepts about configuring DNS security: DNSSEC, DNS Socket Pooling, Cache Locking, Advanced DNS settings, and GlobalNames zones.

Module 6 – Hyper-VThis module discusses management of virtual machines and Hyper-V replicas.

Module 7 – High Availability This module teaches students about the components that create high availability: Network load balancing, Failover Clustering, Active Directory Certificate Service, AD RMS, and AD FS.

Module 8 – Active Directory Certificate ServicesThis module examines encryption and certificate solutions using Active Directory Certificate Services. This includes managing and revoking certificates, using certificate templates, configuring Certificate Autoenrollment, archiving and recovering keys, and managing the Certificate Authority.

Module 9 – Active Directory Rights Management Services (AD RMS)In this module students will learn concepts about installing and deploying AD RMS.


Module 10 – Active Directory Federation Services 2.1 (AD FS)This module discusses using AD FS to provide access to resources that are offered by trusted partners across the Internet.

Practice ExamsIn Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. The practice exams contain examples of the types of questions that a student will find on the actual exam:

Server Pro: Advanced Services Practice Exams Microsoft 70-412 Practice Exams


Course Introduction for Instructors

This course provides students with the knowledge to become industry certified as a Windows professional. It prepares the student for the following exams:

Microsoft’s 70-412: Configuring Advanced Windows Server 2012 Services TestOut’s Server Pro: Advanced Services

Microsoft’s 70-412: Configuring Advanced Windows Server 2012 Services certification measures the students’ ability to administer, configure, and manage Windows Server 2012 advanced services. The following knowledge domains are addressed:

Configure and manage high availability Configure file and storage solutions Implement business continuity and disaster recovery Configure network services Configure the Active Directory infrastructure Configure identity and access solutions

Note: MS 70-412 objectives are listed in Appendix B: 70-412: Configuring Advanced Windows Server 2012 Services Objectives

TestOut’s Server Pro: Advanced Services certification measures the students’ ability to perform real-world job skills using the Windows Server 2012 operating system. The following knowledge domains are addressed:

Advanced Active Directory Configuration Advanced Storage Management Server Data Protection Advanced DHCP and DNS Configuration High Availability Implementation Certificate Management Digital Rights Management

Note: TestOut’s Server Pro: Advanced Services objectives are listed in Appendix C: Server Pro: Advanced Services Objectives

The section introductions in LabSim and the lesson plans list the objectives that are met for each of the exams in that section.


The following icons are placed in front of lesson items in LabSim to help students quickly recognize the items in each section:

= Demonstration

= Exam

= Lab/Simulation

= Text lesson or fact sheet

= Video

The video and demonstration icons are used throughout the lesson plans to help instructors differentiate between the timing for the videos and demonstrations.

In the lesson plans the Total Time for each section is calculated by adding the approximate time for each section which is calculated using the following elements:

Video/demo times Approximate time to read the text lesson (the length of each text lesson is

taken into consideration) Simulations (5 minutes is assigned per simulation. This is the amount of

time it would take for a knowledgeable student to complete the lab activity. Plan that the new students will take much longer than this depending upon their knowledge level and computer experience.)

Questions (1 minute per question)

Note: Appendix A: Approximate Time for the Course contains the approximate time for each section, which are totaled for the entire course.


Section 1.1: Multi-Domain Forests SummaryThis section provides the basics of managing multi-domain forests. Concepts covered include:

Prerequisites required before adding the first domain controller running Windows Server 2012 to an existing Active Directory environment:

o Server disk spaceo Supported Windows Server 2012 editionso Forest and domain functional levels

Tools to prepare forest and domain to support Windows Server 2012:o Adprep /forestprepo Adprep /domainprepo Adprep /rodcprep

Installation scenarios for AD DS for Windows 2012:o Installing a new Windows Server 2012 foresto Installing a new Windows Server 2012 domain controller to create a

new domain in an existing Windows Server 2003, 2008, or 2008 R2 forest

Tools to promote the Windows Server 2012 system as a domain controller in the domain:

o Server Managero PowerShell (using ADDSDeployment cmdlets)o DCPromo (only for Server Core deployments using an answer file)

The role of a functional level Features available at each domain functional level Features available at each forest functional level Management of functional levels Guidelines that apply to raising the domain or forest functional levels

Students will learn how to:

Raise the functional level of a domain. Raise the functional level of a forest. Add a new child domain to a multi-domain forest.

Server Pro: Advanced Services Exam Objectives:

1.0 Advanced Active Directory Configuration.o Raise the functional level of an Active Directory forest


70-412 Exam Objectives:

501. Configure a forest or a domain.o Implement multi-domain and multi-forest Active Directory

environments including interoperability with previous versions of Active Directory

o Upgrade existing domains and forest including environment preparation and functional levels

o Configure multiple user principal name (UPN) suffixes

Lecture Focus Questions:

When do you use the adprep /domainprep /gpprep command instead of the adprep /domainprep command?

What are the prerequisites for adding the first domain controller running Windows Server 2012 to an existing Active Directory environment?

How does the functional level of a domain impact the capabilities available on domain controllers in the domain or forest?

How does the functional level of a domain affect which operating systems you can run on workstations and servers in the domain?

What circumstances might prevent you from raising the functional level of a domain?

In which two circumstances can you revert to a lower functional level without rebuilding the domain or forest?

Video/Demo Time1.1.1 Multi-Domain Forests 10:371.1.2 Upgrading Multi-Domain Forests 10:011.1.3 Adding a New Child Domain 7:35

Total 28:13

Lab/Activity

Raise Functional LevelsRaise the Domain and/or Forest Levels

Number of Exam Questions5 questions

Total TimeAbout 50 minutes


Section 1.2: Cross-Forest Trusts SummaryThis section provides information about preparing and creating cross-forest trusts. Details include:

The role of trusts Properties of trusts:

o Direction of Trust: One-way Trust Two-way Trust

o Direction of Resource Accesso Transitivity

How trusts are created for:o Domains within a foresto Trusts between forests

Considerations when creating forest trusts Authentication security settings that can be applied to trusts:

o Selective authenticationo Domain-wide authenticationo Forest-wide authentication


Create and configure a forest root trust between two domains. Create trust relationships with a specified domain.


1.0 Advanced Active Directory Configuration.o Create forest root, cross-forest, external, shortcut, and realm trusts


502 Configure trusts.o Configure trust authentication



Which types of trusts are created automatically for domains within a forest?

What are the characteristics of automatically-created domain trusts? What are the characteristics of trusts between forests? When can forest trusts be used? When must you create an external trust? What advantages does selective authentication provide to system

administrators for securing resources in a forest?

Video/Demo Time1.2.1 Cross-Forest Trusts 6:261.2.2 Preparation for a Cross-Forest Trust 1:291.2.3 Preparing for a Cross-Forest Trust 7:401.2.4 Creating a Cross-Forest Trust 11:56

Total 27:31

Lab/Activity

Create a Forest Root TrustDesign Trusts




Section 1.3: External, Shortcut and Realm Trusts SummaryThis section provides details about creating external, shortcut, and realm trusts.


Manually create an external trust to allow users on one domain to access resources in a domain of another forest.

Create a shortcut trust to speed up authentication between domains in the same forest.

Server Pro: Advanced Services Objectives:

1.0 Advanced Active Directory Configuration.o Create forest root, cross-forest, external, shortcut, and realm trusts


502 Configure trusts.o Configure external, forest, shortcut, and realm trustso Configure trust authenticationo Configure SID filteringo Configure name suffix routing


How do shortcut trusts improve user logon times between two domains within a forest?

What are the characteristics of an external trust? When should you use a realm trust? What features does Active Directory Federated Services (AD FS) offer?


Video/Demo Time1.3.1 External, Shortcut and Realm Trusts 5:001.3.2 Creating a Shortcut Trust 2:23

Total 7:23

Lab/Activity

Create a Shortcut Trust




Section 1.4: Sites Overview SummaryThis section provides an overview of sites and subnets. Details covered include:

The role of a site The role of a subnet Considerations about sites and subnets Sites and subnets allow an administrator to monitor:

o Active Directory replication between locations o Workstation logon traffico Objects in Active Directoryo Distributed File System (DFS) resource accesso File Replication Service (FRS) characteristicso Properties for any site-aware application


Create and manage sites, subnets, and site links.


503. Configure sites.o Configure sites and subnetso Create and configure site linkso Move domain controllers between sites


How does a subnet differ from a site? What is the purpose of sites and subnets? What criteria are used to assign computers to sites? How are clients assigned to sites? What criteria determine the site that a domain controller is assigned?


Video/Demo Time1.4.1 Overview of Sites 7:541.4.2 Creating Sites, Subnets, and Site Links 12:47

Total 20:41

Lab/Activity

Manage Sites and Subnets




Section 1.5: Managing Sites SummaryThis section discusses the following issues when managing sites:

Logon requests Site link cost Site link schedules Site link interval Global Catalog servers Universal Group Membership Caching


Determine the domain controller that will process logon requests at a site. Set up a Global Catalog. Enable Universal Group Membership Caching.


1.0 Advanced Active Directory Configuration.o Manage sites, subnets, and site links


503. Configure sites.o Manage site coverageo Manage registration of SRV records


How can you determine which domain controller will authenticate a client when more than one domain controller exists at a site?

How are site link costs determined? What steps can you take to ensure that a particular domain controller does

not authenticate clients from another site? How does a Global Catalog server facilitate faster searches and logon? What are the benefits of Universal Group Membership Caching? When

should it be used? What two things should you consider when defining site link schedules?


Video/Demo Time1.5.1 Site Management 17:101.5.2 Managing Sites 10:01

Total 27:11




Section 1.6: Managing Replication SummaryThis section examines managing replication. Concepts covered include:

Terms to be familiar with:o Site link bridgeo Bridgehead servero Connection

Sites and Services distinguishes between two types of replication:o Intrasiteo Intersite

Transport protocols used by replication:o Directory Services Remote Procedure Call (DS-RPC)o Inter-Site Messaging Simple Mail Transfer Protocol (ISM-SMTP)

Facts about intrasite replication:o Occurs between domain controllers within a siteo By default, occurs once every houro Modifying the replication frequencyo Connections are created automatically as necessary

Intersite replication configuration steps:o Preferred bridgehead servero Replication scheduleo Replication frequencyo Site link costo Bridged site replicationo Forced replication

Example of site link bridging The role of SYSVOL folder File Replication Service (FRS) vs. Distributed File System (DFS) Benefits of DFS replication Migrating from FRS replication to DFS replication States that indicate stable stages in the migration process:

o Not initiatedo Starto Preparedo Redirectedo Eliminated

Considerations when managing migration


Create a site link bridge.


Manage replication of AD and SYSVOL. Monitor replication of AD and SYSVOL.


1.0 Advanced Active Directory Configuration.o Manage sites, subnets, and site links.o Configure site replication.


504. Manage Active Directory and SYSVOL replication.o Monitor and manage replicationo Upgrade SYSVOL replication to Distributed File System Replication

(DFSR)


What types of trusts are enabled by default for site link bridges? How do you establish bidirectional communications between domain

controllers? How does intrasite replication differ from intersite replication? What are three ways that you can force replication? How can you force a certain path between sites for replication? What is the process for migrating from FRS replication to DFS replication

when the domain is at Windows Server 2003 functional level? During which migration stages are you able to roll back the migration?

Video/Demo Time1.6.1 Active Directory Replication 12:461.6.2 Monitoring and Managing Replication 12:51

Total 25:37

Lab/Activity

Configure Intrasite ReplicationConfigure Intersite Replication




Section 1.7: Read-Only Domain Controllers (RODCs)SummaryIn this section students will learn details about creating RODCs. Concepts covered include:

Features of RODCs:o Administrator role separationo Unidirectional replicationo Read-only datao Password replicationo DNS Server service

Requirements to be met before RODCs are installed in a domain Performing a staged installation of an RODC in which the installation is

performed by two different individuals in separated stages Generals steps to install a read-only domain controller (RODC) Considerations when installing RODC


Create and configure an RODC account.


1.0 Advanced Active Directory Configuration.o Implement read-only domain controllers


504. Manage Active Directory and SYSVOL replication.o Configure replication to Read-Only Domain Controllers (RODCs)


In which environments is an RODC typically deployed? What are the benefits and the drawbacks of unilateral replication? What are the requirements for installing an RODC in a domain? How does the administrative role separation (ARS) feature protect domain

controller security?


Video/Demo Time1.7.1 Read-Only Domain Controllers 9:111.7.2 Pre-Staging RODC Accounts 6:531.7.3 Joining an RODC to the Domain 4:57

Total 21:01

Lab/Activity

Create RODC Accounts




Section 1.8: RODC ManagementSummaryThis section discusses the following considerations managing an RODC:

Administrator role separation Replication traffic management Security management


Configure the password replication policy on the RODC to cache only passwords for specified users.

Prepopulate passwords before users even attempt to log on.


1.0 Active Directory Configuration.o Implement read-only domain controllers


504. Manage Active Directory and SYSVOL replication.o Configure Password Replication Policy (PRP) for RODCs


How does the password replication policy control password replication? What preventative measures can you implement to protect the data on an

RODC in the event it is lost or stolen? How can you prevent certain data from being replicated to an RODC? What steps should you take if an RODC has been compromised? When does an RODC attempt inbound replication? Which two built-in groups can be used for password replication on

RODCs?


Video/Demo Time1.8.1 RODC Management 9:521.8.2 Managing RODCs 6:01

Total 15:53

Lab/Activity

Edit the Password Replication Policy




Section 2.1: Network File System (NFS) SummaryThis section discusses using Network File System (NFS) to transfer files between computers running Windows and UNIX/Linux operating systems. Details include:

Considerations when deploying NFS file sharing on Windows Server 2012:

o System requirementso NFS service installationo NFS service configurationo NFS share configuration


Create and configure an NFS share.


2.0 Advanced Storage Management.o Implement NFS to support UNIX/Linux systems


201. Configure advanced file services.o Configure NFS data store


Which PowerShell cmdlets install NFS sharing components on a Windows Server 2012 system?

What configuration tasks must be completed before using the NFS Server or Client on a Windows Server 2012 system?

What are two ways you can create shares in the server's NTFS file system and export them to NFS clients?

In which two ways can you map a UNIX/Linux user or group to a Windows user or group?


Video/Demo Time2.1.1 NFS Overview 1:532.1.2 Configuring an NFS Data Store 12:10

Total 14:03

Lab/Activity

Configure an NFS Share




Section 2.2: BranchCache SummaryThis section discusses using BranchCache to allow users in branch offices to access information more quickly. Concepts covered include:

The role of BranchCache BranchCache modes:

o Hosted Cacheo Distributed Cache


Configure a BranchCache content server. Configure a hosted BranchCache server. Use PowerShell cmdlets to configure BranchCache clients. Verify BranchCache client settings.


201. Configure advanced file services.o Configure BranchCache


What method do you use to configure a file server as a BranchCache content server?

How does hosted cache mode differ from distributed cache mode in systems using BranchCache?

What are the advantages of using Group Policy to configure BranchCache on multiple computers?

How do you use Group Policy to configure firewall rules for BranchCache clients?

Which settings should you verify when inspecting the current BranchCache operation mode using the Get-BCStatus cmdlet?

What should you be aware of if you use both PowerShell cmdlets and Group Policy to configure BranchCache on client systems?


Video/Demo Time2.2.1 BranchCache Overview 5:342.2.2 Configure BranchCache 6:11

Total 11:45




Section 2.3: Dynamic Access Control (DAC) SummaryIn this section students will learn about using Dynamic Access control (DAC) to enable granular control over data access. Details include:

The role of Dynamic Access Control (AC) Factors that can be used to change the level of access of a user Components of DAC implementation:

o Resource propertieso Classification ruleso Claims-based access control:

User claims Devices claims

o Central access ruleso Central access policies

Considerations when setting up the permission for DAC and NTFS file permissions

Tasks to implement Dynamic Access Control (DAC):o Install FSRMo Define resource propertieso Create classification ruleso Configure claim typeso Define central access ruleso Define central access policieso Configure Group Policy settingso Apply central access policies


Use FSRM to configure File Classification Infrastructure. Create and configure classification rules. Configure a classification schedule.


2.0 Advanced Storage Management.o Implement Dynamic Access Control (DAC)



201. Configure advanced file services.o Configure File Classification Infrastructure (FCI) using File Server

Resource Manager (FSRM) 202. Implement Dynamic Access Control (DAC).

o Configure user and device claim typeso Configure file classificationo Create and configure Central Access rules and policieso Create and configure resource properties and lists


By implementing DAC, what criteria can you use to dynamically change the level of access a user has to file server data?

How can you use NTFS file system permissions and DAC to control resource access?

To which types of data can classification rules be applied? How does the Content Classifier method of assigning a property to a file

differ from the Windows PowerShell Classifier method? What are the components of a central access rule? Which Kerberos Group Policy settings must be enabled to support DAC?

Video/Demo Time 2.3.1 DAC Overview 10:222.3.2 Configuring File Classification Infrastructure (FCI) using FSRM 11:302.3.3 Implementing DAC Policies 19:59

Total 41:51

Lab/Activity

Configure File Classification Infrastructure




Section 2.4: DAC Management SummaryIn this section students will learn about options to manage Dynamic Access Control (DAC). Details in this section include:

Staging Access-denied remediation


Staging policy changes for central access policies for DAC. Use Group Policy to configure file access auditing.


2.0 Advanced Storage Management.o Implement Dynamic Access Control (DAC)


201. Configure advanced file services.o Configure file access auditing

202. Implement Dynamic Access Control (DAC).o Implement policy changes and stagingo Perform access-denied remediation


How can you test the effect of DAC rules without enforcing them? What is the purpose of access-denied remediation? What are two requirements for using access-denied remediation? What should you be aware of if you use both File Server Resource

Manager and Group Policy to configure DAC?

Video/Demo Time 2.4.1 DAC Management 5.012.4.2 Implementing Policy Changes and Staging 6:402.4.3 Performing Access-denied Remediation 5:09


Total 16:50




Section 2.5: Advanced Storage SummaryThis section examines using iSCSI and iSNS to provide advanced storage capabilities. Details include:

Hardware required to create an iSCSI SAN:o Ethernet cablingo Ethernet switcheso Ethernet NICs

The role of iSCSI targets The role of iSCSI initiator iSCSI terminology to be familiar with:

o network entityo network portalo Protocol Data Unit (PDU)o iSCSI nameo iSCSI Qualified Name (IQN)o iSCSI targeto iSCSI initiatoro LUN

Considerations when choosing between iSCSI and other SAN technologies

Steps to configure iSCSI initiators The role of Internet Storage Name Service (iSNS)


Create an iSCSI virtual disk and configure an iSCSI target on it. Configure an iSCSI initiator with access to the virtual disk. Install the iSNS Server Service feature and configure iSNS.


2.0 Advanced Storage Management.o Implement an iSCSI SAN


203 Configure and optimize storage. o Configure iSCSI Target and Initiatoro Configure Internet Storage Name server (iSNS)



What are the hardware components of a SAN? What is the advantage of using Ethernet hardware for a SAN

implementation? What is the benefit from implementing a second, parallel network

infrastructure dedicated only to the iSCSI SAN? In an iSCSI SAN, what purpose does the network portal serve? What are the steps to configure iSCSI initiators? What functions does Storage Name Service (iSNS) provide?

Video/Demo Time2.5.1 iSCSI and Internet Storage Name Server (iSNS) 2:352.5.2 Configuring an iSCSI Target 2:232.5.3 Configuring the iSCSI Initiator 4:192.5.4 Configuring iSNS 3:11

Total 12:28

Lab/Activity

Configure an iSCSI TargetConfigure the iSCSI Initiator




Section 2.6: Storage Optimization SummaryThis section covers optimizing storage by using storage spaces and storage pools. Concepts covered include:

Components of storage spaces:o Deviceso Poolso Storage spaces

Steps to follow when more disk space is needed Configuration options in storage pool creation:

o Allocationo Storage layout:

Simple Two-way mirror Three-way mirror Parity

o Provisioning: Fixed provisioning Thin provisioning

Considerations about storage spaces Storage pool limitations PowerShell commands to manage storage spaces:

o New-StoragePoolo Add-PhysicalDisko New-VirtualDisko Get-StoragePool

Options to optimized storage on a Windows Server 2012 system:o Data deduplicationo Features on Demand


Configure storage pools. Reduce disk space used by Windows Server 2012 using Features on

Demand. Enable data deduplication to optimize data storage.



102 Configure failover clustering.o Configure and optimize clustered shared volumeso Configure storage spaces

203 Configure and optimize storage.o Implement thin provisioning and trimo Manage server free space using Features on Demand


How does fixed provisioning differ from thin provisioning? What are the limitations of the storage pool? Which PowerShell cmdlets can you use to manage storage spaces and

what is the function of each? How does data deduplication differ from Features on Demand? How can you use Features on Demand to manage free space of a

Windows Server 2012 server?

Video/Demo Time2.6.1 Storage Optimization 4:332.6.2 Optimizing Storage 12:332.6.3 Storage Tiers 12:51

Total 29:57




Section 3.1: Windows Server Backup SummaryThis section provides details of using Windows Server Backup. Concepts covered include:

The role of the Online Backup feature in Windows 2012 Steps to perform online backups The role of the Windows Server Local Backup Considerations about using Windows Server Backup Methods Windows Server Backup provides to run backups:

o Windows Server Backup MMC snap-ino Wbadmin from the command prompto PowerShell cmdlets for Windows Server Backup

Options available with Windows Server Backup:o Full Servero Bare metal recoveryo System stateo Individual volumeso Folders or files

Storage types that Windows Server Backup can save backups to:o Internal disko External disko Shared foldero DVD, other optical or removable media

When using Windows Server Backup you cannot back to:o Tapeo USB flash driveso Pen drives


Install Windows Server Backup. Configure a regular backup schedule for a server. Back up a server.


3.0 Server Data Protection.o Configure server backups



301 Configure and manage backups.o Configure Windows Server backupso Configure Windows Online backupso Configure role-specific backups


When using the Online Backup feature in Windows Server 2012, what options do you have for obtaining the certificate file?

Which types of backups are not supported by Online Backup and must be done using a local backup?

What is the best practice for securing the Online Backup passphrase? What happens if the online backup destination does not have sufficient

space available to store the backup? When using Windows Server Backup, which backup option would you use

if you want to be able to recover all volumes including system state and bare metal recoveries?

Which media types are not supported by Windows Server Backup?

Video/Demo Time3.1.1 Windows Server Backup 3:163.1.2 Configuring Windows Server Backup for Local Backup 2:333.1.4 Configuring Windows Server Backup for Online Backup 6:27

Total 12:16

Lab/Activity

Back Up a Server




Section 3.2: Restore from Backup SummaryThis section discusses restoring from backup. Concepts covered include:

Considerations when restoring from backups Recovery types and the tools to perform them:

o Onlineo Files and folderso Hyper-Vo Volumeso Applicationso Bare metal or full servero System state


Restore a server from backup. Restore user data from backup. Perform a Bare Metal Recovery.


3.0 Server Data Protection.o Restore server data from backup


302 Recover servers.o Restore from backupso Perform a Bare Metal Restore (BMR)


Which are the only types of files that can be recovered from an online backup?

Which are the only media supported for recovering files and folders using Windows Server Backup?

Who is authorized to perform recoveries using Windows Server Backup? What tool allows you to recover Hyper-V virtual machines? When recovering volumes, how is the existing data on the destination

volume handled?


Video/Demo Time3.2.1 Restore from Backup 1:383.2.2 Recovering User Data 3:423.2.3 Performing a Bare Metal Recovery (BMR) 3:30

Total 8:50




Section 3.3: Volume Shadow Copies SummaryThis section discusses using Volume Shadow Copies to make copies of user files at regular intervals. Concepts covered include:

The role of Volume Shadow Copy Service (VSS) Considerations when using VSS VSS areas when implementing shadow copies:

o Schedulingo Storingo Recoveringo NTFS Permissionso VSSAdmin


Enable and configure shadow copies for shared folders. Restore a previous version of a file. Use VSSAdmin to manage VSS settings from the command line.


3.0 Server Data Protection.o Enable shadow copies


301 Configure and manage backups.o Manage VSS settings using VSSAdmin


How do you view and manage previous versions of volumes, folders and files?

What criteria should you use for scheduling shadow copies of volume data?

How are NTFS permissions on previous versions of a file affected during recovery?

How does restoring folders affect new files that have been added since the shadow copy was made?

What steps should you take to allow defragmentation on volumes with VSS enabled?

What happens if you delete a volume before disabling VSS?


Video/Demo Time 3.3.1 Volume Shadow Copies 2:253.3.2 Configuring VSS 3:213.3.2 Managing VSS Settings with VSSAdmin 2:07

Total 7:53

Lab/Activity

Enable Shadow CopiesRestore Previous Version 1Restore Previous Version 2




Section 3.4: Boot Configuration Data (BCD) StoreSummaryIn this section students will learn about Boot Configuration Data (BCD) Store. Concepts covered include:

Tools to assist in system recovery:o System Recovery Optionso Boot Configuration Data (BCD)o Windows Memory Diagnostic Tool (WMDT)o Startup and Recovery optionso System Configuration utility (Msconfig.exe)

The role of boot options Windows Server 2012 startup modes:

o Repair Your Computero Safe Modeo Safe Mode with Networkingo Safe Mode with Command Prompto Enable Boot loggingo Enable low-resolution videoo Last Known Good Configurationo Debugging Modeo Disable automatic restart on a system failureo Disable Driver Signature Enforcemento Disable Early Launch Anti-Malware Protection

Recommendations to troubleshoot startup errors with the advanced boot options


Configure the BCD store. Use Advanced Boot options to boot a computer.


302 Recover servers.o Recover servers using Windows Recovery Environment (Win RE)

and safe modeo Configure the Boot Configuration Data (BCD) store



When would you need to use the System Image Recovery tool? In which situations would the System Configuration utility (bcd) be

useful? What actions can you take to boot your system if it is not running and will

not boot normally? When should you access the Repair Your Computer option? When should you boot your computer into safe mode? In which situations will the Last Known Good Configuration option be

useful? Why would it be useful to enable the Disable automatic restart on

system failure option?

Video/Demo Time3.4.1 BCD Store Overview 1:273.4.2 Configuring the BCD Store 7:55

Total 9:22




Section 4.1: DHCP Overview SummaryThis section provides an overview of DHCP. Concepts covered include:

Methods that clients use to obtain an address from a DHCP server:o DHCP Discover (D)o DHCP Offer (O)o DHCP Request (R)o DHCP ACK (A)

DHCP Authorization requirements DHCP Server authorization verification Considerations when installing and configuring a DHCP Server DHCP console context-sensitive icons:

o Check mark in a green circleo Red down arrowo Horizontal white line inside a red circleo Exclamation sign inside a yellow triangleo Exclamation sign inside a blue circle


Install a DHCP server. Authorize a DHCP server.


401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution.

o Implement DHCPv6


What are the steps a DHCP client uses to obtain an IP address from a DHCP server?

What permissions do you need to authorize a DHCP server? When is authorization not required for a DHCP server? What happens when a DHCP server's IP address is not found in Active

Directory? How would you set up a DHCP Administrator so that the administrator has

rights on all DHCP servers in the domain? In the DHCP console, you notice that the DHCP server icon has a red

down arrow beside it. What is the status of the DHCP server?


Video/Demo Time4.1.1 DHCP Overview 1:424.1.2 Installing and Authorizing DHCP Server 1:49

Total 3:31




Section 4.2: DHCP Scopes SummaryThis section provides details of using DHCP scopes. Concepts covered include:

Working with DHCP scopes DHCP options:

o Server optionso Scope optionso Class optionso Client options

Common options include:o 003 Routero 006 DNS Serverso 015 DNS Domain Name

Considerations when working with DHCP options Key components of DHCP policies:

o Conditionso Settings

The role of a superscope Options for a DHCP server to service a subnet separated with a router:

o 1542 compliant routero DHCP relay agent


Create and activate DHCP scopes. Create a multicast scope. Create and configure a superscope.



o Create and configure superscopes and multicast scopeso Configure DNS registration



What are the four levels of DHCP IP configuration options and what is the purpose of each?

In what order are DHCP options applied? Which option values take precedence: those delivered through DHCP or

those configured manually on the client? How can you change the subnet mask in an existing scope? When should you use reservations for a DHCP client? When would you use a DHCP policy? When might you use a superscope?

Video/Demo Time4.2.1 DHCP Scopes 7:334.2.2 Creating IPv4 Scopes 14:22

Total 21:55

Lab/Activity

Create a Superscope




Section 4.3: DHCP and IPv6SummaryThis section provides the basic information about the structure of IPv6 and using DHCP in an IPv6 environment.

Components of a IPv6 address:o Formato Leading zeroso Prefix and interface ID

Considerations when using Ipv6 Comparison of IPv4 address types with IPv4 address types The process to configure the IPv6 Address assignment Address types of an autoconfigured IPv6 address:

o Tentativeo Valid:

Preferred Deprecated

o Invalid The role of DHCP in an IPv6 environment DHCPv6 broadcasts:

o Solicit Packet (S)o Advertise Packet (A)o Request Packet (R)o Reply Packet (R)

Configuring a DHCP server for IPv6


Create an IPv6 scope. Configure DHCPv6 scope options.


4.0 Advanced DHCP and DNS Configuration. o Configure DHCP to support IPv6




o Implement DHCPv6


How does IPv6 differ from IPv4? What is the purpose of a neighbor solicitation? If the M and O flags in the router advertisement (RA) message are set to

1, what type of configuration method should you use? What options do you have for dealing with zeros (0s) in an IPv6 address? How is autoconfiguration in IPv6 improved over autoconfiguration in IPv4? What does a multicast address indicate?

Video/Demo Time4.3.1 IPv6 Overview 3:594.3.2 Implementing IPv6 1:39

Total 5:38

Lab/Activity

Configure an IPv6 Scope




Section 4.4: DHCP High AvailabilitySummaryThis section discusses the following DHCP high availability features available on Windows Server 2012.

Split scopes Failover Name Protection


Create and configure a split scope Configure a DHCP failover


4.0 Advanced DHCP and DNS Configuration. o Configure split DHCP scopes o Configure DHCP failover



o Configure high availability for DHCP including DHCP failover and split scopes

o Configure DHCP Name Protection


What is a split scope? How do you create a split scope? When configuring a split scope, how can you help to ensure that the

preferred server is accepted by the client computer? How does DHCP implement name protection? In which two ways can you implement DHCP failover?


Video/Demo Time 4.4.1 DHCP High Availability 4:594.4.2 DHCP Split Scopes 4:114.4.4 DHCP Failover 6:184.4.7 DHCP Name Protection 1:35

Total 17:03

Lab/Activity

Configure a Split ScopeConfigure DHCP Failover 1Configure DHCP Failover 2




Section 4.5: IPAM Overview SummaryThis section provides an overview of IP Address Management (IPAM). Details include:

The role of IPAM Key IPAM specifications Phases for the process of installing IPAM:

o Install the IPAM roleo Connect to the IPAM servero Provision the IPAM servero Configure server discoveryo Discover serverso Define managed serverso Gather data from managed servers

Features that Windows Server 2012 R2 supports


Manually configure IPAM. Configure IPAM using the IPAM Provisioning Wizard, a Group Policy

based provisioning method. Configure server discovery to discover domain controllers, DHCP servers,

DNS servers, and NPS servers, and automatically add them to the IPAM console.


403 Deploy and manage IPAM.o Configure IPAM manually or by using Group Policyo Configure server discoveryo Migrate to IPAMo Configure IPAM database storage



What functions does the IP Address Management (IPAM) server perform? What is the IPAM server scope discovery range in Active Directory? Why should you not install IPAM on a DHCP server? What is IPAM provisioning? What are the steps for provisioning an IPAM server? What tasks must be performed before the Server Discovery task can work

properly? How do you configure discovered servers as managed servers?

Video/Demo Time4.5.1 IPAM Basics 4:384.5.2 Configuring IPAM Manually or Using GPO 9:564.5.3 IPAM on Server 2012 R2 11:01

Total 25:35




Section 4.6: IPAM Configuration SummaryIn this section students will learn about configuring IPAM. Concepts covered in this section include:

IP Address information managed by IPAM is organized into the following hierarchy:

o IP address spaceo IP address blockso IP address rangeso IP address inventory

IPAM console provide the following options:o DNS and DHCP serverso DHCP scopeso DNS zoneso Server groups


Manage IP block and ranges from the IPAM console. Use the IPAM console to manage DHCP and DNS servers.


403 Deploy and manage IPAM.o Create and manage IP blocks and rangeso Monitor utilization of IP address spaceo Manage IPAM collections


What is the hierarchical organization of IP address information managed by IPAM?

How does the IP address inventory organize IP addresses? What information about DNS and DHCP servers does IPAM store? How do you view IP address ranges using the IPAM console? What DNS zone information can you view in IPAM?


Video/Demo Time 4.6.1 IPAM Configuration 3:594.6.2 Managing IP Blocks and Ranges 15:01

Total 19:00




Section 4.7: IPAM Management SummaryThis section discusses the following key tasks of managing an IPAM server.

Assign the appropriate right to the user. Allow the user to access the server remotely. Add the remote IPAM server to the server pool in Server Manager.


Assign a user the rights to remotely act as an IPAM administrator.


403 Deploy and manage IPAM. o Delegate IPAM administration


Which local group on the IPAM server should you assign a user to so that they will have the appropriate rights to manage an IPAM server?

Which tasks must be completed to delegate to a user the ability to manage an IPAM server?

If Group Policy provisioning was used to set up the IPAM server, what domain administrator privileges should a user have in order to indicate that servers in inventory are managed or not managed?

Which group must a user be a member of in order to access the IPM server from a remote IPAM client?

How can you allow a user to manage an IPAM server from a remote location?

Video/Demo Time4.7.1 IPAM Management 0:504.7.2 Delegating IPAM Administration 2:41

Total 3:31




Section 5.1: DNS Security SummaryThis section discusses strategies for DNS security. The following details are covered:

Goals for designing security for a DNS solution Strategies to improve DNS security:

o Provide redundancy and automatic backup of DNS datao Prevent zone transfer except to specific serverso Prevent unauthorized modification of zone data on secondary

serverso Prevent zone transfers except to domain controllerso Secure zone transfer data while in transito Prevent unauthorized modification of dynamic DNS recordso Secure DNS data on the serverso Cryptographically sign DNS zone recordso Lock records in the DNS cacheo Randomize the port used for DNS querieso Audit DNS activity

Security considerations for DNS servers available to Internet users


Configure DNSSEC on a zone to secure data by signing DNS zones and records.

Configure DNS socket pooling and cache locking to increase security for the DNS cache.


4.0 Advanced DHCP and DNS Configuration.o Protect zone data with DNSSEC


402 Implement an advanced DNS solution.o Configure security for DNS including DNSSEC, DNS Socket Pool,

and cache lockingo Isolate DNSSEC key management and storage



What security goals should you set for your DNS solution? How can you limit zone transfer to specific servers? How can you limit zone transfer to specific domain controllers? What security issue is addressed by converting all zones to Active

Directory-integrated and allowing only secure dynamic update? How does DNSSec make DNS zone records more secure? How do you randomize the port used for DNS queries?

Video/Demo Time5.1.1 DNS Security 12:505.1.2 Configuring DNSSEC 10:215.1.3 Configuring DNS Socket Pooling 2:205.1.4 Configuring Cache Locking 1:19

Total 26:50




Section 5.2: Advanced DNS Settings SummaryThis section discusses using the DNS Manager to configure advanced DNS settings.

DNS Manager tabs to configure DNS server properties:o Interfaceso Forwarderso Root Hintso Debug Loggingo Event Loggingo Monitoringo Securityo Advanced

Windows Server 2012 R2 enhanced zone level statistics:o All Statisticso Query Statisticso Transfer statisticso Update statistics


Configure a server with DNS advanced settings.


4.0 Advanced DHCP and DNS Configuration.o Configure advanced DNS server settings


402. Implement an advanced DNS solution.o Configure DNS loggingo Configure delegated administrationo Configure recursiono Configure netmask orderingo Analyze zone level statistics



What information do you enter on the Forwarders tab of DNS Manager? When are root name servers used to resolve DNS queries? Which DNS Manager feature would you use to gather data about the type

of traffic being sent to your system? What advanced DNS Manager feature prevents corrupted zone data from

being loaded into DNS? How does the Secure cache against pollution feature keep the DNS

cache accurate and streamlined?

Video/Demo Time5.2.1 Configuring Advanced DNS Settings 4:335.2.2 Using DNS Zone Statistics 2:46

Total 7:19

Lab/Activity

Configure DNS Advanced Settings




Section 5.3: GlobalNames Zones SummaryThis section covers using GlobalNames zone on the DNS server that is used for single-label name resolution.

The role of GlobalNames zone Considerations for managing the GlobalNames zone


Create a GlobalNames zone.


4.0 Advanced DHCP and DNS Configuration. o Configure a GlobalNames zone


402. Implement an advanced DNS solution. o Configure a GlobalNames zone


In addition to supporting single-label name resolution, what are other features of a GlobalNames zone?

What are the steps for configuring a GlobalNames zone? How can you extend the GlobalNames zone to multiple forests? What is the server operating system requirement for authoritative DNS

servers when you implement the GlobalName zone? What changes are required for client machines when you implement the

GlobalNames zone?


Video/Demo Time5.3.1 GlobalNames Zones 2:035.3.2 Creating a GlobalNames Zones 2:38

Total 4:41

Lab/Activity

Configure a GlobalNames Zone




Section 6.1: Virtual Machine Management SummaryThis section examines managing virtual machines. Concepts covered include:

Methods to move an entire virtual machine along with the virtual hard disks:

o Export/Importo Manual

Cloning an existing virtual domain controller System prerequisites before cloning a virtual domain controller:

o Supported Hypervisorso Supported Guest Operating Systemso PDC Emulator

The process for cloning a virtual domain controller


Export and import virtual machines. Clone domain controllers to quickly provide new domain controllers.


104 Manage Virtual Machine (VM) movement.o Import, export, and copy VMso Migrate from other platforms (P2V and V2V)

303 Configure site-level fault tolerance.o Configure Hyper-V Replica including Hyper-V Replica Broker and

VMs


What options do you have for moving an entire virtual machine, including virtual disks?

How can an exported snapshot of a virtual machine be used? Why is it useful to use the Copy on Import feature of Hyper-V? What are the steps for manually moving a virtual machine? How are domain controllers cloned? What system prerequisites must be met before cloning a virtual domain

controller? What should you do if the New-ADDCCLoneConfigFile cmdlet found

incompatible applications on the source domain controller?


Video/Demo Time6.1.1 Migrate Virtual Machines from Other Platforms 1:156.1.2 Virtual Machine Management 2:306.1.3 Managing Virtual Machines 7:10

Total 10:55




Section 6.2: Hyper-V High AvailabilitySummaryThis section examines Hyper-V high availability. Concepts covered include:

The role of Hyper-V Replication Initial replication Replication frequency Planned failover Reverse replication Unplanned failover Prerequisites for deploying Hyper-V Replica:

o Physical locationo Networko Storage hardwareo Servero Domain membershipo Encryption

Tasks to implement Hyper-V Replica:o Configure the replica server to accept replicationo Enable virtual machine replicationo Monitor replication

Failover options available once a virtual machine has been protected with Hyper-V Replica:

o Test failovero Planned failovero Unplanned failover


Configure Hyper-V replicas for failover.


5.0 High Availability Implementation. o Enable virtual machine replication


303 Configure site-level fault tolerance.o Configure Hyper-V Replica including Hyper-V Replica Broker and

VMs



What prerequisites must be met before deploying a Hyper-V Replica? In which two ways can you complete the initial replication process? What steps do you take to perform a planned failover? When you perform a planned failover, how can you make sure that

changes made to the replica virtual machine are copied back to the primary virtual machine when it is brought back online?

How can you monitor replication? What steps do you take to perform an unplanned failover?

Video/Demo Time6.2.1 Hyper-V Replicas 1:386.2.2 Configuring Hyper-V Replicas and VMs 12:30

Total 14:08

Lab/Activity

Configure Hyper-V Replicas




Section 7.1: Network Load Balancing SummaryThis section discusses using Network Load Balancing to achieve optimal resource utilization. Concepts covered include:

The role of Load Balancing How servers operate using NLB Cluster operating modes:

o Unicasto Multicast

Prerequisites prior to installing and configuring Network Load Balancing (NLB):

o Install serviceso Configure networking

Tasks to create an NLB cluster:o Configure cluster DNS recordso Install the NLB featureo Synchronize contento Configure cluster members

NLB configuration facts


Prepare a system for Network Load Balancing. Install Network Load Balancing nodes.


5.0 High Availability Implementation. o Implement network load balancing


101 Configure Network Load Balancing (NLB).o Install NLB nodeso Configure NLB prerequisiteso Configure cluster operation mode



What are the characteristics of NLB cluster members? What mechanism do cluster members use to communicate consistent

information about cluster membership? In unicast mode, how are MAC addresses used by cluster members? How does communication between cluster members take place when

multicast mode is implemented? What are the prerequisites for installing and configuring a Network Load

Balancing cluster? What are the steps for creating an NLB cluster? If you add a new host to a cluster, when does the new host to come

online?

Video/Demo Time7.1.1 Network Load Balancing Overview 3:537.1.2 Configuring NLB Prerequisites and Installing NLB Nodes 7:30

Total 11:23




Section 7.2: Network Load Balancing Management SummaryThis section discusses management of Network Load Balancing. Details covered include:

Port rules Considerations when configuring port rules Cluster status options for the Network Load Balancing Manger console or

Nlb.exe to manage the status of the NLB cluster:o Suspendo Resumeo Starto Stopo Drainstop


Create and configure an Network Load Balancing cluster. Define the port rules and cluster parameters for a NLB cluster.


101 Configure Network Load Balancing (NLB).o Configure affinityo Configure port ruleso Upgrade an NLB cluster


How do port rules control how an NLB cluster functions? What is the client affinity setting? How can you ensure that requests from clients on a specific subnet

always connect to a specific cluster host? What happens when you add a host to a cluster that has different port

rules? What tasks do you perform to implement a load balancing cluster? What happens to traffic processing after you use the drainstop option?


Video/Demo Time7.2.1 Network Load Balancing Management 5:197.2.2 Managing Network Load Balancing 4:45

Total 10:04

Lab/Activity

Configure an NLB Cluster 1Configure an NLB Cluster 2




Section 7.3: Failover Clustering SummaryThis section examines using Failover Clustering to increase the availability and fault tolerance of network servers. Details covered include:

The role of Failover Clustering Quorum modes:

o Node Majorityo Node and Disk Majorityo Node and File Share Majorityo No Majority: Disk Only

Dynamic quorum management Cluster Shared Volumes New key Failover Clustering features in Windows Server 2012:

o Cluster managemento Scale-out file server supporto Cluster-aware updateso Virtual machine monitoring and management

New Failover Clustering features in Windows Server 2012 R2:o CSV enhancementso Guest clusteringo Active Directory-detached cluster support

Prerequisites before implementing Failover Clustering:o Hardwareo Software

Tasks to configure Failover Clustering:o Configure shared storageo Add the Failover Clustering feature to the cluster memberso Validate the cluster configurationo Create the failover clustero Configure the quorumo Configure cluster storage

Implementing a guest cluster


Install the Failover Cluster role on specified servers and create a failover cluster.

Configure cluster storage. Validate the cluster storage using the Validate Cluster Wizard. Configure a cluster quorum. Configure a file share witness.


Add cluster storage to a cluster and make the storage available to two servers.


5.0 High Availability Implementation. o Create a failover cluster


102 Configure failover clustering. o Configure Quorumo Configure cluster networkingo Configure cluster storageo Configure and optimize clustered shared volumeso Configure clusters without network names

103 Manage failover clustering roleso Configure role-specific settings including continuously available

shareso Configure guest clustering

104. Manage virtual machine (VM) movement.o Configure virtual machine network health protectiono Configure drain on shutdown

303. Configure site-level fault tolerance.o Configure Hyper-V Replica extended replicationo Configure Global Update Manager


How does Failover Clustering differ from Network Load Balancing? How does a single-instance application differ from a multiple-instance

application? What are the four quorum modes and what method does each mode use

to reach a consensus? Which quorum mode should be used if you have an even number of

cluster hosts and why? Which quorum mode allows the cluster to continue operating even if only

one cluster host is still available? How does dynamic quorum management for clusters in Windows Server

2012 differ from previous versions of Windows Server? What considerations must you keep in mind when deploying serial

attached SCSI clustered storage configured with Storage Spaces? Why is it important to run the validation wizard before creating a failover

cluster?


Video/Demo Time7.3.1 Failover Clustering Overview 10:517.3.2 Creating a Failover Cluster 4:447.3.3 Configuring Cluster Storage 2:257.3.4 Failover Clusters on Server 2012 R2 19:597.3.5 Configuring Failover Clusters on Server 2012 R2 4:307.3.6 Configuring Guest Clusters 17:027.3.7 Deploying a No Name Cluster 5:47

Total 65:18

Lab/Activity

Create a Failover ClusterConfigure Cluster Quorum SettingsAdd Storage to a Cluster




Section 7.4: Failover Cluster Management SummaryThis section discusses management of Failover Cluster. Details covered include:

Types of networks a cluster can use:o Cluster storageo Cluster node communicationo Client connections

How to simulate a failure and test failover procedures Considerations when implementing a multi-site cluster Cluster-Aware Updating (CAU) CAU terminology:

o Updating runo Update coordinatoro Updating run profiles

Tasks to implement CAU:o Install CAUo Verify CAU requirementso (Optional) Configure hosts for remote updatingo Disable other automatic update mechanismso Launch the CAU consoleo Run the CAU Best Practices Analyzer

Using the CAU console


Manage failover clusters. Manage a multi-site failover cluster. Implement cluster-aware updating. Rebuild a failed cluster.


102 Configure failover clustering.o Restore single node or cluster configurationo Implement Cluster Aware Updatingo Upgrade a cluster

303 Configure site-level fault tolerance.o Configure multi-site clustering including network settings, Quorum,

and failover settings.o Recover a multi-site failover cluster

402. Implement an advanced DNS solution.


o Isolate DNSSEC key management and storage


What are some ways you can simulate a failure in order to test failover procedures?

What are the three types of networking available with clusters? What is the advantage of locating the file share witness at a different

location than a cluster node? In what two ways can you configure multi-site clustering? Which

configuration would be more likely to experience failover latency? What are the steps to restore a failed cluster database from backup? How can you tune the heartbeat settings to optimize a multi-site cluster? Why can't you use DFS to replicate data in a multi-site cluster? What is Cluster-Aware Updating?

Video/Demo Time7.4.1 Failover Cluster Configuration 9:007.4.2 Implementing Cluster-Aware Updating 2:527.4.3 Restoring Single-node or Cluster Configuration 1:19

Total 13:11




Section 7.5: Failover Clustered Role Management SummaryThis section discusses management of the Failover Clustered role. Details covered include:

Task to install and configure cluster roles:o Select clustered applicationso Install clustered roleso Configure clustered roles


Manage failover cluster roles. Configure preferred owners to identify the preferred host. Configure policies to define what to do if a failure occurs.


5.0 High Availability Implementation. o Configure clustered roles


103 Manage failover clustering roles.o Configure role-specific settings including continuously available

shares.o Configure failover and preference settings.


What is a potential problem when running non-cluster-aware applications on a cluster?

How do stateful applications differ from stateless applications? What is a scale-out file server? What type of storage does a scale-out file

server require? What is the purpose of the preferred owners setting? What is failback? What types of failback are available for a clustered role?


Video/Demo Time7.5.1 Configuring Failover and Preference Settings 6:10

Lab/Activity

Add a Failover Cluster RoleConfigure Failover and Preference Settings




Section 7.6: Failover Cluster with Hyper-V SummaryThis section discusses using Failover Clustering to increase the availability of Hyper-V virtual machines. Details include:

Tasks to implement a virtual machine within a cluster:o Install the clustero Implement CSVo Create the virtual machine and install the guest operating system

Windows Server 2012 features to manage the availability of clustered Hyper-V virtual machines:

o Replicationo Storage migrationo Quick migrationo Live migrationo Virtual machine monitoring


Migrate a virtual machine and all of its storage to a Hyper-V host server.


2.0 Advanced Storage Management. o Migrate virtual machine storage.


103. Manage failover clustering roles.o Configure VM monitoring

104 Manage Virtual Machine (VM) movement. o Perform live migration o Perform quick migration o Perform storage migration



How does Storage Migration differ from Quick Migration? What condition could cause an unplanned Live Migration to occur? What is the main difference between a Quick Migration and a Live

Migration?

Video/Demo Time7.6.1 Virtual Machine Monitoring and Migrations 4:377.6.2 Configuring Virtual Machine Monitoring 3:067.6.3 Migrating Virtual Machines 11:35

Total 19:18

Lab/Activity

Migrate Virtual Machine StorageMigrate a Virtual Machine




Section 8.1: Active Directory Certificate Services Overview SummaryThis section provides an overview of Active Directory Certificate Services. Details covered include:

Terms with encryption and certificates:o Cipher or algorithmo Keyo Certificate

Encryption methods:o Symmetric encryptiono Asymmetric Encryption (PKI)

Certification Authorities (CA) Certification hierarchy Role services to choose from when installing Active Directory Certificate

Services (AD CS):o Certification Authorityo Certification Authority Web Enrollmento Online Respondero Network Device Enrollment Service (NDES)o Certificate Enrollment Web Serviceo Certificate Enrollment Policy Web Service

Features available through Active Directory Certificate Services:o Certificate templateso Autoenrollmento Web enrollmento Credential roamingo Certificate enrollment across forests (cross-certification)o High-volume CA support

Facts about CA installation


Install an Enterprise Certificate Authority (CA).



6.0 File Certificate Management. o Configure a private certification authority


602 Install and configure Active Directory Certificate Services (AD CS). o Install an Enterprise Certificate Authority (CA)


What is the difference between symmetric and asymmetric encryption? How do certificates prove identity? What kinds of information do certificates hold? What is the relationship of a CA to a PKI? How can you ensure that users outside your organization trust your

certificate? What are the advantages of using an enterprise CA over a standalone

CA? How does an enterprise root differ from an enterprise subordinate? Which server role should you add to make a server a CA that can issue

certificates to other CAs, users, and computers? What features does the Online Responder service provide? What is credential roaming?

Video/Demo Time8.1.1 Overview of Certificates 11:218.1.2 Overview of Certificate Services 9:178.1.3 Installing an Enterprise AD CS 5:42

Total 26:20




Section 8.2: Certificate Management SummaryThis section discusses the following concepts of management of certificates:

Using certutil command options:o -Verifyo -VerifyStoreo -VerifyKeyso -RecoverKeyo -oid

Methods for requesting a certificate:o Web Enrollment Pageso Certificate Request Wizard through the Certificates snap-ino Autoenrollmento Command line

Facts about certificate requests


Manage certificates such as requesting a user certificate and approving pending certificates.

Revoke a certificate.


6.0 File Certificate Management.o Issue certificates


603 Install and configure Active Directory Certificate Services (AD CS).o Manage certificate renewalo Implement and manage certificate deployment, validation, and

revocationo Manage certificate enrollment and renewal to computers and users

using Group Policies



Which certutil command option would you use to verify a key set? What functions does the Certification Authority Web Enrollment role

service provide? How does an Enterprise CA process a certificate request differently from a

stand-alone CA? What command would you enter at the command line to accept and install

a certificate? What is the process for requesting a certificate from an offline CA?

Video/Demo Time8.2.1 Managing Certificates 3:22

Lab/Activity

Manage Certificates




Section 8.3: Certificate Revocation SummaryThis section discusses certificate revocation. Details covered include:

Situations in which a digital certificate would be revoked Facts about certificate revocation:

o The process used by a client to retrieve the certificate status information

o The process to configure the online responder: Install the Online Responder role service Configure the OCSP Response Signing certificate Configure each CA to issue the OCSP Response Signing

template Configure each CA to include the online responder Configure revocation configurations on the online responder

o Considerations when configuring the online responder Additional features that can be configured for the Revocation

Configuration on an online responder:o Nonce/no-nonce request supporto Advanced cryptographyo Kerberos protocol integration

Considerations when configuring a single CA with multiple online responders


Configure a CRL Distribution Point. Configure an Online Responder. Manage certificate revocation.


6.0 File Certificate Management. o Revoke certificates


602 Install and configure Active Directory Certificate Services (AD CS). o Configure CRL distribution pointso Install and configure Online Responder

603 Manage certificates.


o Implement and manage certificate deployment, validation, and revocation


In what situations would a certificate be revoked? If a revoked certificate might be reinstated, what reason for revocation

should you use? How do you specify CRL Distribution Points? When would you publish a delta CRL? What are the advantages to using an Online Responder to verify

certificate status? What two options do you have for obtaining the OCSP Response Signing

Certificate? Why is it necessary to configure CRLs and CDPs when you use an Online

Responder?

Video/Demo Time8.3.1 Certificate Revocation 5:078.3.2 Configuring a CRL Distribution Point 2:298.3.3 Configuring an Online Responder 3:36

Total 11:12

Lab/Activity

Manage Certificate Revocation




Section 8.4: Certificate Templates SummaryThis section discusses using certificate templates. Details include:

The role of certificate templates Considerations when managing certificate templates Certificate template permissions:

o Full Controlo Reado Writeo Enrollo Autoenroll

Considerations when managing certificate template permissions Schema version 1, 2, and 3 templates Settings that can be modified for schema version 2 and 3 templates:

o Validity Periodo Publish in Active Directoryo Key Purposeo Cryptographic Service Provider (CSP)o Subject Nameo Issuance Requiremento Extensions


Manage and modify certificate templates. Create and issue a certificate template.


6.0 File Certificate Management.o Manage certificate templates


603 Install and configure Active Directory Certificate Services (AD CS).o Manage certificate templateso Implement and manage certificate deployment, validation, and

revocation



What are the purpose and the benefits of a certificate template? What is best practice for maintaining the integrity of default templates? How do you control which templates a CA can issue? How are certificate templates replicated? Which permissions does an administrator need to set and modify

certificate template contents and permissions?

Video/Demo Time8.4.1 Certificate Templates 4:248.4.2 Using Certificate Templates 9:40

Total 14:04

Lab/Activity

Modify Certificate Templates 1Modify Certificate Templates 2




Section 8.5: Certificate Autoenrollment SummaryIn this section students will learn about certificate autoenrollment. Details include:

The role of autoenrollment Steps to configure autoenrollment


Configure the templates for autoenrollment. Enable certificate autoenrollment for users and computers. Create certificates for smart cards and require smart cards for logon.


6.0 File Certificate Management.o Enable autoenrollment


603 Manage certificates. o Manage certificate renewalo Manage certificate enrollment and renewal to computers and users

using Group Policies


Which three autoenroll settings require user intervention when selected? In addition to allowing certificates to be requested, issued, or renewed,

which other management tasks does autoenrollment perform? Which template version(s) is required for autoenrollment? When automatic renewal is enabled, how can you force users to re-enroll

for a certificate template? When configuring autoenrollment, which permissions should you grant to

users or computers to allow autoenrollment?


Video/Demo Time8.5.1 Certificate Autoenrollment 0:498.5.2 Configuring Certificate Autoenrollment 2:49

Total 3:38

Lab/Activity

Configure Templates for AutoenrollmentEnable Autoenrollment for the DomainCreate Certificates for Smart CardsRequire Smart Cards for Logon




Section 8.6: Key Archival and Recovery SummaryThis section examines key archival and recovery. Details in this section include:

Methods to back up private keys Key archival Steps to configure key archival Recovering a lost key


Create and publish the key recovery agent to the CA. Configure a CA for key archival. Recover a key.


6.0 File Certificate Management. o Issue certificates


603 Manage certificates. o Configure and manage key archival and recovery


In order for a user's private key to be backed up, what action must the user take? Which permission does this action require?

What is key archival? What steps are involved in key archival? What function does a Key Recovery Agent perform? What are the template requirements for key archival? What are the steps for recovering a lost key?


Video/Demo Time8.6.1 Key Archival and Recovery 3:038.6.2 Creating and Managing Key Recovery Agents 3:498.6.3 Configuring a CA for Key Archival 4:478.6.4 Recovering a Key 3:49

Total 15:28




Section 8.7: Certificate Authority (CA) Management SummaryThis section examines the following about managing the Certificate Authority:

Permissions that control the ability to manage the CA:o Reado Issue and Manage Certificateso Manage CAo Request Certificates

Enabling administrative role separation Tasks that can be performed through Certification Authority snap-in or the

certutil.exe command line utility:o Certificate Management Delegationo Enrollment Agent Delegationo Key Archivalo Certificate Request Handlingo Auditing


Configure security roles on the CA; the enrollment agent, certificate manager, and the CA manager.

Restrict the security role of an enrollment agent or a certificate manager to a particular template.

Configure administrative role separation to not allow a user to have multiple roles assigned.


602 Manage certificates. o Implement administrative role separation


Which permission(s) do you need to access and modify CA properties? What is administrative role separation? What implication does it have for

assigning permissions for certificate management? How do you control the certificates that a manager can manage? How can you monitor changes to the CA configuration? Which Group

Policy setting must you enable to do this? What are the steps in key archival?


Video/Demo Time8.7.1 Managing the CA 3:508.7.2 Configuring Security Roles on the CA 2:028.7.3 Limiting Security Roles on the CA 3:288.7.2 Configuring Administrative Role Separation 1:36Total 10:56




Section 8.8: CA Backup and Recovery SummaryThis section covers methods to back up and restore a CA. Details include:

System State Backup Certification Authority Console backup Backup and restore using certutil.exe Steps to move a CA from one server to another


Use the certutil command to backup and recover CA files.


602 Install and configure Active Directory Certificate Services (AD CS). o Configure CA backup and recovery


Which components of a CA does a system state backup back up? How does a Certification Authority Console backup differ from a system

state backup? When you move a CA from one server to another, which items might need

to be reconfigured? Which options would you use with the certutil command to back up only

the CA database and the keys and certificates?

Video/Demo Time8.8.1 CA Backup and Recovery 0:518.8.2 CA Backup and Recovery 2:26

Total 3:17




Section 9.1: AD RMS Overview SummaryThis section provides an overview of AD RMS. Concepts covered include:

Usage policies Templates Licenses:

o Client licenseo Publishing licenseo Use license

Components of an AD RMS system:o AD RMS servero Database servero AD DSo AD RMS-enabled applicationo AD RMS cliento AD RMS Add-on for IE

Active Directory Federation Services (AD FS) AD RMS trust policies AD RMS supports the following trust hierarchies:

o ISV hierarchyo Production hierarchy

Add AD RMS domains to a list of trusted user domains in an AD RMS cluster

AD RMS consists of the following services:o Logging serviceso Web services


7.0 Digital Rights Management.o Configure AD RMS policieso Configure trusted user domains


604 Install and configure Active Directory Rights Management Services (AD RMS).

o Manage trusted user domains



How do usage policies help safeguard digital information from intentional or unintentional misuse?

How are usage policy templates used by administrators in implementing AD RMS?

How does a client license differ from a use license? How are protected documents created? What RMS related functions do RMS-enabled applications perform?

Video/Demo Time9.1.1 AD RMS Overview 5:49




Section 9.2: AD RMS Installation SummaryThis section discusses installing and configuring AD RMS. Concepts covered include:

AD RMS hardware and software requirements Configuration choices to make during AD RMS installation:

o Clustero Database locationo Service accounto Cluster keyo Cluster addresso Service connection point (SCP)

Considerations about AD RMS installation Windows PowerShell cmdlets modules for:

o AD RMS deploymento AD RMS administration

Key tasks for AD RMS backup and recovery:o Secure the cluster key passwordo Export the trusted publishing domaino Back up the AD RMS databaseo Restore the AD RMS database


Install and configure AD RMS. Configure the AD RMS Service Connection Point (SCP).


7.0 Digital Rights Management.o Configure trusted publishing domains



o Install a licensing or certificate AD RMS servero Manage AD RMS Service Connection Point (SCP)o Backup and restore AD RMS



In addition to the AD RMS role, which Web services are required to install AD RMS?

How does a root cluster differ from a licensing-only cluster? What advantages does a licensing-only cluster have in implementing AD

RMS? What are the requirements for setting up the service account for AD RMS? Which tasks use the AD RMS administrator password? What should you consider when defining a cluster address?

Video/Demo Time 9.2.1 AD RMS Installation 4:069.2.2 Installing AD RMS 10:599.2.3 Configuring AD RMS Backup and Recovery 6:409.2.4 Configuring the AD RMS Service Connection Point (SCP) 2:27

Total 24:12




Section 9.3: AD RMS Client Deployments SummaryThis section discusses considerations when working with AD RMS client deployments.


Configure the client workstation to manage AD RMS client deployments.


604 Install and configure Active Directory Rights Management Services.o Manage AD RMS client deployment


Why it is necessary to add the URL of the AD RMS server to the Local Intranet zone of each AD RMS client workstation?

In addition to Read and Change permissions, what options can be configured on a document or a message?

How are restrictions within a document or message assigned? What are the software requirements for opening AD RMS protected

documents? How can users determine the level of access they have to a document or

message?

Video/Demo Time 9.3.1 Managing AD RMS Client Deployments 10:02




Section 9.4: AD RMS TemplatesSummaryIn this section students will learn about using AD RMS templates. Concepts covered include:

Rights policy templates:o Distributed rights policy templateso Archived rights policy templateso Exclusion policies

Tasks to create a new distributed rights policy template:o Add template identification informationo Add user rightso Specify an expiration policyo Specify extended policy conditionso Specify a revocation policy

Best practice guidelines when deploying rights policy templates with AD RMS client

Certificates or licenses that are used by AD RMS:o Server Licensor Certificate (SLC)o Rights Account Certificate (RAC)o Client Licensor Certificate (CLC)o Machine Certificateo Publishing Licenseo Use License


Create custom templates that can be distributed to users. Configure a user exclusion policy that will restrict particular users from

obtaining licenses from a specified cluster.


7.0 Digital Rights Management.o Manage AD RMS templates


604 Install and configure Active Directory Rights Management Services.o Manage RMS templateso Configure Exclusion Policies



How can administrators deploy rights policy templates to user computers so the templates are available for offline publishing?

What is the purpose of archiving rights policy templates that are no longer being used for new documents?

What are lockbox exclusion policies? How does the AD RMS client manage rights policy templates? What conditions can be used to configure an expiration policy? What is self-enrollment? How is it used in AD RMS?

Video/Demo Time9.4.1 AD RMS Templates 1:529.4.2 Using AD RMS Templates 15:12

Total 17:04

Lab/Activity

Configure a Distributed Rights Policy TemplateConfigure a User Exclusion




Section 10.1: AD FS Overview SummaryThis section provides an overview of Active Directory Federation Services (AD FS). Concepts covered include:

The role of AD FS Organizations that AD FS is designed for AD FS terms:

o Account partnero AD FS Web agento AD FS-enabled Web servero Claimo Claims-aware applicationo Claim mappingo Federationo Federation serverso Federation trusto Organization claimo Resource partnero Security tokeno Security Token Service (STS)o Single Sign-On (SSO)o Trust policyo Windows token-based

Lecture Focus Questions: What are the benefits of Active Directory Federated Services (AD FS)? You have users in a domain who need to access a Web application in a

partner domain. Which domain is the account domain, and which is the resource domain?

What is a claim? What type of information can be included in a claim? What is the difference between a claims-aware application and a token-

based application? What is claim mapping? What is a trust policy?

Video/Demo Time 10.1.1 AD FS Overview 4:04




Section 10.2: AD FS Certificates SummaryThis section provides details of using AD FS certificates.

AD FS requires each server have a certificate that is used for SSL communications

Tasks to configure AD FS server relationships:o Issuance an SSL certificate to the root CAs in both forestso Export both root CAs’ certificateso Enroll the SSL certificates on the AD FS serverso Configure each serer to trust its own root CAo Configure each AD FS server to trust the root CAs from the other

forest


Enroll SSL certificates on AD FS servers. Configure an AD FS server to trust its own root CAs. Configure an AD FS server to trust the root CA from another forest.

70-412 Exam Objectives: 601 Implement Active Directory Federation Services 2.1 (AD FSv2.1).

o Manage AD FS certificates

Lecture Focus Questions: What trust relationships must be configured for AD FS servers? How do you configure an AD FS server to trust the root CA from another

forest? Which parameters do you configure when using the Certificate Enrollment

wizard to request an SSL certificate? When exporting root CA certificates, which parameters should you use?

Video/Demo Time10.2.1 AD FS Certificates 1:3310.2.2 Managing AD FS Certificates 11:35Total 13:08




Section 10.3: Resource PartnerSummaryThis section provides information about configuring the resource partner. Concepts covered include:

Role services that can be installed during the installation of AD FS:o Federation Serviceo Federation Service Proxyo Claims-aware Agento Windows Token-based Agent

Tasks to install AD FS:o Create SSL certificateso Create a group managed service accounto Install the AD FS role\Run the AD FS Federation Server

Configuration Wizard The role of the resource partner The role of federation servers The role of the AD FS Management snap-in Tasks to create a claims provider trust on the resource partner:

o Start the Add Claims Provider Trust Wizardo Specify the data sourceo Configure a display nameo Edit claim rules

Windows Server 2012 R2: o AD FS can use multi-factor authentication (MFA)o Default AD FS authentication primary methods to validate users’

identities: Forms Authentication Windows Authentication

o The process to configure MFAo Workplace joino Considerations when applying an authentication policy as a global

scope



Configure the AD FS server on the resource partner.


601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Install AD FSo Configure authentication policieso Configure multi-factor authenticationo Configure Workplace Join


What is the role of the resource partner in AD FS? When adding a claims provider, what are the preferred ways to obtain

data about the claims provider? What is the function of the claims-aware agent? How does the Windows token-based agent allow Windows token-based

applications to work with AD FS? What is the function of acceptance transform rules? Where are they

configured?

Video/Demo Time 10.3.1 Resource Partner 5:0810.3.2 Configuring the Resource Partner 20:3810.3.6 Configuring Multi-factor Authentication 5:4810.3.7 Configuring Workplace Join 19:15

Total 50:49




Section 10.4: Accounts PartnerSummaryThis section discusses configuring the accounts partner. Concepts covered include:

The role of account partner The role of Federation servers Using the AD FS Management snap-in Tasks to create a relying party trust on the account partner:

o Start the Add Relying Party Trust Wizardo Specify the data sourceo Configure a display nameo Configure issuance authorization ruleso Edit claim rules


Create a relying party trust on the account partner.


601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Implement claims-based authentication including Relying Party

Trusts


How do federation servers in the account partner organization enable single sign-on capabilities to users?

What are relying party trusts? In which locations are relying party trusts usually created? What functions does the account partner provide? What is the purpose of delegation authorization rules?

Video/Demo Time10.4.1 Configuring the Accounts Partner 8:21




Section 10.5: AD FS Proxies SummaryThis section discusses AD FS proxies. Details include:

The role of the AD FS Proxy Tasks to configure an AD FS Proxy server:

o Export the internal AD FS server certificateo Import AD FS server certificateo Configure an SSL certificate on the default IIS web siteo Add an entry for the AD FS server to the hosts fileo Install the AD FS Proxy role serviceo Configure the AD FS Proxyo Configure the DNS records


Install an AD FS proxy server. Configure an AD FS proxy server.


601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Configure AD FS proxy


What are the differences between the Federation Service and Federation Service Proxy?

How can an AD FS Proxy provide protection for your network? How does DNS perform resolution when an AD FS proxy resides in a

DMZ? What information does the AD FS proxy server store? For what purposes does AD FS proxy use WE-Federation Passive

Requestor Profile (WS-F PRP) protocols?


Video/Demo Time10.5.1 AD FS Proxies 1:4810.5.2 Configuring AD FS Proxies 9:00

Total 10:48




Section 10.6: AD FS and Cloud Services SummaryIn this section students will learn the following facts about integrating AD FS and cloud services.

Install prerequisite software Install Windows Azure Pack for Windows Server Configure the AD FS server Configure the Azure management portals to trust the AD FS server Configure the Azure tenant authentication site to trust the AD FS server Configure the AD FS server to trust the Azure management portals


601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Integrate with Cloud Services


What are the benefits of integrating AD FS with Cloud services? What Web Platform products must be installed before installing Windows

Azure on a Windows Server? Which management portals must the AD FS host be configured to reach? Which transformation rules must be applied to the management portal for

tenants?

Video/Demo Time 10.6.1 AD FS and Cloud Services 1:25




Section 10.7: AD FS and AD RMS SummaryIn this section students will learn about options to select if the AD RMS system need to support users located in a different forest:

Trusted user domains Trusted publishing domains AD RMS federated identity support


Configure a trusted user domain. Configure a trusted publishing domain. Enable Federated Identity Support on an AD RMS server.



o Manage Federated Identity support


What is a possible ramification of failing to configure trusted email domains?

What options do you have if the AD RMS system needs to support users located in a different forest?

Which option for AD RMS support poses the greatest security risk? What are the advantages to using AD RMS Federated Identity support?


Video/Demo Time10.7.1 AD FS and AD RMS 2:4910.7.2 Configuring Trusted User Domains 2:5110.7.4 Configuring Trusted Publishing Domains 3:1710.7.6 Managing Federated Identity Support 4:10

Total 13:07

Lab/Activity

Configure a Trusted User DomainConfigure a Trusted Publishing Domain




Server Pro: Advanced Services Practice ExamsSummary This section provides information to help prepare students to take the Server Pro: Advanced Services certification exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam.

Students will typically take about 5-10 minutes (depending upon the complexity and their level of knowledge) to complete each simulation question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains.

Objective 1: Advanced Active Directory Configuration (10 simulation questions)Objective 2: Advanced Storage Management (4 simulation question)Objective 3: Server Data Protection (4 simulation questions)Objective 4: Advanced DHCP and DNS Configuration (7 simulation questions)Objective 5: High Availability Implementation (10 simulation questions)Objective 6: Certificate Management (8 simulation questions)Objective 7: Digital Rights Management (4 simulation questions)

The Server Pro: Advanced Services Certification Practice Exam consists of 15 simulation questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented.


Microsoft 70-412 Practice ExamsSummary This section provides information to help prepare students to take the MS 70-412 exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam.

Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains.

Objective 100. Configure and Manage High Availability (62 questions)Objective 200. Configure File and Storage Solutions (37 questions)Objective 300. Implement Business Continuity and Disaster Recovery (39 questions)Objective 400. Configure Network Services (67 questions)Objective 500. Configure the Active Directory Infrastructure (60 questions)Objective 600. Configure Identity and Access Solutions (112 questions)

The Microsoft 70-412 Certification Practice Exam consists of 60 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 2 hours. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam.


Appendix A: Approximate Time for the Course

The total time for the LabSim Server Pro: Advanced Services course is approximately 40 hours and 10 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements:

Video/demo times Approximate time to read the text lesson (the length of each text lesson is

taken into consideration) Simulations (5 minutes assigned per simulation, of course many students

may take longer depending upon their knowledge level and experience) Questions (1 minute per question)

The breakdown for this course is as follows:

Module Sections Time Minute HR:MM 1.0 Active Directory Infrastructure 1.1 Multi-Domain Forests 50

1.2 Cross-Forest Trusts 50 1.3 External, Shortcut and Realm Trusts 20

1.4 Sites Overview 30 1.5 Managing Sites 40

1.6 Managing Replication 60 1.7 Read-Only Domain Controllers (RODCs) 35

1.8 RODC Management 35 320 5:20 2.0 File and Storage Solutions 2.1 Network File System (NFS) 25

2.2 BranchCache 25 2.3 Dynamic Access Control (DAC) 55

2.4 DAC Management 20 2.5 Advanced Storage 35

2.6 Storage Optimization 45 205 3:25 3.0 Disaster Recovery 3.1 Windows Server Backup 35

3.2 Restore from Backup 15 3.3 Volume Shadow Copies 35

3.4 Boot Configuration Data (BCD) Store 20 105 1:45


4.0 Advanced DHCP 4.1 DHCP Overview 10

4.2 DHCP Scopes 45 4.3 DHCP and IPv6 25

4.4 DHCP High Availability 40 4.5 IPAM Overview 35

4.6 IPAM Configuration 30 4.7 IPAM Management 5 190 3:10

5.0 Advanced DNS 5.1 DNS Security 40

5.2 Advanced DNS Settings 20 5.3 GlobalNames Zones 15 75 1:15

6.0 Hyper-V 6.1 Virtual Machine Management 30

6.2 Hyper-V High Availability 30 60 1:00 7.0 High Availability 7.1 Network Load Balancing 20

7.2 Network Load Balancing Management 35 7.3 Failover Clustering 100

7.4 Failover Cluster Management 25 7.5 Failover Clustered Role Management 25

7.6 Failover Cluster with Hyper-V 35 240 4:00 8.0 Active Directory Certificate Services 8.1 Active Directory Certificate Services Overview 40

8.2 Certificate Management 25 8.3 Certificate Revocation 30

8.4 Certificate Templates 35 8.5 Certificate Autoenrollment 30

8.6 Key Archival and Recovery 25 8.7 Certificate Authority (CA) Management 20

8.8 CA Backup and Recovery 15 220 3:40 9.0 Active Directory Rights Management Services (AD RMS) 9.1 AD RMS Overview 10

9.2 AD RMS Installation 40 9.3 AD RMS Client Deployments 20

9.4 AD RMS Templates 25 95 1:35


10.0 Active Directory Federation Services (AD FS) 10.1 AD FS Overview 10

10.2 AD FS Certificates 15 10.3 Resource Partner 65

10.4 Accounts Partner 15 10.5 AD FS Proxies 20

10.6 AD FS and Cloud Services 10 10.7 AD FS and AD RMS 30 165 2:45

Server Pro: Advanced Services Practice Exam

Obj. 1. Advanced Active Directory Configuration (10 simulation questions) 50 Obj. 2. Advanced Storage Management (4 simulation questions) 20

Obj. 3. Server Data Protection (4 simulation questions) 20 Obj. 4. Advanced DHCP and DNS Configuration (7 simulation questions) 35

Obj. 5. High Availability Implementation (10 simulation questions) 50 Obj. 6. Certificate Management (8 simulation questions) 40

Obj. 7. Digital Rights Management (4 simulation questions) 20 Certification Practice Exam (15 questions) 75 310 5:10

Microsoft 70-412 Practice Exams

Obj. 100. Configure and Manage High Availability (59 questions) 59

Obj. 200. Configure File and Storage Solutions (35 questions) 35

Obj. 300. Implement Business Continuity and Disaster Recovery (39 questions) 39 Obj. 400. Configure Network Services (63 questions) 63

Obj. 500. Configure the Active Directory Infrastructure (60 questions) 60

Obj. 600. Configure Identity and Access Solutions (109 questions) 109

Certification Practice Exam (60 questions) 60 425 7:05

Total Time 2410 40:10


Appendix B: Exam 70-412: Configuring Advanced Windows Server 2012 Services Objectives

The Windows Exam 70-412: Configuring Advanced Windows Server 2012 Services certification exam covers the following objectives. In the spread sheet below, the column to the right lists the sections where the information is located in the course:

# Objective Module.Section

100 Configure and Manage High Availability (17 percent)

101 Configure Network Load Balancing (NLB)This objective may include but is not limited to:

Install NLB nodesConfigure NLB prerequisitesConfigure affinityConfigure port rulesConfigure cluster operation modeUpgrade an NLB cluster

7.1, 7.2

102 Configure failover clusteringThis objective may include but is not limited to:

Configure QuorumConfigure cluster networkingRestore single node or cluster configurationConfigure cluster storageImplement Cluster Aware UpdatingUpgrade a clusterConfigure and optimize clustered shared

volumesConfigure clusters without network namesConfigure storage spaces

2.6, 7.3, 7.4

103 Manage failover clustering rolesThis objective may include but is not limited to:

Configure role-specific settings, including continuously available shares

Configure virtual machine (VM) monitoringConfigure failover and preference settings

7.3, 7.5, 7.6


Configure guest clustering

104 Manage Virtual Machine (VM) movementThis objective may include but is not limited to:

Perform live migrationPerform quick migrationPerform storage migrationImport, export, and copy VMsMigrate from other platforms (P2v and V2V)Configure VM network health protectionConfigure drain on shutdown

6.1, 7.3, 7.6

200 Configure File and Storage Solutions (16 percent)

201 Configure advanced file servicesThis objective may include but is not limited to:

Configure NFS data storeConfigure BranchCacheConfigure File Classification Infrastructure

(FCI) using File Server Resource Manager (FSRM)

Configure file access auditing

2.1, 2.2, 2.3, 2.4

202 Implement Dynamic Access Control (DAC)This objective may include but is not limited to:

Configure user and device claim typesImplement policy changes and stagingPerform access-denied remediationConfigure file classificationCreate and configure Central Access rules and

policiesCreate and configure resource properties and

lists

2.3, 2.4

203 Configure and optimize storageThis objective may include but is not limited to:

Configure iSCSI Target and InitiatorConfigure Internet Storage Name server (iSNS)Implement thin provisioning and trimManage server free space using Features on

Demand

2.5, 2.6


Configure tiered storage

300 Implement Business Continuity and Disaster Recovery (16 percent)

301 Configure and manage backupsThis objective may include but is not limited to:

Configure Windows Server backupsConfigure Windows Online backupsConfigure role-specific backupsManage VSS settings using VSSAdmin

3.1, 3.3

302 Recover serversThis objective may include but is not limited to:

Restore from backupsPerform a Bare Metal Restore (BMR)Recover servers using Windows Recovery

Environment (Win RE) and safe modeApply System Restore snapshotsConfigure the Boot Configuration Data (BCD)

store

3.2, 3.4

303 Configure site-level fault toleranceThis objective may include but is not limited to:

Configure Hyper-V Replica, including Hyper-V Replica Broker and VMs

Configure multi-site clustering, including network settings, Quorum, and failover settings

Configure Hyper-V Replica extended replication

Configure Global Update ManagerRecover a multi-site failover cluster

6.1, 6.2, 7.3, 7.4

400 Configure Network Services (17 percent)

401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solutionThis objective may include but is not limited to:

Create and configure superscopes and multicast scopes

Implement DHCPv6Configure high availability for DHCP, including

4.1, 4.2, 4.3, 4.4


DHCP failover and split scopesConfigure DHCP Name ProtectionConfigure DNS registration

402 Implement an advanced DNS solutionThis objective may include but is not limited to:

Configure security for DNS including Domain Name System Security Extensions (DNSSEC), DNS Socket Pool, and cache locking

Configure DNS loggingConfigure delegated administrationConfigure recursionConfigure netmask orderingConfigure a GlobalNames zoneAnalyze zone level statisticsIsolate DNSSEC key management and

storage.

5.1, 5.2, 5.3

403 Deploy and manage IPAMThis objective may include but is not limited to:

Provision IPAM manually or by using Group Policy

Configure server discoveryCreate and manage IP blocks and rangesMonitor utilization of IP address spaceMigrate to IPAMDelegate IPAM administrationManage IPAM collectionsConfigure IPAM database storage

4.5, 4.6, 4.7

500 Configure the Active Directory Infrastructure (18 percent)

501 Configure a forest or a domainThis objective may include but is not limited to:

Implement multi-domain and multi-forest Active Directory environments including interoperability with previous versions of Active Directory

Upgrade existing domains and forests including environment preparation and functional levels

Configure multiple user principal name (UPN)

1.1


suffixes


502 Configure trustsThis objective may include but is not limited to:

Configure external, forest, shortcut, and realm trusts

Configure trust authenticationConfigure SID filteringConfigure name suffix routing

1.2, 1.3

503 Configure sitesThis objective may include but is not limited to:

Configure sites and subnetsCreate and configure site linksManage site coverageManage registration of SRV recordsMove domain controllers between sites

1.4, 1.5

504 Manage Active Directory and SYSVOL replicationThis objective may include but is not limited to:

Configure replication to Read-Only Domain Controllers (RODCs)

Configure Password Replication Policy (PRP) for RODCs

Monitor and manage replicationUpgrade SYSVOL replication to Distributed

File System Replication (DFSR)

1.6, 1.7, 1.8

600 Configure Identity and Access Solutions (16 percent)

601 Implement Active Directory Federation Services 2.1 (AD FSv2.1)This objective may include but is not limited to:

Install AD FSImplement claims-based authentication,

including Relying Party TrustsConfigure authentication policiesConfigure Workplace JoinConfigure multi-factor authentication

10.1, 10.2, 10.3, 10.4,10.5, 10.6


602

Install and configure Active Directory Certificate Services (AD CS)This objective may include but is not limited to:

Install an Enterprise Certificate Authority (CA)Configure CRL distribution pointsInstall and configure Online ResponderImplement administrative role separationConfigure CA backup and recovery

8.1, 8.3. 8.7, 8.8

603

Manage certificatesThis objective may include but is not limited to:

Manage certificate templatesImplement and manage certificate deployment,

validation, and revocationManage certificate renewalManage certificate enrollment and renewal to

computers and users using Group PoliciesConfigure and manage key archival and recovery

8.2, 8.3, 8.4, 8.5, 8.6

604

Install and configure Active Directory Rights Management Services (AD RMS)This objective may include but is not limited to:

Install a licensing or certificate AD RMS serverManage AD RMS Service Connection Point (SCP)Manage RMS templatesConfigure Exclusion PoliciesBack up and restore AD RMS

9.1, 9.2, 9.3, 9.4,10.7


Appendix C: Server Pro: Advanced Services Objectives

The Server Pro: Advanced Services certification exam covers the following objectives. In the spread sheet below, the column to the right lists the sections where the information is located in the course:

# Objective Module.Section

1.0 Advanced Active Directory Configuration

Raise the functional level of an Active Directory forest.

Create forest root, cross-forest, external, shortcut, and realm trusts.

Manage sites, subnets, and site links.Configure site replication.Implement read-only domain controllers.

1.1, 1.2, 1.3, 1.5, 1.6, 1.7, 1.8

2.0 Advanced Storage Management

Implement NFS to support UNIX/Linux systems.

Implement Dynamic Access Control (DAC).

Implement an iSCSI SAN.Migrate virtual machine storage.

2.1, 2.3, 2.4, 2.5, 7.6

3.0 Server Data Protection

Configure server backups.Enable shadow copies.Restore server data from backup.

3.1, 3.2, 3.3


4.0 Advanced DHCP and DNS Configuration

Configure DHCP to support IPv6.Configure split DHCP scopes.Configure DHCP failover.Protect zone data with DNSSEC.Configure advanced DNS server

settings.Configure a GlobalNames zone.

4.3, 4.4, 5.1, 5.2, 5.3

5.0 High Availability Implementation

Implement network load balancing.Create a failover cluster.Configure clustered roles.Enable virtual machine replication

6.2, 7.1, 7.3, 7.5

6.0 Certificate Management

Configure a private certification authority.Manage certificate templates.Issue certificates.Revoke certificates.Enable autoenrollment.

8.1, 8.2, 8.3, 8.4, 8.5, 8.6

7.0 Digital Rights Management

Configure AD RMS policies.Manage AD RMS templates.Configure trusted user domains.Configure trusted publishing domains.

9.1, 9.2, 9.4


table of contents - testout€¦ · web viewrevised 2016/05/17. testout server pro: ... module 1...

Documents