Advanced Services Lesson Plans

advertisement
TestOut Windows Server Pro:
Advanced Services – English 3.1.x
LESSON PLAN
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Table of Contents
Course Overview .................................................................................................. 4
Course Introduction for Instructors ........................................................................ 6
Section 1.1: Multi-Domain Forests ........................................................................ 8
Section 1.2: Cross-Forest Trusts ........................................................................ 10
Section 1.3: External, Shortcut and Realm Trusts .............................................. 12
Section 1.4: Sites Overview ................................................................................ 14
Section 1.5: Managing Sites ............................................................................... 16
Section 1.6: Managing Replication...................................................................... 18
Section 1.7: Read-Only Domain Controllers (RODCs)........................................ 20
Section 1.8: RODC Management........................................................................ 22
Section 2.1: Network File System (NFS) ............................................................. 24
Section 2.2: BranchCache .................................................................................. 26
Section 2.3: Dynamic Access Control (DAC) ...................................................... 28
Section 2.4: DAC Management........................................................................... 30
Section 2.5: Advanced Storage .......................................................................... 32
Section 2.6: Storage Optimization....................................................................... 34
Section 3.1: Windows Server Backup ................................................................. 36
Section 3.2: Restore from Backup ...................................................................... 38
Section 3.3: Volume Shadow Copies .................................................................. 40
Section 3.4: Boot Configuration Data (BCD) Store ............................................. 42
Section 4.1: DHCP Overview .............................................................................. 44
Section 4.2: DHCP Scopes ................................................................................. 46
Section 4.3: DHCP and IPv6 ............................................................................... 48
Section 4.4: DHCP High Availability.................................................................... 50
Section 4.5: IPAM Overview ............................................................................... 52
Section 4.6: IPAM Configuration ......................................................................... 54
Section 4.7: IPAM Management ......................................................................... 56
Section 5.1: DNS Security .................................................................................. 57
Section 5.2: Advanced DNS Settings.................................................................. 59
Section 5.3: GlobalNames Zones ....................................................................... 61
Section 6.1: Virtual Machine Management ......................................................... 63
Section 6.2: Hyper-V High Availability................................................................. 65
Section 7.1: Network Load Balancing ................................................................. 67
Section 7.2: Network Load Balancing Management ........................................... 69
Section 7.3: Failover Clustering .......................................................................... 71
Section 7.4: Failover Cluster Management ......................................................... 74
Section 7.5: Failover Clustered Role Management ............................................. 76
Section 7.6: Failover Cluster with Hyper-V ......................................................... 78
Section 8.1: Active Directory Certificate Services Overview ............................... 80
Section 8.2: Certificate Management .................................................................. 82
Section 8.3: Certificate Revocation ..................................................................... 84
Section 8.4: Certificate Templates ...................................................................... 86
Section 8.5: Certificate Autoenrollment ............................................................... 88
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 8.6: Key Archival and Recovery ............................................................. 90
Section 8.7: Certificate Authority (CA) Management........................................... 92
Section 8.8: CA Backup and Recovery ............................................................... 94
Section 9.1: AD RMS Overview .......................................................................... 95
Section 9.2: AD RMS Installation ........................................................................ 97
Section 9.3: AD RMS Client Deployments .......................................................... 99
Section 9.4: AD RMS Templates ...................................................................... 100
Section 10.1: AD FS Overview ......................................................................... 102
Section 10.2: AD FS Certificates....................................................................... 103
Section 10.3: Resource Partner ........................................................................ 104
Section 10.4: Accounts Partner ........................................................................ 106
Section 10.5: AD FS Proxies ............................................................................ 107
Section 10.6: AD FS and Cloud Services ......................................................... 109
Section 10.7: AD FS and AD RMS.................................................................... 110
Windows Server Pro: Advanced Services Practice Exams ............................... 112
Microsoft 70-412 Practice Exams ..................................................................... 113
Appendix A: Approximate Time for the Course ................................................. 114
Appendix B: Exam 70-412: Configuring Advanced Windows Server 2012
Services Objectives .......................................................................................... 117
Appendix C: Windows Server Pro: Advanced Services Objectives................... 123
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Course Overview
This course prepares students for TestOut’s Windows Server Pro: Advanced
Services exam and Microsoft’s 70-412 certification exam.
Module 1 – Active Directory Infrastructure
This module teaches the students details about the infrastructure of Active
Directory and how to manage the elements involved.
Module 2 – File and Storage Solutions
In this module students will learn about file and storage solutions, such as file
sharing, using BranchCache, implementing and managing Dynamic Access
Control, configuring iSCSI, and storage spaces.
Module 3 – Disaster Recovery
This module teaches students about backing up and restoring data,
implementing shadow copies, and finding tools to assist in system recovery.
Module 4 – Advanced DHCP
This module examines using Dynamic Host Configuration Protocol (DHCP) and
IPAM to centralize and streamline management of IP address assignments.
Module 5 – Advanced DNS
In this module students will learn concepts about configuring DNS security:
DNSSEC, DNS Socket Pooling, Cache Locking, Advanced DNS settings, and
GlobalNames zones.
Module 6 – Hyper-V
This module discusses management of virtual machines and Hyper-V replicas.
Module 7 – High Availability
This module teaches students about the components that create high availability:
Network load balancing, Failover Clustering, Active Directory Certificate Service,
AD RMS, and AD FS.
Module 8 – Active Directory Certificate Services
This module examines encryption and certificate solutions using Active Directory
Certificate Services. This includes managing and revoking certificates, using
certificate templates, configuring Certificate Autoenrollment, archiving and
recovering keys, and managing the Certificate Authority.
Module 9 – Active Directory Rights Management Services (AD RMS)
In this module students will learn concepts about installing and deploying AD
RMS.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Module 10 – Active Directory Federation Services 2.1 (AD FS)
This module discusses using AD FS to provide access to resources that are
offered by trusted partners across the Internet.
Practice Exams
In Practice Exams students will have the opportunity to test themselves and
verify that they understand the concepts and are ready to take the certification
exam. The practice exams contain examples of the types of questions that a
student will find on the actual exam:


Windows Server Pro: Advanced Services Practice Exams
Microsoft 70-412 Practice Exams
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Course Introduction for Instructors
This course provides students with the knowledge to become industry certified as
a Windows professional. It prepares the student for the following exams:


Microsoft’s 70-412: Configuring Advanced Windows Server 2012 Services
TestOut’s Windows Server Pro: Advanced Services
Microsoft’s 70-412: Configuring Advanced Windows Server 2012 Services
certification measures the students’ ability to administer, configure, and manage
Windows Server 2012 advanced services. The following knowledge domains are
addressed:






Configure and manage high availability
Configure file and storage solutions
Implement business continuity and disaster recovery
Configure network services
Configure the Active Directory infrastructure
Configure identity and access solutions
Note: MS 70-412 objectives are listed in Appendix B: 70-412: Configuring
Advanced Windows Server 2012 Services Objectives
TestOut’s Windows Server Pro: Advanced Services certification measures the
students’ ability to perform real-world job skills using the Windows Server 2012
operating system. The following knowledge domains are addressed:







Advanced Active Directory Configuration
Advanced Storage Management
Server Data Protection
Advanced DHCP and DNS Configuration
High Availability Implementation
Certificate Management
Digital Rights Management
Note: TestOut’s Windows Server Pro: Advanced Services objectives are
listed in Appendix C: Windows Server Pro: Advanced Services
Objectives
The section introductions in LabSim and the lesson plans list the objectives that
are met for each of the exams in that section.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
The following icons are placed in front of lesson items in LabSim to help students
quickly recognize the items in each section:
= Demonstration
= Exam
= Lab/Simulation
= Text lesson or fact sheet
= Video
The video and demonstration icons are used throughout the lesson plans to help
instructors differentiate between the timing for the videos and demonstrations.
In the lesson plans the Total Time for each section is calculated by adding the
approximate time for each section which is calculated using the following
elements:




Video/demo times
Approximate time to read the text lesson (the length of each text lesson is
taken into consideration)
Simulations (5 minutes is assigned per simulation. This is the amount of
time it would take for a knowledgeable student to complete the lab activity.
Plan that the new students will take much longer than this depending upon
their knowledge level and computer experience.)
Questions (1 minute per question)
Note: Appendix A: Approximate Time for the Course contains the
approximate time for each section, which are totaled for the entire course.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 1.1: Multi-Domain Forests
Summary
This section provides the basics of managing multi-domain forests. Concepts
covered include:









Prerequisites required before adding the first domain controller running
Windows Server 2012 to an existing Active Directory environment:
o Server disk space
o Supported Windows Server 2012 editions
o Forest and domain functional levels
Tools to prepare forest and domain to support Windows Server 2012:
o Adprep /forestprep
o Adprep /domainprep
o Adprep /rodcprep
Installation scenarios for AD DS for Windows 2012:
o Installing a new Windows Server 2012 forest
o Installing a new Windows Server 2012 domain controller to create a
new domain in an existing Windows Server 2003, 2008, or 2008 R2
forest
Tools to promote the Windows Server 2012 system as a domain controller
in the domain:
o Server Manager
o PowerShell (using ADDSDeployment cmdlets)
o DCPromo (only for Server Core deployments using an answer file)
The role of a functional level
Features available at each domain functional level
Features available at each forest functional level
Management of functional levels
Guidelines that apply to raising the domain or forest functional levels
Students will learn how to:



Raise the functional level of a domain.
Raise the functional level of a forest.
Add a new child domain to a multi-domain forest.
Windows Server Pro: Advanced Services Exam Objectives:

1.0 Advanced Active Directory Configuration.
o Raise the functional level of an Active Directory forest
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
70-412 Exam Objectives:

501. Configure a forest or a domain.
o Implement multi-domain and multi-forest Active Directory
environments including interoperability with previous versions of
Active Directory
o Upgrade existing domains and forest including environment
preparation and functional levels
o Configure multiple user principal name (UPN) suffixes
Lecture Focus Questions:






When do you use the adprep /domainprep /gpprep command instead of
the adprep /domainprep command?
What are the prerequisites for adding the first domain controller running
Windows Server 2012 to an existing Active Directory environment?
How does the functional level of a domain impact the capabilities available
on domain controllers in the domain or forest?
How does the functional level of a domain affect which operating systems
you can run on workstations and servers in the domain?
What circumstances might prevent you from raising the functional level of
a domain?
In which two circumstances can you revert to a lower functional level
without rebuilding the domain or forest?
Video/Demo
Time
1.1.1 Multi-Domain Forests
1.1.2 Upgrading Multi-Domain Forests
1.1.3 Adding a New Child Domain
Total
10:37
10:01
7:35
28:13
Lab/Activity
Raise Functional Levels
Raise the Domain and/or Forest Levels
Number of Exam Questions
5 questions
Total Time
About 50 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 1.2: Cross-Forest Trusts
Summary
This section provides information about preparing and creating cross-forest
trusts. Details include:





The role of trusts
Properties of trusts:
o Direction of Trust:
 One-way Trust
 Two-way Trust
o Direction of Resource Access
o Transitivity
How trusts are created for:
o Domains within a forest
o Trusts between forests
Considerations when creating forest trusts
Authentication security settings that can be applied to trusts:
o Selective authentication
o Domain-wide authentication
o Forest-wide authentication
Students will learn how to:


Create and configure a forest root trust between two domains.
Create trust relationships with a specified domain.
Windows Server Pro: Advanced Services Exam Objectives:

1.0 Advanced Active Directory Configuration.
o Create forest root, cross-forest, external, shortcut, and realm trusts
70-412 Exam Objectives:

502 Configure trusts.
o Configure trust authentication
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:






Which types of trusts are created automatically for domains within a
forest?
What are the characteristics of automatically-created domain trusts?
What are the characteristics of trusts between forests?
When can forest trusts be used?
When must you create an external trust?
What advantages does selective authentication provide to system
administrators for securing resources in a forest?
Video/Demo
Time
1.2.1 Cross-Forest Trusts
1.2.2 Preparation for a Cross-Forest Trust
1.2.3 Preparing for a Cross-Forest Trust
1.2.4 Creating a Cross-Forest Trust
Total
6:26
1:29
7:40
11:56
27:31
Lab/Activity
Create a Forest Root Trust
Design Trusts
Number of Exam Questions
9 questions
Total Time
About 50 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 1.3: External, Shortcut and Realm Trusts
Summary
This section provides details about creating external, shortcut, and realm trusts.
Students will learn how to:


Manually create an external trust to allow users on one domain to access
resources in a domain of another forest.
Create a shortcut trust to speed up authentication between domains in the
same forest.
Windows Server Pro: Advanced Services Objectives:

1.0 Advanced Active Directory Configuration.
o Create forest root, cross-forest, external, shortcut, and realm trusts
70-412 Exam Objectives:

502 Configure trusts.
o Configure external, forest, shortcut, and realm trusts
o Configure trust authentication
o Configure SID filtering
o Configure name suffix routing
Lecture Focus Questions:




How do shortcut trusts improve user logon times between two domains
within a forest?
What are the characteristics of an external trust?
When should you use a realm trust?
What features does Active Directory Federated Services (AD FS) offer?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
1.3.1 External, Shortcut and Realm Trusts
1.3.2 Creating a Shortcut Trust
Total
5:00
2:23
7:23
Lab/Activity
Create a Shortcut Trust
Number of Exam Questions
4 questions
Total Time
About 20 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 1.4: Sites Overview
Summary
This section provides an overview of sites and subnets. Details covered include:




The role of a site
The role of a subnet
Considerations about sites and subnets
Sites and subnets allow an administrator to monitor:
o Active Directory replication between locations
o Workstation logon traffic
o Objects in Active Directory
o Distributed File System (DFS) resource access
o File Replication Service (FRS) characteristics
o Properties for any site-aware application
Students will learn how to:

Create and manage sites, subnets, and site links.
70-412 Exam Objectives:

503. Configure sites.
o Configure sites and subnets
o Create and configure site links
o Move domain controllers between sites
Lecture Focus Questions:





How does a subnet differ from a site?
What is the purpose of sites and subnets?
What criteria are used to assign computers to sites?
How are clients assigned to sites?
What criteria determine the site that a domain controller is assigned?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
1.4.1 Overview of Sites
1.4.2 Creating Sites, Subnets, and Site Links
Total
7:54
12:47
20:41
Lab/Activity
Manage Sites and Subnets
Number of Exam Questions
3 questions
Total Time
About 30 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 1.5: Managing Sites
Summary
This section discusses the following issues when managing sites:






Logon requests
Site link cost
Site link schedules
Site link interval
Global Catalog servers
Universal Group Membership Caching
Students will learn how to:



Determine the domain controller that will process logon requests at a site.
Set up a Global Catalog.
Enable Universal Group Membership Caching.
Windows Server Pro: Advanced Services Objectives:

1.0 Advanced Active Directory Configuration.
o Manage sites, subnets, and site links
70-412 Exam Objectives:

503. Configure sites.
o Manage site coverage
o Manage registration of SRV records
Lecture Focus Questions:






How can you determine which domain controller will authenticate a client
when more than one domain controller exists at a site?
How are site link costs determined?
What steps can you take to ensure that a particular domain controller does
not authenticate clients from another site?
How does a Global Catalog server facilitate faster searches and logon?
What are the benefits of Universal Group Membership Caching? When
should it be used?
What two things should you consider when defining site link schedules?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
1.5.1 Site Management
1.5.2 Managing Sites
Total
Time
17:10
10:01
27:11
Number of Exam Questions
10 questions
Total Time
About 40 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 1.6: Managing Replication
Summary
This section examines managing replication. Concepts covered include:












Terms to be familiar with:
o Site link bridge
o Bridgehead server
o Connection
Sites and Services distinguishes between two types of replication:
o Intrasite
o Intersite
Transport protocols used by replication:
o Directory Services Remote Procedure Call (DS-RPC)
o Inter-Site Messaging Simple Mail Transfer Protocol (ISM-SMTP)
Facts about intrasite replication:
o Occurs between domain controllers within a site
o By default, occurs once every hour
o Modifying the replication frequency
o Connections are created automatically as necessary
Intersite replication configuration steps:
o Preferred bridgehead server
o Replication schedule
o Replication frequency
o Site link cost
o Bridged site replication
o Forced replication
Example of site link bridging
The role of SYSVOL folder
File Replication Service (FRS) vs. Distributed File System (DFS)
Benefits of DFS replication
Migrating from FRS replication to DFS replication
States that indicate stable stages in the migration process:
o Not initiated
o Start
o Prepared
o Redirected
o Eliminated
Considerations when managing migration
Students will learn how to:


Create a site link bridge.
Manage replication of AD and SYSVOL.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.

Monitor replication of AD and SYSVOL.
Windows Server Pro: Advanced Services Objectives:

1.0 Advanced Active Directory Configuration.
o Manage sites, subnets, and site links.
o Configure site replication.
70-412 Exam Objectives:

504. Manage Active Directory and SYSVOL replication.
o Monitor and manage replication
o Upgrade SYSVOL replication to Distributed File System Replication
(DFSR)
Lecture Focus Questions:







What types of trusts are enabled by default for site link bridges?
How do you establish bidirectional communications between domain
controllers?
How does intrasite replication differ from intersite replication?
What are three ways that you can force replication?
How can you force a certain path between sites for replication?
What is the process for migrating from FRS replication to DFS replication
when the domain is at Windows Server 2003 functional level?
During which migration stages are you able to roll back the migration?
Video/Demo
Time
1.6.1 Active Directory Replication
1.6.2 Monitoring and Managing Replication
12:46
12:51
Total
25:37
Lab/Activity
Configure Intrasite Replication
Configure Intersite Replication
Number of Exam Questions
15 questions
Total Time
About 60 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 1.7: Read-Only Domain Controllers (RODCs)
Summary
In this section students will learn details about creating RODCs. Concepts
covered include:





Features of RODCs:
o Administrator role separation
o Unidirectional replication
o Read-only data
o Password replication
o DNS Server service
Requirements to be met before RODCs are installed in a domain
Performing a staged installation of an RODC in which the installation is
performed by two different individuals in separated stages
Generals steps to install a read-only domain controller (RODC)
Considerations when installing RODC
Students will learn how to:

Create and configure an RODC account.
Windows Server Pro: Advanced Services Exam Objectives:

1.0 Advanced Active Directory Configuration.
o Implement read-only domain controllers
70-412 Exam Objectives:

504. Manage Active Directory and SYSVOL replication.
o Configure replication to Read-Only Domain Controllers (RODCs)
Lecture Focus Questions:




In which environments is an RODC typically deployed?
What are the benefits and the drawbacks of unilateral replication?
What are the requirements for installing an RODC in a domain?
How does the administrative role separation (ARS) feature protect domain
controller security?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
1.7.1 Read-Only Domain Controllers
1.7.2 Pre-Staging RODC Accounts
1.7.3 Joining an RODC to the Domain
Total
9:11
6:53
4:57
21:01
Lab/Activity
Create RODC Accounts
Number of Exam Questions
5 questions
Total Time
About 35 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 1.8: RODC Management
Summary
This section discusses the following considerations managing an RODC:



Administrator role separation
Replication traffic management
Security management
Students will learn how to:


Configure the password replication policy on the RODC to cache only
passwords for specified users.
Prepopulate passwords before users even attempt to log on.
Windows Server Pro: Advanced Services Exam Objectives:

1.0 Active Directory Configuration.
o Implement read-only domain controllers
70-412 Exam Objectives:

504. Manage Active Directory and SYSVOL replication.
o Configure Password Replication Policy (PRP) for RODCs
Lecture Focus Questions:






How does the password replication policy control password replication?
What preventative measures can you implement to protect the data on an
RODC in the event it is lost or stolen?
How can you prevent certain data from being replicated to an RODC?
What steps should you take if an RODC has been compromised?
When does an RODC attempt inbound replication?
Which two built-in groups can be used for password replication on
RODCs?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
1.8.1 RODC Management
1.8.2 Managing RODCs
Total
9:52
6:01
15:53
Lab/Activity
Edit the Password Replication Policy
Number of Exam Questions
6 questions
Total Time
About 35 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 2.1: Network File System (NFS)
Summary
This section discusses using Network File System (NFS) to transfer files between
computers running Windows and UNIX/Linux operating systems. Details include:

Considerations when deploying NFS file sharing on Windows Server
2012:
o System requirements
o NFS service installation
o NFS service configuration
o NFS share configuration
Students will learn how to:

Create and configure an NFS share.
Windows Server Pro: Advanced Services Exam Objectives:

2.0 Advanced Storage Management.
o Implement NFS to support UNIX/Linux systems
70-412 Exam Objectives:

201. Configure advanced file services.
o Configure NFS data store
Lecture Focus Questions:




Which PowerShell cmdlets install NFS sharing components on a Windows
Server 2012 system?
What configuration tasks must be completed before using the NFS Server
or Client on a Windows Server 2012 system?
What are two ways you can create shares in the server's NTFS file system
and export them to NFS clients?
In which two ways can you map a UNIX/Linux user or group to a Windows
user or group?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
2.1.1 NFS Overview
2.1.2 Configuring an NFS Data Store
Total
1:53
12:10
14:03
Lab/Activity
Configure an NFS Share
Number of Exam Questions
4 questions
Total Time
About 25 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 2.2: BranchCache
Summary
This section discusses using BranchCache to allow users in branch offices to
access information more quickly. Concepts covered include:


The role of BranchCache
BranchCache modes:
o Hosted Cache
o Distributed Cache
Students will learn how to:




Configure a BranchCache content server.
Configure a hosted BranchCache server.
Use PowerShell cmdlets to configure BranchCache clients.
Verify BranchCache client settings.
70-412 Exam Objectives:

201. Configure advanced file services.
o Configure BranchCache
Lecture Focus Questions:






What method do you use to configure a file server as a BranchCache
content server?
How does hosted cache mode differ from distributed cache mode in
systems using BranchCache?
What are the advantages of using Group Policy to configure BranchCache
on multiple computers?
How do you use Group Policy to configure firewall rules for BranchCache
clients?
Which settings should you verify when inspecting the current
BranchCache operation mode using the Get-BCStatus cmdlet?
What should you be aware of if you use both PowerShell cmdlets and
Group Policy to configure BranchCache on client systems?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
2.2.1 BranchCache Overview
2.2.2 Configure BranchCache
Total
Time
5:34
6:11
11:45
Number of Exam Questions
10 questions
Total Time
About 25 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 2.3: Dynamic Access Control (DAC)
Summary
In this section students will learn about using Dynamic Access control (DAC) to
enable granular control over data access. Details include:





The role of Dynamic Access Control (AC)
Factors that can be used to change the level of access of a user
Components of DAC implementation:
o Resource properties
o Classification rules
o Claims-based access control:
 User claims
 Devices claims
o Central access rules
o Central access policies
Considerations when setting up the permission for DAC and NTFS file
permissions
Tasks to implement Dynamic Access Control (DAC):
o Install FSRM
o Define resource properties
o Create classification rules
o Configure claim types
o Define central access rules
o Define central access policies
o Configure Group Policy settings
o Apply central access policies
Students will learn how to:



Use FSRM to configure File Classification Infrastructure.
Create and configure classification rules.
Configure a classification schedule.
Windows Server Pro: Advanced Services Exam Objectives:

2.0 Advanced Storage Management.
o Implement Dynamic Access Control (DAC)
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
70-412 Exam Objectives:


201. Configure advanced file services.
o Configure File Classification Infrastructure (FCI) using File Server
Resource Manager (FSRM)
202. Implement Dynamic Access Control (DAC).
o Configure user and device claim types
o Configure file classification
o Create and configure Central Access rules and policies
o Create and configure resource properties and lists
Lecture Focus Questions:






By implementing DAC, what criteria can you use to dynamically change
the level of access a user has to file server data?
How can you use NTFS file system permissions and DAC to control
resource access?
To which types of data can classification rules be applied?
How does the Content Classifier method of assigning a property to a file
differ from the Windows PowerShell Classifier method?
What are the components of a central access rule?
Which Kerberos Group Policy settings must be enabled to support DAC?
Video/Demo
Time
2.3.1 DAC Overview
2.3.2 Configuring File Classification Infrastructure (FCI) using FSRM
2.3.3 Implementing DAC Policies
Total
10:22
11:30
19:59
41:51
Lab/Activity
Configure File Classification Infrastructure
Number of Exam Questions
4 questions
Total Time
About 55 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 2.4: DAC Management
Summary
In this section students will learn about options to manage Dynamic Access
Control (DAC). Details in this section include:


Staging
Access-denied remediation
Students will learn how to:


Staging policy changes for central access policies for DAC.
Use Group Policy to configure file access auditing.
Windows Server Pro: Advanced Services Exam Objectives:

2.0 Advanced Storage Management.
o Implement Dynamic Access Control (DAC)
70-412 Exam Objectives:


201. Configure advanced file services.
o Configure file access auditing
202. Implement Dynamic Access Control (DAC).
o Implement policy changes and staging
o Perform access-denied remediation
Lecture Focus Questions:




How can you test the effect of DAC rules without enforcing them?
What is the purpose of access-denied remediation?
What are two requirements for using access-denied remediation?
What should you be aware of if you use both File Server Resource
Manager and Group Policy to configure DAC?
Video/Demo
2.4.1 DAC Management
2.4.2 Implementing Policy Changes and Staging
2.4.3 Performing Access-denied Remediation
Total
Time
5.01
6:40
5:09
16:50
Number of Exam Questions
3 questions
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Total Time
About 20 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 2.5: Advanced Storage
Summary
This section examines using iSCSI and iSNS to provide advanced storage
capabilities. Details include:







Hardware required to create an iSCSI SAN:
o Ethernet cabling
o Ethernet switches
o Ethernet NICs
The role of iSCSI targets
The role of iSCSI initiator
iSCSI terminology to be familiar with:
o network entity
o network portal
o Protocol Data Unit (PDU)
o iSCSI name
o iSCSI Qualified Name (IQN)
o iSCSI target
o iSCSI initiator
o LUN
Considerations when choosing between iSCSI and other SAN
technologies
Steps to configure iSCSI initiators
The role of Internet Storage Name Service (iSNS)
Students will learn how to:



Create an iSCSI virtual disk and configure an iSCSI target on it.
Configure an iSCSI initiator with access to the virtual disk.
Install the iSNS Server Service feature and configure iSNS.
Windows Server Pro: Advanced Services Exam Objectives:

2.0 Advanced Storage Management.
o Implement an iSCSI SAN
70-412 Exam Objectives:

203 Configure and optimize storage.
o Configure iSCSI Target and Initiator
o Configure Internet Storage Name server (iSNS)
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:






What are the hardware components of a SAN?
What is the advantage of using Ethernet hardware for a SAN
implementation?
What is the benefit from implementing a second, parallel network
infrastructure dedicated only to the iSCSI SAN?
In an iSCSI SAN, what purpose does the network portal serve?
What are the steps to configure iSCSI initiators?
What functions does Storage Name Service (iSNS) provide?
Video/Demo
Time
2.5.1 iSCSI and Internet Storage Name Server (iSNS)
2.5.2 Configuring an iSCSI Target
2.5.3 Configuring the iSCSI Initiator
2.5.4 Configuring iSNS
Total
2:35
2:23
4:19
3:11
12:28
Lab/Activity
Configure an iSCSI Target
Configure the iSCSI Initiator
Number of Exam Questions
8 questions
Total Time
About 35 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 2.6: Storage Optimization
Summary
This section covers optimizing storage by using storage spaces and storage
pools. Concepts covered include:







Components of storage spaces:
o Devices
o Pools
o Storage spaces
Steps to follow when more disk space is needed
Configuration options in storage pool creation:
o Allocation
o Storage layout:
 Simple
 Two-way mirror
 Three-way mirror
 Parity
o Provisioning:
 Fixed provisioning
 Thin provisioning
Considerations about storage spaces
Storage pool limitations
PowerShell commands to manage storage spaces:
o New-StoragePool
o Add-PhysicalDisk
o New-VirtualDisk
o Get-StoragePool
Options to optimized storage on a Windows Server 2012 system:
o Data deduplication
o Features on Demand
Students will learn how to:



Configure storage pools.
Reduce disk space used by Windows Server 2012 using Features on
Demand.
Enable data deduplication to optimize data storage.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
70-412 Exam Objectives:


102 Configure failover clustering.
o Configure and optimize clustered shared volumes
o Configure storage spaces
203 Configure and optimize storage.
o Implement thin provisioning and trim
o Manage server free space using Features on Demand
Lecture Focus Questions:





How does fixed provisioning differ from thin provisioning?
What are the limitations of the storage pool?
Which PowerShell cmdlets can you use to manage storage spaces and
what is the function of each?
How does data deduplication differ from Features on Demand?
How can you use Features on Demand to manage free space of a
Windows Server 2012 server?
Video/Demo
Time
2.6.1 Storage Optimization
2.6.2 Optimizing Storage
2.6.3 Storage Tiers
Total
4:33
12:33
12:51
29:57
Number of Exam Questions
8 questions
Total Time
About 45 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 3.1: Windows Server Backup
Summary
This section provides details of using Windows Server Backup. Concepts
covered include:








The role of the Online Backup feature in Windows 2012
Steps to perform online backups
The role of the Windows Server Local Backup
Considerations about using Windows Server Backup
Methods Windows Server Backup provides to run backups:
o Windows Server Backup MMC snap-in
o Wbadmin from the command prompt
o PowerShell cmdlets for Windows Server Backup
Options available with Windows Server Backup:
o Full Server
o Bare metal recovery
o System state
o Individual volumes
o Folders or files
Storage types that Windows Server Backup can save backups to:
o Internal disk
o External disk
o Shared folder
o DVD, other optical or removable media
When using Windows Server Backup you cannot back to:
o Tape
o USB flash drives
o Pen drives
Students will learn how to:



Install Windows Server Backup.
Configure a regular backup schedule for a server.
Back up a server.
Windows Server Pro: Advanced Services Exam Objectives:

3.0 Server Data Protection.
o Configure server backups
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
70-412 Exam Objectives:

301 Configure and manage backups.
o Configure Windows Server backups
o Configure Windows Online backups
o Configure role-specific backups
Lecture Focus Questions:






When using the Online Backup feature in Windows Server 2012, what
options do you have for obtaining the certificate file?
Which types of backups are not supported by Online Backup and must be
done using a local backup?
What is the best practice for securing the Online Backup passphrase?
What happens if the online backup destination does not have sufficient
space available to store the backup?
When using Windows Server Backup, which backup option would you use
if you want to be able to recover all volumes including system state and
bare metal recoveries?
Which media types are not supported by Windows Server Backup?
Video/Demo
Time
3.1.1 Windows Server Backup
3:16
3.1.2 Configuring Windows Server Backup for Local Backup 2:33
3.1.4 Configuring Windows Server Backup for Online Backup 6:27
Total
12:16
Lab/Activity
Back Up a Server
Number of Exam Questions
13 questions
Total Time
About 35 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 3.2: Restore from Backup
Summary
This section discusses restoring from backup. Concepts covered include:


Considerations when restoring from backups
Recovery types and the tools to perform them:
o Online
o Files and folders
o Hyper-V
o Volumes
o Applications
o Bare metal or full server
o System state
Students will learn how to:



Restore a server from backup.
Restore user data from backup.
Perform a Bare Metal Recovery.
Windows Server Pro: Advanced Services Exam Objectives:

3.0 Server Data Protection.
o Restore server data from backup
70-412 Exam Objectives:

302 Recover servers.
o Restore from backups
o Perform a Bare Metal Restore (BMR)
Lecture Focus Questions:





Which are the only types of files that can be recovered from an online
backup?
Which are the only media supported for recovering files and folders using
Windows Server Backup?
Who is authorized to perform recoveries using Windows Server Backup?
What tool allows you to recover Hyper-V virtual machines?
When recovering volumes, how is the existing data on the destination
volume handled?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
3.2.1 Restore from Backup
3.2.2 Recovering User Data
3.2.3 Performing a Bare Metal Recovery (BMR)
Total
Time
1:38
3:42
3:30
8:50
Number of Exam Questions
3 questions
Total Time
About 15 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 3.3: Volume Shadow Copies
Summary
This section discusses using Volume Shadow Copies to make copies of user
files at regular intervals. Concepts covered include:



The role of Volume Shadow Copy Service (VSS)
Considerations when using VSS
VSS areas when implementing shadow copies:
o Scheduling
o Storing
o Recovering
o NTFS Permissions
o VSSAdmin
Students will learn how to:



Enable and configure shadow copies for shared folders.
Restore a previous version of a file.
Use VSSAdmin to manage VSS settings from the command line.
Windows Server Pro: Advanced Services Exam Objectives:

3.0 Server Data Protection.
o Enable shadow copies
70-412 Exam Objectives:

301 Configure and manage backups.
o Manage VSS settings using VSSAdmin
Lecture Focus Questions:






How do you view and manage previous versions of volumes, folders and
files?
What criteria should you use for scheduling shadow copies of volume
data?
How are NTFS permissions on previous versions of a file affected during
recovery?
How does restoring folders affect new files that have been added since
the shadow copy was made?
What steps should you take to allow defragmentation on volumes with
VSS enabled?
What happens if you delete a volume before disabling VSS?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
3.3.1 Volume Shadow Copies
2:25
3.3.2 Configuring VSS
3:21
3.3.2 Managing VSS Settings with VSSAdmin 2:07
Total
7:53
Lab/Activity
Enable Shadow Copies
Restore Previous Version 1
Restore Previous Version 2
Number of Exam Questions
11 questions
Total Time
About 35 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 3.4: Boot Configuration Data (BCD) Store
Summary
In this section students will learn about Boot Configuration Data (BCD) Store.
Concepts covered include:




Tools to assist in system recovery:
o System Recovery Options
o Boot Configuration Data (BCD)
o Windows Memory Diagnostic Tool (WMDT)
o Startup and Recovery options
o System Configuration utility (Msconfig.exe)
The role of boot options
Windows Server 2012 startup modes:
o Repair Your Computer
o Safe Mode
o Safe Mode with Networking
o Safe Mode with Command Prompt
o Enable Boot logging
o Enable low-resolution video
o Last Known Good Configuration
o Debugging Mode
o Disable automatic restart on a system failure
o Disable Driver Signature Enforcement
o Disable Early Launch Anti-Malware Protection
Recommendations to troubleshoot startup errors with the advanced boot
options
Students will learn how to:


Configure the BCD store.
Use Advanced Boot options to boot a computer.
70-412 Exam Objectives:

302 Recover servers.
o Recover servers using Windows Recovery Environment (Win RE)
and safe mode
o Configure the Boot Configuration Data (BCD) store
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:







When would you need to use the System Image Recovery tool?
In which situations would the System Configuration utility (bcd) be
useful?
What actions can you take to boot your system if it is not running and will
not boot normally?
When should you access the Repair Your Computer option?
When should you boot your computer into safe mode?
In which situations will the Last Known Good Configuration option be
useful?
Why would it be useful to enable the Disable automatic restart on
system failure option?
Video/Demo
Time
3.4.1 BCD Store Overview
3.4.2 Configuring the BCD Store
Total
1:27
7:55
9:22
Number of Exam Questions
4 questions
Total Time
About 20 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 4.1: DHCP Overview
Summary
This section provides an overview of DHCP. Concepts covered include:





Methods that clients use to obtain an address from a DHCP server:
o DHCP Discover (D)
o DHCP Offer (O)
o DHCP Request (R)
o DHCP ACK (A)
DHCP Authorization requirements
DHCP Server authorization verification
Considerations when installing and configuring a DHCP Server
DHCP console context-sensitive icons:
o Check mark in a green circle
o Red down arrow
o Horizontal white line inside a red circle
o Exclamation sign inside a yellow triangle
o Exclamation sign inside a blue circle
Students will learn how to:


Install a DHCP server.
Authorize a DHCP server.
70-412 Exam Objectives:

401 Implement an advanced Dynamic Host Configuration Protocol
(DHCP) solution.
o Implement DHCPv6
Lecture Focus Questions:






What are the steps a DHCP client uses to obtain an IP address from a
DHCP server?
What permissions do you need to authorize a DHCP server?
When is authorization not required for a DHCP server?
What happens when a DHCP server's IP address is not found in Active
Directory?
How would you set up a DHCP Administrator so that the administrator has
rights on all DHCP servers in the domain?
In the DHCP console, you notice that the DHCP server icon has a red
down arrow beside it. What is the status of the DHCP server?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
4.1.1 DHCP Overview
4.1.2 Installing and Authorizing DHCP Server
1:42
1:49
Total
3:31
Number of Exam Questions
5 questions
Total Time
About 10 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 4.2: DHCP Scopes
Summary
This section provides details of using DHCP scopes. Concepts covered include:







Working with DHCP scopes
DHCP options:
o Server options
o Scope options
o Class options
o Client options
Common options include:
o 003 Router
o 006 DNS Servers
o 015 DNS Domain Name
Considerations when working with DHCP options
Key components of DHCP policies:
o Conditions
o Settings
The role of a superscope
Options for a DHCP server to service a subnet separated with a router:
o 1542 compliant router
o DHCP relay agent
Students will learn how to:



Create and activate DHCP scopes.
Create a multicast scope.
Create and configure a superscope.
70-412 Exam Objectives:

401 Implement an advanced Dynamic Host Configuration Protocol
(DHCP) solution.
o Create and configure superscopes and multicast scopes
o Configure DNS registration
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:







What are the four levels of DHCP IP configuration options and what is the
purpose of each?
In what order are DHCP options applied?
Which option values take precedence: those delivered through DHCP or
those configured manually on the client?
How can you change the subnet mask in an existing scope?
When should you use reservations for a DHCP client?
When would you use a DHCP policy?
When might you use a superscope?
Video/Demo
Time
4.2.1 DHCP Scopes
4.2.2 Creating IPv4 Scopes
7:33
14:22
Total
21:55
Lab/Activity
Create a Superscope
Number of Exam Questions
11 questions
Total Time
About 45 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 4.3: DHCP and IPv6
Summary
This section provides the basic information about the structure of IPv6 and using
DHCP in an IPv6 environment.








Components of a IPv6 address:
o Format
o Leading zeros
o Prefix and interface ID
Considerations when using Ipv6
Comparison of IPv4 address types with IPv4 address types
The process to configure the IPv6 Address assignment
Address types of an autoconfigured IPv6 address:
o Tentative
o Valid:
 Preferred
 Deprecated
o Invalid
The role of DHCP in an IPv6 environment
DHCPv6 broadcasts:
o Solicit Packet (S)
o Advertise Packet (A)
o Request Packet (R)
o Reply Packet (R)
Configuring a DHCP server for IPv6
Students will learn how to:


Create an IPv6 scope.
Configure DHCPv6 scope options.
Windows Server Pro: Advanced Services Exam Objectives:

4.0 Advanced DHCP and DNS Configuration.
o Configure DHCP to support IPv6
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
70-412 Exam Objectives:

401 Implement an advanced Dynamic Host Configuration Protocol
(DHCP) solution.
o Implement DHCPv6
Lecture Focus Questions:






How does IPv6 differ from IPv4?
What is the purpose of a neighbor solicitation?
If the M and O flags in the router advertisement (RA) message are set to
1, what type of configuration method should you use?
What options do you have for dealing with zeros (0s) in an IPv6 address?
How is autoconfiguration in IPv6 improved over autoconfiguration in IPv4?
What does a multicast address indicate?
Video/Demo
Time
4.3.1 IPv6 Overview
4.3.2 Implementing IPv6
Total
3:59
1:39
5:38
Lab/Activity
Configure an IPv6 Scope
Number of Exam Questions
9 questions
Total Time
About 25 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 4.4: DHCP High Availability
Summary
This section discusses the following DHCP high availability features available on
Windows Server 2012.



Split scopes
Failover
Name Protection
Students will learn how to:


Create and configure a split scope
Configure a DHCP failover
Windows Server Pro: Advanced Services Exam Objectives:

4.0 Advanced DHCP and DNS Configuration.
o Configure split DHCP scopes
o Configure DHCP failover
70-412 Exam Objectives:

401 Implement an advanced Dynamic Host Configuration Protocol
(DHCP) solution.
o Configure high availability for DHCP including DHCP failover and
split scopes
o Configure DHCP Name Protection
Lecture Focus Questions:





What is a split scope?
How do you create a split scope?
When configuring a split scope, how can you help to ensure that the
preferred server is accepted by the client computer?
How does DHCP implement name protection?
In which two ways can you implement DHCP failover?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
4.4.1 DHCP High Availability
4.4.2 DHCP Split Scopes
4.4.4 DHCP Failover
4.4.7 DHCP Name Protection
Total
Time
4:59
4:11
6:18
1:35
17:03
Lab/Activity
Configure a Split Scope
Configure DHCP Failover 1
Configure DHCP Failover 2
Number of Exam Questions
3 questions
Total Time
About 40 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 4.5: IPAM Overview
Summary
This section provides an overview of IP Address Management (IPAM). Details
include:




The role of IPAM
Key IPAM specifications
Phases for the process of installing IPAM:
o Install the IPAM role
o Connect to the IPAM server
o Provision the IPAM server
o Configure server discovery
o Discover servers
o Define managed servers
o Gather data from managed servers
Features that Windows Server 2012 R2 supports
Students will learn how to:



Manually configure IPAM.
Configure IPAM using the IPAM Provisioning Wizard, a Group Policy
based provisioning method.
Configure server discovery to discover domain controllers, DHCP servers,
DNS servers, and NPS servers, and automatically add them to the IPAM
console.
70-412 Exam Objectives:

403 Deploy and manage IPAM.
o Configure IPAM manually or by using Group Policy
o Configure server discovery
o Migrate to IPAM
o Configure IPAM database storage
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:







What functions does the IP Address Management (IPAM) server perform?
What is the IPAM server scope discovery range in Active Directory?
Why should you not install IPAM on a DHCP server?
What is IPAM provisioning?
What are the steps for provisioning an IPAM server?
What tasks must be performed before the Server Discovery task can work
properly?
How do you configure discovered servers as managed servers?
Video/Demo
Time
4.5.1 IPAM Basics
4:38
4.5.2 Configuring IPAM Manually or Using GPO 9:56
4.5.3 IPAM on Server 2012 R2
11:01
Total
25:35
Number of Exam Questions
7 questions
Total Time
About 35 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 4.6: IPAM Configuration
Summary
In this section students will learn about configuring IPAM. Concepts covered in
this section include:


IP Address information managed by IPAM is organized into the following
hierarchy:
o IP address space
o IP address blocks
o IP address ranges
o IP address inventory
IPAM console provide the following options:
o DNS and DHCP servers
o DHCP scopes
o DNS zones
o Server groups
Students will learn how to:


Manage IP block and ranges from the IPAM console.
Use the IPAM console to manage DHCP and DNS servers.
70-412 Exam Objectives:

403 Deploy and manage IPAM.
o Create and manage IP blocks and ranges
o Monitor utilization of IP address space
o Manage IPAM collections
Lecture Focus Questions:





What is the hierarchical organization of IP address information managed
by IPAM?
How does the IP address inventory organize IP addresses?
What information about DNS and DHCP servers does IPAM store?
How do you view IP address ranges using the IPAM console?
What DNS zone information can you view in IPAM?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
4.6.1 IPAM Configuration
4.6.2 Managing IP Blocks and Ranges
3:59
15:01
Total
19:00
Number of Exam Questions
7 questions
Total Time
About 30 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 4.7: IPAM Management
Summary
This section discusses the following key tasks of managing an IPAM server.



Assign the appropriate right to the user.
Allow the user to access the server remotely.
Add the remote IPAM server to the server pool in Server Manager.
Students will learn how to:

Assign a user the rights to remotely act as an IPAM administrator.
70-412 Exam Objectives:

403 Deploy and manage IPAM.
o Delegate IPAM administration
Lecture Focus Questions:





Which local group on the IPAM server should you assign a user to so that
they will have the appropriate rights to manage an IPAM server?
Which tasks must be completed to delegate to a user the ability to
manage an IPAM server?
If Group Policy provisioning was used to set up the IPAM server, what
domain administrator privileges should a user have in order to indicate
that servers in inventory are managed or not managed?
Which group must a user be a member of in order to access the IPM
server from a remote IPAM client?
How can you allow a user to manage an IPAM server from a remote
location?
Video/Demo
Time
4.7.1 IPAM Management
4.7.2 Delegating IPAM Administration
0:50
2:41
Total
3:31
Number of Exam Questions
2 questions
Total Time
About 5 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 5.1: DNS Security
Summary
This section discusses strategies for DNS security. The following details are
covered:



Goals for designing security for a DNS solution
Strategies to improve DNS security:
o Provide redundancy and automatic backup of DNS data
o Prevent zone transfer except to specific servers
o Prevent unauthorized modification of zone data on secondary
servers
o Prevent zone transfers except to domain controllers
o Secure zone transfer data while in transit
o Prevent unauthorized modification of dynamic DNS records
o Secure DNS data on the servers
o Cryptographically sign DNS zone records
o Lock records in the DNS cache
o Randomize the port used for DNS queries
o Audit DNS activity
Security considerations for DNS servers available to Internet users
Students will learn how to:


Configure DNSSEC on a zone to secure data by signing DNS zones and
records.
Configure DNS socket pooling and cache locking to increase security for
the DNS cache.
Windows Server Pro: Advanced Services Exam Objectives:

4.0 Advanced DHCP and DNS Configuration.
o Protect zone data with DNSSEC
70-412 Exam Objectives:

402 Implement an advanced DNS solution.
o Configure security for DNS including DNSSEC, DNS Socket Pool,
and cache locking
o Isolate DNSSEC key management and storage
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:






What security goals should you set for your DNS solution?
How can you limit zone transfer to specific servers?
How can you limit zone transfer to specific domain controllers?
What security issue is addressed by converting all zones to Active
Directory-integrated and allowing only secure dynamic update?
How does DNSSec make DNS zone records more secure?
How do you randomize the port used for DNS queries?
Video/Demo
Time
5.1.1 DNS Security
5.1.2 Configuring DNSSEC
5.1.3 Configuring DNS Socket Pooling
5.1.4 Configuring Cache Locking
12:50
10:21
2:20
1:19
Total
26:50
Number of Exam Questions
10 questions
Total Time
About 40 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 5.2: Advanced DNS Settings
Summary
This section discusses using the DNS Manager to configure advanced DNS
settings.


DNS Manager tabs to configure DNS server properties:
o Interfaces
o Forwarders
o Root Hints
o Debug Logging
o Event Logging
o Monitoring
o Security
o Advanced
Windows Server 2012 R2 enhanced zone level statistics:
o All Statistics
o Query Statistics
o Transfer statistics
o Update statistics
Students will learn how to:

Configure a server with DNS advanced settings.
Windows Server Pro: Advanced Services Exam Objectives:

4.0 Advanced DHCP and DNS Configuration.
o Configure advanced DNS server settings
70-412 Exam Objectives:

402. Implement an advanced DNS solution.
o Configure DNS logging
o Configure delegated administration
o Configure recursion
o Configure netmask ordering
o Analyze zone level statistics
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:





What information do you enter on the Forwarders tab of DNS Manager?
When are root name servers used to resolve DNS queries?
Which DNS Manager feature would you use to gather data about the type
of traffic being sent to your system?
What advanced DNS Manager feature prevents corrupted zone data from
being loaded into DNS?
How does the Secure cache against pollution feature keep the DNS
cache accurate and streamlined?
Video/Demo
Time
5.2.1 Configuring Advanced DNS Settings
5.2.2 Using DNS Zone Statistics
4:33
2:46
Total
7:19
Lab/Activity
Configure DNS Advanced Settings
Number of Exam Questions
8 questions
Total Time
About 20 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 5.3: GlobalNames Zones
Summary
This section covers using GlobalNames zone on the DNS server that is used for
single-label name resolution.


The role of GlobalNames zone
Considerations for managing the GlobalNames zone
Students will learn how to:

Create a GlobalNames zone.
Windows Server Pro: Advanced Services Exam Objectives:

4.0 Advanced DHCP and DNS Configuration.
o Configure a GlobalNames zone
70-412 Exam Objectives:

402. Implement an advanced DNS solution.
o Configure a GlobalNames zone
Lecture Focus Questions:





In addition to supporting single-label name resolution, what are other
features of a GlobalNames zone?
What are the steps for configuring a GlobalNames zone?
How can you extend the GlobalNames zone to multiple forests?
What is the server operating system requirement for authoritative DNS
servers when you implement the GlobalName zone?
What changes are required for client machines when you implement the
GlobalNames zone?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
5.3.1 GlobalNames Zones
5.3.2 Creating a GlobalNames Zones
2:03
2:38
Total
4:41
Lab/Activity
Configure a GlobalNames Zone
Number of Exam Questions
5 questions
Total Time
About 15 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 6.1: Virtual Machine Management
Summary
This section examines managing virtual machines. Concepts covered include:




Methods to move an entire virtual machine along with the virtual hard
disks:
o Export/Import
o Manual
Cloning an existing virtual domain controller
System prerequisites before cloning a virtual domain controller:
o Supported Hypervisors
o Supported Guest Operating Systems
o PDC Emulator
The process for cloning a virtual domain controller
Students will learn how to:


Export and import virtual machines.
Clone domain controllers to quickly provide new domain controllers.
70-412 Exam Objectives:


104 Manage Virtual Machine (VM) movement.
o Import, export, and copy VMs
o Migrate from other platforms (P2V and V2V)
303 Configure site-level fault tolerance.
o Configure Hyper-V Replica including Hyper-V Replica Broker and
VMs
Lecture Focus Questions:







What options do you have for moving an entire virtual machine, including
virtual disks?
How can an exported snapshot of a virtual machine be used?
Why is it useful to use the Copy on Import feature of Hyper-V?
What are the steps for manually moving a virtual machine?
How are domain controllers cloned?
What system prerequisites must be met before cloning a virtual domain
controller?
What should you do if the New-ADDCCLoneConfigFile cmdlet found
incompatible applications on the source domain controller?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
6.1.1 Migrate Virtual Machines from Other Platforms
6.1.2 Virtual Machine Management
6.1.3 Managing Virtual Machines
Total
Time
1:15
2:30
7:10
10:55
Number of Exam Questions
12 questions
Total Time
About 30 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 6.2: Hyper-V High Availability
Summary
This section examines Hyper-V high availability. Concepts covered include:









The role of Hyper-V Replication
Initial replication
Replication frequency
Planned failover
Reverse replication
Unplanned failover
Prerequisites for deploying Hyper-V Replica:
o Physical location
o Network
o Storage hardware
o Server
o Domain membership
o Encryption
Tasks to implement Hyper-V Replica:
o Configure the replica server to accept replication
o Enable virtual machine replication
o Monitor replication
Failover options available once a virtual machine has been protected with
Hyper-V Replica:
o Test failover
o Planned failover
o Unplanned failover
Students will learn how to:

Configure Hyper-V replicas for failover.
Windows Server Pro: Advanced Services Exam Objectives:

5.0 High Availability Implementation.
o Enable virtual machine replication
70-412 Exam Objectives:

303 Configure site-level fault tolerance.
o Configure Hyper-V Replica including Hyper-V Replica Broker and
VMs
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:






What prerequisites must be met before deploying a Hyper-V Replica?
In which two ways can you complete the initial replication process?
What steps do you take to perform a planned failover?
When you perform a planned failover, how can you make sure that
changes made to the replica virtual machine are copied back to the
primary virtual machine when it is brought back online?
How can you monitor replication?
What steps do you take to perform an unplanned failover?
Video/Demo
6.2.1 Hyper-V Replicas
6.2.2 Configuring Hyper-V Replicas and VMs
Total
Time
1:38
12:30
14:08
Lab/Activity
Configure Hyper-V Replicas
Number of Exam Questions
6 questions
Total Time
About 30 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 7.1: Network Load Balancing
Summary
This section discusses using Network Load Balancing to achieve optimal
resource utilization. Concepts covered include:






The role of Load Balancing
How servers operate using NLB
Cluster operating modes:
o Unicast
o Multicast
Prerequisites prior to installing and configuring Network Load Balancing
(NLB):
o Install services
o Configure networking
Tasks to create an NLB cluster:
o Configure cluster DNS records
o Install the NLB feature
o Synchronize content
o Configure cluster members
NLB configuration facts
Students will learn how to:


Prepare a system for Network Load Balancing.
Install Network Load Balancing nodes.
Windows Server Pro: Advanced Services Exam Objectives:

5.0 High Availability Implementation.
o Implement network load balancing
70-412 Exam Objectives:

101 Configure Network Load Balancing (NLB).
o Install NLB nodes
o Configure NLB prerequisites
o Configure cluster operation mode
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:







What are the characteristics of NLB cluster members?
What mechanism do cluster members use to communicate consistent
information about cluster membership?
In unicast mode, how are MAC addresses used by cluster members?
How does communication between cluster members take place when
multicast mode is implemented?
What are the prerequisites for installing and configuring a Network Load
Balancing cluster?
What are the steps for creating an NLB cluster?
If you add a new host to a cluster, when does the new host to come
online?
Video/Demo
7.1.1 Network Load Balancing Overview
7.1.2 Configuring NLB Prerequisites and Installing NLB Nodes
Total
Time
3:53
7:30
11:23
Number of Exam Questions
4 questions
Total Time
About 20 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 7.2: Network Load Balancing Management
Summary
This section discusses management of Network Load Balancing. Details covered
include:



Port rules
Considerations when configuring port rules
Cluster status options for the Network Load Balancing Manger console or
Nlb.exe to manage the status of the NLB cluster:
o Suspend
o Resume
o Start
o Stop
o Drainstop
Students will learn how to:


Create and configure an Network Load Balancing cluster.
Define the port rules and cluster parameters for a NLB cluster.
70-412 Exam Objectives:

101 Configure Network Load Balancing (NLB).
o Configure affinity
o Configure port rules
o Upgrade an NLB cluster
Lecture Focus Questions:






How do port rules control how an NLB cluster functions?
What is the client affinity setting?
How can you ensure that requests from clients on a specific subnet
always connect to a specific cluster host?
What happens when you add a host to a cluster that has different port
rules?
What tasks do you perform to implement a load balancing cluster?
What happens to traffic processing after you use the drainstop option?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
7.2.1 Network Load Balancing Management
7.2.2 Managing Network Load Balancing
Total
Time
5:19
4:45
10:04
Lab/Activity
Configure an NLB Cluster 1
Configure an NLB Cluster 2
Number of Exam Questions
12 questions
Total Time
About 35 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 7.3: Failover Clustering
Summary
This section examines using Failover Clustering to increase the availability and
fault tolerance of network servers. Details covered include:









The role of Failover Clustering
Quorum modes:
o Node Majority
o Node and Disk Majority
o Node and File Share Majority
o No Majority: Disk Only
Dynamic quorum management
Cluster Shared Volumes
New key Failover Clustering features in Windows Server 2012:
o Cluster management
o Scale-out file server support
o Cluster-aware updates
o Virtual machine monitoring and management
New Failover Clustering features in Windows Server 2012 R2:
o CSV enhancements
o Guest clustering
o Active Directory-detached cluster support
Prerequisites before implementing Failover Clustering:
o Hardware
o Software
Tasks to configure Failover Clustering:
o Configure shared storage
o Add the Failover Clustering feature to the cluster members
o Validate the cluster configuration
o Create the failover cluster
o Configure the quorum
o Configure cluster storage
Implementing a guest cluster
Students will learn how to:





Install the Failover Cluster role on specified servers and create a failover
cluster.
Configure cluster storage.
Validate the cluster storage using the Validate Cluster Wizard.
Configure a cluster quorum.
Configure a file share witness.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.

Add cluster storage to a cluster and make the storage available to two
servers.
Windows Server Pro: Advanced Services Exam Objectives:

5.0 High Availability Implementation.
o Create a failover cluster
70-412 Exam Objectives:




102 Configure failover clustering.
o Configure Quorum
o Configure cluster networking
o Configure cluster storage
o Configure and optimize clustered shared volumes
o Configure clusters without network names
103 Manage failover clustering roles
o Configure role-specific settings including continuously available
shares
o Configure guest clustering
104. Manage virtual machine (VM) movement.
o Configure virtual machine network health protection
o Configure drain on shutdown
303. Configure site-level fault tolerance.
o Configure Hyper-V Replica extended replication
o Configure Global Update Manager
Lecture Focus Questions:








How does Failover Clustering differ from Network Load Balancing?
How does a single-instance application differ from a multiple-instance
application?
What are the four quorum modes and what method does each mode use
to reach a consensus?
Which quorum mode should be used if you have an even number of
cluster hosts and why?
Which quorum mode allows the cluster to continue operating even if only
one cluster host is still available?
How does dynamic quorum management for clusters in Windows Server
2012 differ from previous versions of Windows Server?
What considerations must you keep in mind when deploying serial
attached SCSI clustered storage configured with Storage Spaces?
Why is it important to run the validation wizard before creating a failover
cluster?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
Time
7.3.1 Failover Clustering Overview
10:51
7.3.2 Creating a Failover Cluster
4:44
7.3.3 Configuring Cluster Storage
2:25
7.3.4 Failover Clusters on Server 2012 R2
19:59
7.3.5 Configuring Failover Clusters on Server 2012 R2
4:30
7.3.6 Configuring Guest Clusters
17:02
7.3.7 Deploying a No Name Cluster
5:47
Total
65:18
Lab/Activity
Create a Failover Cluster
Configure Cluster Quorum Settings
Add Storage to a Cluster
Number of Exam Questions
15 questions
Total Time
About 100 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 7.4: Failover Cluster Management
Summary
This section discusses management of Failover Cluster. Details covered include:







Types of networks a cluster can use:
o Cluster storage
o Cluster node communication
o Client connections
How to simulate a failure and test failover procedures
Considerations when implementing a multi-site cluster
Cluster-Aware Updating (CAU)
CAU terminology:
o Updating run
o Update coordinator
o Updating run profiles
Tasks to implement CAU:
o Install CAU
o Verify CAU requirements
o (Optional) Configure hosts for remote updating
o Disable other automatic update mechanisms
o Launch the CAU console
o Run the CAU Best Practices Analyzer
Using the CAU console
Students will learn how to:




Manage failover clusters.
Manage a multi-site failover cluster.
Implement cluster-aware updating.
Rebuild a failed cluster.
70-412 Exam Objectives:



102 Configure failover clustering.
o Restore single node or cluster configuration
o Implement Cluster Aware Updating
o Upgrade a cluster
303 Configure site-level fault tolerance.
o Configure multi-site clustering including network settings, Quorum,
and failover settings.
o Recover a multi-site failover cluster
402. Implement an advanced DNS solution.
o Isolate DNSSEC key management and storage
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:








What are some ways you can simulate a failure in order to test failover
procedures?
What are the three types of networking available with clusters?
What is the advantage of locating the file share witness at a different
location than a cluster node?
In what two ways can you configure multi-site clustering? Which
configuration would be more likely to experience failover latency?
What are the steps to restore a failed cluster database from backup?
How can you tune the heartbeat settings to optimize a multi-site cluster?
Why can't you use DFS to replicate data in a multi-site cluster?
What is Cluster-Aware Updating?
Video/Demo
7.4.1 Failover Cluster Configuration
7.4.2 Implementing Cluster-Aware Updating
7.4.3 Restoring Single-node or Cluster Configuration
Total
Time
9:00
2:52
1:19
13:11
Number of Exam Questions
4 questions
Total Time
About 25 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 7.5: Failover Clustered Role Management
Summary
This section discusses management of the Failover Clustered role. Details
covered include:

Task to install and configure cluster roles:
o Select clustered applications
o Install clustered roles
o Configure clustered roles
Students will learn how to:



Manage failover cluster roles.
Configure preferred owners to identify the preferred host.
Configure policies to define what to do if a failure occurs.
Windows Server Pro: Advanced Services Exam Objectives:

5.0 High Availability Implementation.
o Configure clustered roles
70-412 Exam Objectives:

103 Manage failover clustering roles.
o Configure role-specific settings including continuously available
shares.
o Configure failover and preference settings.
Lecture Focus Questions:





What is a potential problem when running non-cluster-aware applications
on a cluster?
How do stateful applications differ from stateless applications?
What is a scale-out file server? What type of storage does a scale-out file
server require?
What is the purpose of the preferred owners setting?
What is failback? What types of failback are available for a clustered role?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
7.5.1 Configuring Failover and Preference Settings
Time
6:10
Lab/Activity
Add a Failover Cluster Role
Configure Failover and Preference Settings
Number of Exam Questions
8 questions
Total Time
About 25 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 7.6: Failover Cluster with Hyper-V
Summary
This section discusses using Failover Clustering to increase the availability of
Hyper-V virtual machines. Details include:


Tasks to implement a virtual machine within a cluster:
o Install the cluster
o Implement CSV
o Create the virtual machine and install the guest operating system
Windows Server 2012 features to manage the availability of clustered
Hyper-V virtual machines:
o Replication
o Storage migration
o Quick migration
o Live migration
o Virtual machine monitoring
Students will learn how to:

Migrate a virtual machine and all of its storage to a Hyper-V host server.
Windows Server Pro: Advanced Services Exam Objectives:

2.0 Advanced Storage Management.
o Migrate virtual machine storage.
70-412 Exam Objectives:


103. Manage failover clustering roles.
o Configure VM monitoring
104 Manage Virtual Machine (VM) movement.
o Perform live migration
o Perform quick migration
o Perform storage migration
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:



How does Storage Migration differ from Quick Migration?
What condition could cause an unplanned Live Migration to occur?
What is the main difference between a Quick Migration and a Live
Migration?
Video/Demo
7.6.1 Virtual Machine Monitoring and Migrations
7.6.2 Configuring Virtual Machine Monitoring
7.6.3 Migrating Virtual Machines
Total
Time
4:37
3:06
11:35
19:18
Lab/Activity
Migrate Virtual Machine Storage
Migrate a Virtual Machine
Number of Exam Questions
6 questions
Total Time
About 35 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 8.1: Active Directory Certificate Services
Overview
Summary
This section provides an overview of Active Directory Certificate Services. Details
covered include:







Terms with encryption and certificates:
o Cipher or algorithm
o Key
o Certificate
Encryption methods:
o Symmetric encryption
o Asymmetric Encryption (PKI)
Certification Authorities (CA)
Certification hierarchy
Role services to choose from when installing Active Directory Certificate
Services (AD CS):
o Certification Authority
o Certification Authority Web Enrollment
o Online Responder
o Network Device Enrollment Service (NDES)
o Certificate Enrollment Web Service
o Certificate Enrollment Policy Web Service
Features available through Active Directory Certificate Services:
o Certificate templates
o Autoenrollment
o Web enrollment
o Credential roaming
o Certificate enrollment across forests (cross-certification)
o High-volume CA support
Facts about CA installation
Students will learn how to:

Install an Enterprise Certificate Authority (CA).
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Windows Server Pro: Advanced Services Exam Objectives:

6.0 File Certificate Management.
o Configure a private certification authority
70-412 Exam Objectives:

602 Install and configure Active Directory Certificate Services (AD CS).
o Install an Enterprise Certificate Authority (CA)
Lecture Focus Questions:










What is the difference between symmetric and asymmetric encryption?
How do certificates prove identity?
What kinds of information do certificates hold?
What is the relationship of a CA to a PKI?
How can you ensure that users outside your organization trust your
certificate?
What are the advantages of using an enterprise CA over a standalone
CA?
How does an enterprise root differ from an enterprise subordinate?
Which server role should you add to make a server a CA that can issue
certificates to other CAs, users, and computers?
What features does the Online Responder service provide?
What is credential roaming?
Video/Demo
8.1.1 Overview of Certificates
8.1.2 Overview of Certificate Services
8.1.3 Installing an Enterprise AD CS
Total
Time
11:21
9:17
5:42
26:20
Number of Exam Questions
7 questions
Total Time
About 40 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 8.2: Certificate Management
Summary
This section discusses the following concepts of management of certificates:



Using certutil command options:
o -Verify
o -VerifyStore
o -VerifyKeys
o -RecoverKey
o -oid
Methods for requesting a certificate:
o Web Enrollment Pages
o Certificate Request Wizard through the Certificates snap-in
o Autoenrollment
o Command line
Facts about certificate requests
Students will learn how to:


Manage certificates such as requesting a user certificate and approving
pending certificates.
Revoke a certificate.
Windows Server Pro: Advanced Services Exam Objectives:

6.0 File Certificate Management.
o Issue certificates
70-412 Exam Objectives:

603 Install and configure Active Directory Certificate Services (AD CS).
o Manage certificate renewal
o Implement and manage certificate deployment, validation, and
revocation
o Manage certificate enrollment and renewal to computers and users
using Group Policies
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:





Which certutil command option would you use to verify a key set?
What functions does the Certification Authority Web Enrollment role
service provide?
How does an Enterprise CA process a certificate request differently from a
stand-alone CA?
What command would you enter at the command line to accept and install
a certificate?
What is the process for requesting a certificate from an offline CA?
Video/Demo
8.2.1 Managing Certificates
Time
3:22
Lab/Activity
Manage Certificates
Number of Exam Questions
12 questions
Total Time
About 25 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 8.3: Certificate Revocation
Summary
This section discusses certificate revocation. Details covered include:




Situations in which a digital certificate would be revoked
Facts about certificate revocation:
o The process used by a client to retrieve the certificate status
information
o The process to configure the online responder:
 Install the Online Responder role service
 Configure the OCSP Response Signing certificate
 Configure each CA to issue the OCSP Response Signing
template
 Configure each CA to include the online responder
 Configure revocation configurations on the online responder
o Considerations when configuring the online responder
Additional features that can be configured for the Revocation
Configuration on an online responder:
o Nonce/no-nonce request support
o Advanced cryptography
o Kerberos protocol integration
Considerations when configuring a single CA with multiple online
responders
Students will learn how to:



Configure a CRL Distribution Point.
Configure an Online Responder.
Manage certificate revocation.
Windows Server Pro: Advanced Services Exam Objectives:

6.0 File Certificate Management.
o Revoke certificates
70-412 Exam Objectives:


602 Install and configure Active Directory Certificate Services (AD CS).
o Configure CRL distribution points
o Install and configure Online Responder
603 Manage certificates.
o Implement and manage certificate deployment, validation, and
revocation
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:







In what situations would a certificate be revoked?
If a revoked certificate might be reinstated, what reason for revocation
should you use?
How do you specify CRL Distribution Points?
When would you publish a delta CRL?
What are the advantages to using an Online Responder to verify
certificate status?
What two options do you have for obtaining the OCSP Response Signing
Certificate?
Why is it necessary to configure CRLs and CDPs when you use an Online
Responder?
Video/Demo
8.3.1 Certificate Revocation
8.3.2 Configuring a CRL Distribution Point
8.3.3 Configuring an Online Responder
Total
Time
5:07
2:29
3:36
11:12
Lab/Activity
Manage Certificate Revocation
Number of Exam Questions
6 questions
Total Time
About 30 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 8.4: Certificate Templates
Summary
This section discusses using certificate templates. Details include:






The role of certificate templates
Considerations when managing certificate templates
Certificate template permissions:
o Full Control
o Read
o Write
o Enroll
o Autoenroll
Considerations when managing certificate template permissions
Schema version 1, 2, and 3 templates
Settings that can be modified for schema version 2 and 3 templates:
o Validity Period
o Publish in Active Directory
o Key Purpose
o Cryptographic Service Provider (CSP)
o Subject Name
o Issuance Requirement
o Extensions
Students will learn how to:


Manage and modify certificate templates.
Create and issue a certificate template.
Windows Server Pro: Advanced Services Exam Objectives:

6.0 File Certificate Management.
o Manage certificate templates
70-412 Exam Objectives:

603 Install and configure Active Directory Certificate Services (AD CS).
o Manage certificate templates
o Implement and manage certificate deployment, validation, and
revocation
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:





What are the purpose and the benefits of a certificate template?
What is best practice for maintaining the integrity of default templates?
How do you control which templates a CA can issue?
How are certificate templates replicated?
Which permissions does an administrator need to set and modify
certificate template contents and permissions?
Video/Demo
8.4.1 Certificate Templates
8.4.2 Using Certificate Templates
Total
Time
4:24
9:40
14:04
Lab/Activity
Modify Certificate Templates 1
Modify Certificate Templates 2
Number of Exam Questions
6 questions
Total Time
About 35 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 8.5: Certificate Autoenrollment
Summary
In this section students will learn about certificate autoenrollment. Details include:


The role of autoenrollment
Steps to configure autoenrollment
Students will learn how to:



Configure the templates for autoenrollment.
Enable certificate autoenrollment for users and computers.
Create certificates for smart cards and require smart cards for logon.
Windows Server Pro: Advanced Services Exam Objectives:

6.0 File Certificate Management.
o Enable autoenrollment
70-412 Exam Objectives:

603 Manage certificates.
o Manage certificate renewal
o Manage certificate enrollment and renewal to computers and users
using Group Policies
Lecture Focus Questions:





Which three autoenroll settings require user intervention when selected?
In addition to allowing certificates to be requested, issued, or renewed,
which other management tasks does autoenrollment perform?
Which template version(s) is required for autoenrollment?
When automatic renewal is enabled, how can you force users to re-enroll
for a certificate template?
When configuring autoenrollment, which permissions should you grant to
users or computers to allow autoenrollment?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
8.5.1 Certificate Autoenrollment
8.5.2 Configuring Certificate Autoenrollment
Total
Time
0:49
2:49
3:38
Lab/Activity
Configure Templates for Autoenrollment
Enable Autoenrollment for the Domain
Create Certificates for Smart Cards
Require Smart Cards for Logon
Number of Exam Questions
5 questions
Total Time
About 30 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 8.6: Key Archival and Recovery
Summary
This section examines key archival and recovery. Details in this section include:




Methods to back up private keys
Key archival
Steps to configure key archival
Recovering a lost key
Students will learn how to:



Create and publish the key recovery agent to the CA.
Configure a CA for key archival.
Recover a key.
Windows Server Pro: Advanced Services Exam Objectives:

6.0 File Certificate Management.
o Issue certificates
70-412 Exam Objectives:

603 Manage certificates.
o Configure and manage key archival and recovery
Lecture Focus Questions:





In order for a user's private key to be backed up, what action must the
user take? Which permission does this action require?
What is key archival? What steps are involved in key archival?
What function does a Key Recovery Agent perform?
What are the template requirements for key archival?
What are the steps for recovering a lost key?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
8.6.1 Key Archival and Recovery
8.6.2 Creating and Managing Key Recovery Agents
8.6.3 Configuring a CA for Key Archival
8.6.4 Recovering a Key
Total
Time
3:03
3:49
4:47
3:49
15:28
Number of Exam Questions
7 questions
Total Time
About 25 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 8.7: Certificate Authority (CA) Management
Summary
This section examines the following about managing the Certificate Authority:



Permissions that control the ability to manage the CA:
o Read
o Issue and Manage Certificates
o Manage CA
o Request Certificates
Enabling administrative role separation
Tasks that can be performed through Certification Authority snap-in or the
certutil.exe command line utility:
o Certificate Management Delegation
o Enrollment Agent Delegation
o Key Archival
o Certificate Request Handling
o Auditing
Students will learn how to:



Configure security roles on the CA; the enrollment agent, certificate
manager, and the CA manager.
Restrict the security role of an enrollment agent or a certificate manager to
a particular template.
Configure administrative role separation to not allow a user to have
multiple roles assigned.
70-412 Exam Objectives:

602 Manage certificates.
o Implement administrative role separation
Lecture Focus Questions:





Which permission(s) do you need to access and modify CA properties?
What is administrative role separation? What implication does it have for
assigning permissions for certificate management?
How do you control the certificates that a manager can manage?
How can you monitor changes to the CA configuration? Which Group
Policy setting must you enable to do this?
What are the steps in key archival?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
8.7.1 Managing the CA
8.7.2 Configuring Security Roles on the CA
8.7.3 Limiting Security Roles on the CA
8.7.2 Configuring Administrative Role Separation
Total
Time
3:50
2:02
3:28
1:36
10:56
Number of Exam Questions
6 questions
Total Time
About 20 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 8.8: CA Backup and Recovery
Summary
This section covers methods to back up and restore a CA. Details include:




System State Backup
Certification Authority Console backup
Backup and restore using certutil.exe
Steps to move a CA from one server to another
Students will learn how to:

Use the certutil command to backup and recover CA files.
70-412 Exam Objectives:

602 Install and configure Active Directory Certificate Services (AD CS).
o Configure CA backup and recovery
Lecture Focus Questions:




Which components of a CA does a system state backup back up?
How does a Certification Authority Console backup differ from a system
state backup?
When you move a CA from one server to another, which items might need
to be reconfigured?
Which options would you use with the certutil command to back up only
the CA database and the keys and certificates?
Video/Demo
8.8.1 CA Backup and Recovery
8.8.2 CA Backup and Recovery
Total
Time
0:51
2:26
3:17
Number of Exam Questions
8 questions
Total Time
About 15 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 9.1: AD RMS Overview
Summary
This section provides an overview of AD RMS. Concepts covered include:









Usage policies
Templates
Licenses:
o Client license
o Publishing license
o Use license
Components of an AD RMS system:
o AD RMS server
o Database server
o AD DS
o AD RMS-enabled application
o AD RMS client
o AD RMS Add-on for IE
Active Directory Federation Services (AD FS)
AD RMS trust policies
AD RMS supports the following trust hierarchies:
o ISV hierarchy
o Production hierarchy
Add AD RMS domains to a list of trusted user domains in an AD RMS
cluster
AD RMS consists of the following services:
o Logging services
o Web services
Windows Server Pro: Advanced Services Exam Objectives:

7.0 Digital Rights Management.
o Configure AD RMS policies
o Configure trusted user domains
70-412 Exam Objectives:

604 Install and configure Active Directory Rights Management Services
(AD RMS).
o Manage trusted user domains
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:





How do usage policies help safeguard digital information from intentional
or unintentional misuse?
How are usage policy templates used by administrators in implementing
AD RMS?
How does a client license differ from a use license?
How are protected documents created?
What RMS related functions do RMS-enabled applications perform?
Video/Demo
9.1.1 AD RMS Overview
Time
5:49
Number of Exam Questions
3 questions
Total Time
About 10 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 9.2: AD RMS Installation
Summary
This section discusses installing and configuring AD RMS. Concepts covered
include:





AD RMS hardware and software requirements
Configuration choices to make during AD RMS installation:
o Cluster
o Database location
o Service account
o Cluster key
o Cluster address
o Service connection point (SCP)
Considerations about AD RMS installation
Windows PowerShell cmdlets modules for:
o AD RMS deployment
o AD RMS administration
Key tasks for AD RMS backup and recovery:
o Secure the cluster key password
o Export the trusted publishing domain
o Back up the AD RMS database
o Restore the AD RMS database
Students will learn how to:


Install and configure AD RMS.
Configure the AD RMS Service Connection Point (SCP).
Windows Server Pro: Advanced Services Exam Objectives:

7.0 Digital Rights Management.
o Configure trusted publishing domains
70-412 Exam Objectives:

604 Install and configure Active Directory Rights Management Services
(AD RMS).
o Install a licensing or certificate AD RMS server
o Manage AD RMS Service Connection Point (SCP)
o Backup and restore AD RMS
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:






In addition to the AD RMS role, which Web services are required to install
AD RMS?
How does a root cluster differ from a licensing-only cluster?
What advantages does a licensing-only cluster have in implementing AD
RMS?
What are the requirements for setting up the service account for AD RMS?
Which tasks use the AD RMS administrator password?
What should you consider when defining a cluster address?
Video/Demo
9.2.1 AD RMS Installation
9.2.2 Installing AD RMS
9.2.3 Configuring AD RMS Backup and Recovery
9.2.4 Configuring the AD RMS Service Connection Point (SCP)
Total
Time
4:06
10:59
6:40
2:27
24:12
Number of Exam Questions
9 questions
Total Time
About 40 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 9.3: AD RMS Client Deployments
Summary
This section discusses considerations when working with AD RMS client
deployments.
Students will learn how to:

Configure the client workstation to manage AD RMS client deployments.
70-412 Exam Objectives:

604 Install and configure Active Directory Rights Management Services.
o Manage AD RMS client deployment
Lecture Focus Questions:





Why it is necessary to add the URL of the AD RMS server to the Local
Intranet zone of each AD RMS client workstation?
In addition to Read and Change permissions, what options can be
configured on a document or a message?
How are restrictions within a document or message assigned?
What are the software requirements for opening AD RMS protected
documents?
How can users determine the level of access they have to a document or
message?
Video/Demo
9.3.1 Managing AD RMS Client Deployments
Time
10:02
Number of Exam Questions
7 questions
Total Time
About 20 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 9.4: AD RMS Templates
Summary
In this section students will learn about using AD RMS templates. Concepts
covered include:




Rights policy templates:
o Distributed rights policy templates
o Archived rights policy templates
o Exclusion policies
Tasks to create a new distributed rights policy template:
o Add template identification information
o Add user rights
o Specify an expiration policy
o Specify extended policy conditions
o Specify a revocation policy
Best practice guidelines when deploying rights policy templates with AD
RMS client
Certificates or licenses that are used by AD RMS:
o Server Licensor Certificate (SLC)
o Rights Account Certificate (RAC)
o Client Licensor Certificate (CLC)
o Machine Certificate
o Publishing License
o Use License
Students will learn how to:


Create custom templates that can be distributed to users.
Configure a user exclusion policy that will restrict particular users from
obtaining licenses from a specified cluster.
Windows Server Pro: Advanced Services Exam Objectives:

7.0 Digital Rights Management.
o Manage AD RMS templates
70-412 Exam Objectives:

604 Install and configure Active Directory Rights Management Services.
o Manage RMS templates
o Configure Exclusion Policies
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Lecture Focus Questions:






How can administrators deploy rights policy templates to user computers
so the templates are available for offline publishing?
What is the purpose of archiving rights policy templates that are no longer
being used for new documents?
What are lockbox exclusion policies?
How does the AD RMS client manage rights policy templates?
What conditions can be used to configure an expiration policy?
What is self-enrollment? How is it used in AD RMS?
Video/Demo
9.4.1 AD RMS Templates
9.4.2 Using AD RMS Templates
Total
Time
1:52
15:12
17:04
Lab/Activity
Configure a Distributed Rights Policy Template
Configure a User Exclusion
Number of Exam Questions
4 questions
Total Time
About 25 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 10.1: AD FS Overview
Summary
This section provides an overview of Active Directory Federation Services (AD
FS). Concepts covered include:



The role of AD FS
Organizations that AD FS is designed for
AD FS terms:
o Account partner
o AD FS Web agent
o AD FS-enabled Web server
o Claim
o Claims-aware application
o Claim mapping
o Federation
o Federation servers
o Federation trust
o Organization claim
o Resource partner
o Security token
o Security Token Service (STS)
o Single Sign-On (SSO)
o Trust policy
o Windows token-based
Lecture Focus Questions:






What are the benefits of Active Directory Federated Services (AD FS)?
You have users in a domain who need to access a Web application in a
partner domain. Which domain is the account domain, and which is the
resource domain?
What is a claim? What type of information can be included in a claim?
What is the difference between a claims-aware application and a tokenbased application?
What is claim mapping?
What is a trust policy?
Video/Demo
10.1.1 AD FS Overview
Time
4:04
Number of Exam Questions
3 questions
Total Time
About 10 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 10.2: AD FS Certificates
Summary
This section provides details of using AD FS certificates.


AD FS requires each server have a certificate that is used for SSL
communications
Tasks to configure AD FS server relationships:
o Issuance an SSL certificate to the root CAs in both forests
o Export both root CAs’ certificates
o Enroll the SSL certificates on the AD FS servers
o Configure each serer to trust its own root CA
o Configure each AD FS server to trust the root CAs from the other
forest
Students will learn how to:



Enroll SSL certificates on AD FS servers.
Configure an AD FS server to trust its own root CAs.
Configure an AD FS server to trust the root CA from another forest.
70-412 Exam Objectives:

601 Implement Active Directory Federation Services 2.1 (AD FSv2.1).
o Manage AD FS certificates
Lecture Focus Questions:




What trust relationships must be configured for AD FS servers?
How do you configure an AD FS server to trust the root CA from another
forest?
Which parameters do you configure when using the Certificate Enrollment
wizard to request an SSL certificate?
When exporting root CA certificates, which parameters should you use?
Video/Demo
Time
10.2.1 AD FS Certificates
10.2.2 Managing AD FS Certificates
1:33
11:35
Total
13:08
Number of Exam Questions
3 questions
Total Time
About 15 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 10.3: Resource Partner
Summary
This section provides information about configuring the resource partner.
Concepts covered include:







Role services that can be installed during the installation of AD FS:
o Federation Service
o Federation Service Proxy
o Claims-aware Agent
o Windows Token-based Agent
Tasks to install AD FS:
o Create SSL certificates
o Create a group managed service account
o Install the AD FS role\Run the AD FS Federation Server
Configuration Wizard
The role of the resource partner
The role of federation servers
The role of the AD FS Management snap-in
Tasks to create a claims provider trust on the resource partner:
o Start the Add Claims Provider Trust Wizard
o Specify the data source
o Configure a display name
o Edit claim rules
Windows Server 2012 R2:
o AD FS can use multi-factor authentication (MFA)
o Default AD FS authentication primary methods to validate users’
identities:
 Forms Authentication
 Windows Authentication
o The process to configure MFA
o Workplace join
o Considerations when applying an authentication policy as a global
scope
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Students will learn how to:

Configure the AD FS server on the resource partner.
70-412 Exam Objectives:

601 Implement Active Directory Federation Services 2.1 (AD FSv2.1).
o Install AD FS
o Configure authentication policies
o Configure multi-factor authentication
o Configure Workplace Join
Lecture Focus Questions:





What is the role of the resource partner in AD FS?
When adding a claims provider, what are the preferred ways to obtain
data about the claims provider?
What is the function of the claims-aware agent?
How does the Windows token-based agent allow Windows token-based
applications to work with AD FS?
What is the function of acceptance transform rules? Where are they
configured?
Video/Demo
10.3.1 Resource Partner
10.3.2 Configuring the Resource Partner
10.3.6 Configuring Multi-factor Authentication
10.3.7 Configuring Workplace Join
Total
Time
5:08
20:38
5:48
19:15
50:49
Number of Exam Questions
7 questions
Total Time
About 65 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 10.4: Accounts Partner
Summary
This section discusses configuring the accounts partner. Concepts covered
include:




The role of account partner
The role of Federation servers
Using the AD FS Management snap-in
Tasks to create a relying party trust on the account partner:
o Start the Add Relying Party Trust Wizard
o Specify the data source
o Configure a display name
o Configure issuance authorization rules
o Edit claim rules
Students will learn how to:

Create a relying party trust on the account partner.
70-412 Exam Objectives:

601 Implement Active Directory Federation Services 2.1 (AD FSv2.1).
o Implement claims-based authentication including Relying Party
Trusts
Lecture Focus Questions:





How do federation servers in the account partner organization enable
single sign-on capabilities to users?
What are relying party trusts?
In which locations are relying party trusts usually created?
What functions does the account partner provide?
What is the purpose of delegation authorization rules?
Video/Demo
10.4.1 Configuring the Accounts Partner
Time
8:21
Number of Exam Questions
6 questions
Total Time
About 15 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 10.5: AD FS Proxies
Summary
This section discusses AD FS proxies. Details include:


The role of the AD FS Proxy
Tasks to configure an AD FS Proxy server:
o Export the internal AD FS server certificate
o Import AD FS server certificate
o Configure an SSL certificate on the default IIS web site
o Add an entry for the AD FS server to the hosts file
o Install the AD FS Proxy role service
o Configure the AD FS Proxy
o Configure the DNS records
Students will learn how to:


Install an AD FS proxy server.
Configure an AD FS proxy server.
70-412 Exam Objectives:

601 Implement Active Directory Federation Services 2.1 (AD FSv2.1).
o Configure AD FS proxy
Lecture Focus Questions:





What are the differences between the Federation Service and Federation
Service Proxy?
How can an AD FS Proxy provide protection for your network?
How does DNS perform resolution when an AD FS proxy resides in a
DMZ?
What information does the AD FS proxy server store?
For what purposes does AD FS proxy use WE-Federation Passive
Requestor Profile (WS-F PRP) protocols?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
10.5.1 AD FS Proxies
10.5.2 Configuring AD FS Proxies
Total
Time
1:48
9:00
10:48
Number of Exam Questions
5 questions
Total Time
About 20 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 10.6: AD FS and Cloud Services
Summary
In this section students will learn the following facts about integrating AD FS and
cloud services.






Install prerequisite software
Install Windows Azure Pack for Windows Server
Configure the AD FS server
Configure the Azure management portals to trust the AD FS server
Configure the Azure tenant authentication site to trust the AD FS server
Configure the AD FS server to trust the Azure management portals
70-412 Exam Objectives:

601 Implement Active Directory Federation Services 2.1 (AD FSv2.1).
o Integrate with Cloud Services
Lecture Focus Questions:




What are the benefits of integrating AD FS with Cloud services?
What Web Platform products must be installed before installing Windows
Azure on a Windows Server?
Which management portals must the AD FS host be configured to reach?
Which transformation rules must be applied to the management portal for
tenants?
Video/Demo
10.6.1 AD FS and Cloud Services
Time
1:25
Number of Exam Questions
5 questions
Total Time
About 10 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Section 10.7: AD FS and AD RMS
Summary
In this section students will learn about options to select if the AD RMS system
need to support users located in a different forest:



Trusted user domains
Trusted publishing domains
AD RMS federated identity support
Students will learn how to:



Configure a trusted user domain.
Configure a trusted publishing domain.
Enable Federated Identity Support on an AD RMS server.
70-412 Exam Objectives:

604 Install and configure Active Directory Rights Management Services
(AD RMS).
o Manage Federated Identity support
Lecture Focus Questions:




What is a possible ramification of failing to configure trusted email
domains?
What options do you have if the AD RMS system needs to support users
located in a different forest?
Which option for AD RMS support poses the greatest security risk?
What are the advantages to using AD RMS Federated Identity support?
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Video/Demo
10.7.1 AD FS and AD RMS
10.7.2 Configuring Trusted User Domains
10.7.4 Configuring Trusted Publishing Domains
10.7.6 Managing Federated Identity Support
Total
Time
2:49
2:51
3:17
4:10
13:07
Lab/Activity
Configure a Trusted User Domain
Configure a Trusted Publishing Domain
Number of Exam Questions
5 questions
Total Time
About 30 minutes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Windows Server Pro: Advanced Services Practice
Exams
Summary
This section provides information to help prepare students to take the Windows
Server Pro: Advanced Services certification exam. Students will have the
opportunity of testing their mastery of the concepts presented in this course to
reaffirm that they are ready for the certification exam.
Students will typically take about 5-10 minutes (depending upon the complexity
and their level of knowledge) to complete each simulation question in the
following practice exams. There is no time limit on the amount of time a student
can take to complete the practice exams for the following domains.
Objective 1: Advanced Active Directory Configuration (10 simulation questions)
Objective 2: Advanced Storage Management (4 simulation question)
Objective 3: Server Data Protection (4 simulation questions)
Objective 4: Advanced DHCP and DNS Configuration (7 simulation questions)
Objective 5: High Availability Implementation (10 simulation questions)
Objective 6: Certificate Management (8 simulation questions)
Objective 7: Digital Rights Management (4 simulation questions)
The Windows Server Pro: Advanced Services Certification Practice Exam
consists of 15 simulation questions that are randomly selected from the above
practice exams. Each time the Certification Practice Exam is accessed different
questions may be presented.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Microsoft 70-412 Practice Exams
Summary
This section provides information to help prepare students to take the MS 70-412
exam and to register for the exam. Students will have the opportunity of testing
their mastery of the concepts presented in this course to reaffirm that they are
ready for the certification exam.
Students will typically take about 1 minute to complete each question in the
following practice exams. There is no time limit on the amount of time a student
can take to complete the practice exams for the following domains.
Objective 100. Configure and Manage High Availability (62 questions)
Objective 200. Configure File and Storage Solutions (37 questions)
Objective 300. Implement Business Continuity and Disaster Recovery (39
questions)
Objective 400. Configure Network Services (67 questions)
Objective 500. Configure the Active Directory Infrastructure (60 questions)
Objective 600. Configure Identity and Access Solutions (112 questions)
The Microsoft 70-412 Certification Practice Exam consists of 60 questions that
are randomly selected from the above practice exams. Each time the
Certification Practice Exam is accessed different questions may be presented.
The Certification Practice Exam has a time limit of 2 hours. A passing score of
95% should verify that the student has mastered the concepts and is ready to
take the real certification exam.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Appendix A: Approximate Time for the Course
The total time for the LabSim Windows Server Pro: Advanced Services course is
approximately 40 hours and 10 minutes. The time is calculated by adding the
approximate time for each section which is calculated using the following
elements:




Video/demo times
Approximate time to read the text lesson (the length of each text lesson is
taken into consideration)
Simulations (5 minutes assigned per simulation, of course many students
may take longer depending upon their knowledge level and experience)
Questions (1 minute per question)
The breakdown for this course is as follows:
Module
Sections
Time
Minute
HR:MM
50
50
20
30
40
60
35
35
320
5:20
25
25
55
20
35
45
205
3:25
35
15
35
20
105
1:45
1.0 Active Directory Infrastructure
1.1 Multi-Domain Forests
1.2 Cross-Forest Trusts
1.3 External, Shortcut and Realm Trusts
1.4 Sites Overview
1.5 Managing Sites
1.6 Managing Replication
1.7 Read-Only Domain Controllers (RODCs)
1.8 RODC Management
2.0 File and Storage Solutions
2.1 Network File System (NFS)
2.2 BranchCache
2.3 Dynamic Access Control (DAC)
2.4 DAC Management
2.5 Advanced Storage
2.6 Storage Optimization
3.0 Disaster Recovery
3.1 Windows Server Backup
3.2 Restore from Backup
3.3 Volume Shadow Copies
3.4 Boot Configuration Data (BCD) Store
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
4.0 Advanced DHCP
4.1 DHCP Overview
4.2 DHCP Scopes
4.3 DHCP and IPv6
4.4 DHCP High Availability
4.5 IPAM Overview
4.6 IPAM Configuration
4.7 IPAM Management
10
45
25
40
35
30
5
190
3:10
40
20
15
75
1:15
30
30
60
1:00
20
35
100
25
25
35
240
4:00
40
25
30
35
30
25
20
15
220
3:40
10
40
20
25
95
1:35
5.0 Advanced DNS
5.1 DNS Security
5.2 Advanced DNS Settings
5.3 GlobalNames Zones
6.0 Hyper-V
6.1 Virtual Machine Management
6.2 Hyper-V High Availability
7.0 High Availability
7.1 Network Load Balancing
7.2 Network Load Balancing Management
7.3 Failover Clustering
7.4 Failover Cluster Management
7.5 Failover Clustered Role Management
7.6 Failover Cluster with Hyper-V
8.0 Active Directory Certificate Services
8.1 Active Directory Certificate Services Overview
8.2 Certificate Management
8.3 Certificate Revocation
8.4 Certificate Templates
8.5 Certificate Autoenrollment
8.6 Key Archival and Recovery
8.7 Certificate Authority (CA) Management
8.8 CA Backup and Recovery
9.0 Active Directory Rights Management Services (AD RMS)
9.1 AD RMS Overview
9.2 AD RMS Installation
9.3 AD RMS Client Deployments
9.4 AD RMS Templates
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
10.0 Active Directory Federation Services (AD FS)
10.1 AD FS Overview
10.2 AD FS Certificates
10.3 Resource Partner
10.4 Accounts Partner
10.5 AD FS Proxies
10.6 AD FS and Cloud Services
10.7 AD FS and AD RMS
10
15
65
15
20
10
30
165
2:45
310
5:10
425
7:05
2410
40:10
Windows Server Pro: Advanced Services Practice Exam
Obj. 1. Advanced Active Directory Configuration
(10 simulation questions)
Obj. 2. Advanced Storage Management (4
simulation questions)
Obj. 3. Server Data Protection (4 simulation
questions)
Obj. 4. Advanced DHCP and DNS Configuration (7
simulation questions)
Obj. 5. High Availability Implementation (10
simulation questions)
Obj. 6. Certificate Management (8 simulation
questions)
Obj. 7. Digital Rights Management (4 simulation
questions)
Certification Practice Exam (15 questions)
50
20
20
35
50
40
20
75
Microsoft 70-412 Practice Exams
Obj. 100. Configure and Manage High Availability
(59 questions)
59
Obj. 200. Configure File and Storage Solutions (35
questions)
35
Obj. 300. Implement Business Continuity and
Disaster Recovery (39 questions)
Obj. 400. Configure Network Services (63 questions)
39
63
Obj. 500. Configure the Active Directory
Infrastructure (60 questions)
60
Obj. 600. Configure Identity and Access Solutions
(109 questions)
Certification Practice Exam (60 questions)
109
60
Total
Time
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Appendix B: Exam 70-412: Configuring Advanced
Windows Server 2012 Services Objectives
The Windows Exam 70-412: Configuring Advanced Windows Server 2012
Services certification exam covers the following objectives. In the spread sheet
below, the column to the right lists the sections where the information is located
in the course:
#
Objective
100
Configure and Manage High Availability (17
percent)
101
Configure Network Load Balancing (NLB)
This objective may include but is not limited to:
Module.Section
7.1, 7.2
Install NLB nodes
Configure NLB prerequisites
Configure affinity
Configure port rules
Configure cluster operation mode
Upgrade an NLB cluster
102
Configure failover clustering
This objective may include but is not limited to:
2.6, 7.3, 7.4
Configure Quorum
Configure cluster networking
Restore single node or cluster configuration
Configure cluster storage
Implement Cluster Aware Updating
Upgrade a cluster
Configure and optimize clustered shared
volumes
Configure clusters without network names
Configure storage spaces
103
Manage failover clustering roles
This objective may include but is not limited to:
7.3, 7.5, 7.6
Configure role-specific settings, including
continuously available shares
Configure virtual machine (VM) monitoring
Configure failover and preference settings
Configure guest clustering
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
104
Manage Virtual Machine (VM) movement
This objective may include but is not limited to:
6.1, 7.3, 7.6
Perform live migration
Perform quick migration
Perform storage migration
Import, export, and copy VMs
Migrate from other platforms (P2v and V2V)
Configure VM network health protection
Configure drain on shutdown
200
Configure File and Storage Solutions (16
percent)
201
Configure advanced file services
This objective may include but is not limited to:
2.1, 2.2, 2.3, 2.4
Configure NFS data store
Configure BranchCache
Configure File Classification Infrastructure
(FCI) using File Server Resource Manager
(FSRM)
Configure file access auditing
202
Implement Dynamic Access Control (DAC)
This objective may include but is not limited to:
2.3, 2.4
Configure user and device claim types
Implement policy changes and staging
Perform access-denied remediation
Configure file classification
Create and configure Central Access rules and
policies
Create and configure resource properties and
lists
203
Configure and optimize storage
This objective may include but is not limited to:
2.5, 2.6
Configure iSCSI Target and Initiator
Configure Internet Storage Name server
(iSNS)
Implement thin provisioning and trim
Manage server free space using Features on
Demand
Configure tiered storage
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
300
Implement Business Continuity and Disaster
Recovery (16 percent)
301
Configure and manage backups
This objective may include but is not limited to:
3.1, 3.3
Configure Windows Server backups
Configure Windows Online backups
Configure role-specific backups
Manage VSS settings using VSSAdmin
302
Recover servers
This objective may include but is not limited to:
3.2, 3.4
Restore from backups
Perform a Bare Metal Restore (BMR)
Recover servers using Windows Recovery
Environment (Win RE) and safe mode
Apply System Restore snapshots
Configure the Boot Configuration Data (BCD)
store
303
Configure site-level fault tolerance
This objective may include but is not limited to:
6.1, 6.2, 7.3, 7.4
Configure Hyper-V Replica, including Hyper-V
Replica Broker and VMs
Configure multi-site clustering, including
network settings, Quorum, and failover
settings
Configure Hyper-V Replica extended
replication
Configure Global Update Manager
Recover a multi-site failover cluster
400
Configure Network Services (17 percent)
401
Implement an advanced Dynamic Host
Configuration Protocol (DHCP) solution
This objective may include but is not limited to:
4.1, 4.2, 4.3, 4.4
Create and configure superscopes and
multicast scopes
Implement DHCPv6
Configure high availability for DHCP, including
DHCP failover and split scopes
Configure DHCP Name Protection
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Configure DNS registration
402
Implement an advanced DNS solution
This objective may include but is not limited to:
5.1, 5.2, 5.3
Configure security for DNS including Domain
Name System Security Extensions
(DNSSEC), DNS Socket Pool, and cache
locking
Configure DNS logging
Configure delegated administration
Configure recursion
Configure netmask ordering
Configure a GlobalNames zone
Analyze zone level statistics
Isolate DNSSEC key management and
storage.
403
Deploy and manage IPAM
This objective may include but is not limited to:
4.5, 4.6, 4.7
Provision IPAM manually or by using Group
Policy
Configure server discovery
Create and manage IP blocks and ranges
Monitor utilization of IP address space
Migrate to IPAM
Delegate IPAM administration
Manage IPAM collections
Configure IPAM database storage
500
Configure the Active Directory Infrastructure (18
percent)
501
Configure a forest or a domain
This objective may include but is not limited to:
1.1
Implement multi-domain and multi-forest Active
Directory environments including
interoperability with previous versions of
Active Directory
Upgrade existing domains and forests
including environment preparation and
functional levels
Configure multiple user principal name (UPN)
suffixes
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
502
Configure trusts
This objective may include but is not limited to:
1.2, 1.3
Configure external, forest, shortcut, and
realm trusts
Configure trust authentication
Configure SID filtering
Configure name suffix routing
503
Configure sites
This objective may include but is not limited to:
1.4, 1.5
Configure sites and subnets
Create and configure site links
Manage site coverage
Manage registration of SRV records
Move domain controllers between sites
504
Manage Active Directory and SYSVOL
replication
This objective may include but is not limited to:
1.6, 1.7, 1.8
Configure replication to Read-Only Domain
Controllers (RODCs)
Configure Password Replication Policy
(PRP) for RODCs
Monitor and manage replication
Upgrade SYSVOL replication to Distributed
File System Replication (DFSR)
600
Configure Identity and Access Solutions (16
percent)
601
Implement Active Directory Federation Services
2.1 (AD FSv2.1)
This objective may include but is not limited to:
10.1, 10.2, 10.3,
10.4,10.5, 10.6
Install AD FS
Implement claims-based authentication,
including Relying Party Trusts
Configure authentication policies
Configure Workplace Join
Configure multi-factor authentication
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
602
Install and configure Active Directory Certificate
Services (AD CS)
This objective may include but is not limited to:
8.1, 8.3. 8.7,
8.8
Install an Enterprise Certificate Authority (CA)
Configure CRL distribution points
Install and configure Online Responder
Implement administrative role separation
Configure CA backup and recovery
603
Manage certificates
This objective may include but is not limited to:
8.2, 8.3, 8.4,
8.5, 8.6
Manage certificate templates
Implement and manage certificate deployment,
validation, and revocation
Manage certificate renewal
Manage certificate enrollment and renewal to
computers and users using Group Policies
Configure and manage key archival and recovery
604
Install and configure Active Directory Rights
Management Services (AD RMS)
This objective may include but is not limited to:
9.1, 9.2, 9.3,
9.4,10.7
Install a licensing or certificate AD RMS server
Manage AD RMS Service Connection Point (SCP)
Manage RMS templates
Configure Exclusion Policies
Back up and restore AD RMS
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Appendix C: Windows Server Pro: Advanced Services
Objectives
The Windows Server Pro: Advanced Services certification exam covers the
following objectives. In the spread sheet below, the column to the right lists the
sections where the information is located in the course:
#
1.0
Objective
Advanced Active Directory Configuration
Raise the functional level of an Active
Directory forest.
Create forest root, cross-forest, external,
shortcut, and realm trusts.
Manage sites, subnets, and site links.
Configure site replication.
Implement read-only domain controllers.
2.0
Module.Section
Advanced Storage Management
1.1, 1.2, 1.3, 1.5, 1.6,
1.7, 1.8
2.1, 2.3, 2.4, 2.5, 7.6
Implement NFS to support UNIX/Linux
systems.
Implement Dynamic Access Control
(DAC).
Implement an iSCSI SAN.
Migrate virtual machine storage.
3.0
Server Data Protection
3.1, 3.2, 3.3
Configure server backups.
Enable shadow copies.
Restore server data from backup.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
4.0
Advanced DHCP and DNS Configuration
4.3, 4.4, 5.1, 5.2, 5.3
Configure DHCP to support IPv6.
Configure split DHCP scopes.
Configure DHCP failover.
Protect zone data with DNSSEC.
Configure advanced DNS server
settings.
Configure a GlobalNames zone.
5.0
High Availability Implementation
6.2, 7.1, 7.3, 7.5
Implement network load balancing.
Create a failover cluster.
Configure clustered roles.
Enable virtual machine replication
6.0
Certificate Management
8.1, 8.2, 8.3, 8.4, 8.5,
8.6
Configure a private certification authority.
Manage certificate templates.
Issue certificates.
Revoke certificates.
Enable autoenrollment.
7.0
Digital Rights Management
9.1, 9.2, 9.4
Configure AD RMS policies.
Manage AD RMS templates.
Configure trusted user domains.
Configure trusted publishing domains.
Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade
names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.
Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation
with any of these companies and the products and services advertised herein are not endorsed by any of them.
Download