TestOut Windows Server Pro: Advanced Services – English 3.1.x LESSON PLAN Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Table of Contents Course Overview .................................................................................................. 4 Course Introduction for Instructors ........................................................................ 6 Section 1.1: Multi-Domain Forests ........................................................................ 8 Section 1.2: Cross-Forest Trusts ........................................................................ 10 Section 1.3: External, Shortcut and Realm Trusts .............................................. 12 Section 1.4: Sites Overview ................................................................................ 14 Section 1.5: Managing Sites ............................................................................... 16 Section 1.6: Managing Replication...................................................................... 18 Section 1.7: Read-Only Domain Controllers (RODCs)........................................ 20 Section 1.8: RODC Management........................................................................ 22 Section 2.1: Network File System (NFS) ............................................................. 24 Section 2.2: BranchCache .................................................................................. 26 Section 2.3: Dynamic Access Control (DAC) ...................................................... 28 Section 2.4: DAC Management........................................................................... 30 Section 2.5: Advanced Storage .......................................................................... 32 Section 2.6: Storage Optimization....................................................................... 34 Section 3.1: Windows Server Backup ................................................................. 36 Section 3.2: Restore from Backup ...................................................................... 38 Section 3.3: Volume Shadow Copies .................................................................. 40 Section 3.4: Boot Configuration Data (BCD) Store ............................................. 42 Section 4.1: DHCP Overview .............................................................................. 44 Section 4.2: DHCP Scopes ................................................................................. 46 Section 4.3: DHCP and IPv6 ............................................................................... 48 Section 4.4: DHCP High Availability.................................................................... 50 Section 4.5: IPAM Overview ............................................................................... 52 Section 4.6: IPAM Configuration ......................................................................... 54 Section 4.7: IPAM Management ......................................................................... 56 Section 5.1: DNS Security .................................................................................. 57 Section 5.2: Advanced DNS Settings.................................................................. 59 Section 5.3: GlobalNames Zones ....................................................................... 61 Section 6.1: Virtual Machine Management ......................................................... 63 Section 6.2: Hyper-V High Availability................................................................. 65 Section 7.1: Network Load Balancing ................................................................. 67 Section 7.2: Network Load Balancing Management ........................................... 69 Section 7.3: Failover Clustering .......................................................................... 71 Section 7.4: Failover Cluster Management ......................................................... 74 Section 7.5: Failover Clustered Role Management ............................................. 76 Section 7.6: Failover Cluster with Hyper-V ......................................................... 78 Section 8.1: Active Directory Certificate Services Overview ............................... 80 Section 8.2: Certificate Management .................................................................. 82 Section 8.3: Certificate Revocation ..................................................................... 84 Section 8.4: Certificate Templates ...................................................................... 86 Section 8.5: Certificate Autoenrollment ............................................................... 88 Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 8.6: Key Archival and Recovery ............................................................. 90 Section 8.7: Certificate Authority (CA) Management........................................... 92 Section 8.8: CA Backup and Recovery ............................................................... 94 Section 9.1: AD RMS Overview .......................................................................... 95 Section 9.2: AD RMS Installation ........................................................................ 97 Section 9.3: AD RMS Client Deployments .......................................................... 99 Section 9.4: AD RMS Templates ...................................................................... 100 Section 10.1: AD FS Overview ......................................................................... 102 Section 10.2: AD FS Certificates....................................................................... 103 Section 10.3: Resource Partner ........................................................................ 104 Section 10.4: Accounts Partner ........................................................................ 106 Section 10.5: AD FS Proxies ............................................................................ 107 Section 10.6: AD FS and Cloud Services ......................................................... 109 Section 10.7: AD FS and AD RMS.................................................................... 110 Windows Server Pro: Advanced Services Practice Exams ............................... 112 Microsoft 70-412 Practice Exams ..................................................................... 113 Appendix A: Approximate Time for the Course ................................................. 114 Appendix B: Exam 70-412: Configuring Advanced Windows Server 2012 Services Objectives .......................................................................................... 117 Appendix C: Windows Server Pro: Advanced Services Objectives................... 123 Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Course Overview This course prepares students for TestOut’s Windows Server Pro: Advanced Services exam and Microsoft’s 70-412 certification exam. Module 1 – Active Directory Infrastructure This module teaches the students details about the infrastructure of Active Directory and how to manage the elements involved. Module 2 – File and Storage Solutions In this module students will learn about file and storage solutions, such as file sharing, using BranchCache, implementing and managing Dynamic Access Control, configuring iSCSI, and storage spaces. Module 3 – Disaster Recovery This module teaches students about backing up and restoring data, implementing shadow copies, and finding tools to assist in system recovery. Module 4 – Advanced DHCP This module examines using Dynamic Host Configuration Protocol (DHCP) and IPAM to centralize and streamline management of IP address assignments. Module 5 – Advanced DNS In this module students will learn concepts about configuring DNS security: DNSSEC, DNS Socket Pooling, Cache Locking, Advanced DNS settings, and GlobalNames zones. Module 6 – Hyper-V This module discusses management of virtual machines and Hyper-V replicas. Module 7 – High Availability This module teaches students about the components that create high availability: Network load balancing, Failover Clustering, Active Directory Certificate Service, AD RMS, and AD FS. Module 8 – Active Directory Certificate Services This module examines encryption and certificate solutions using Active Directory Certificate Services. This includes managing and revoking certificates, using certificate templates, configuring Certificate Autoenrollment, archiving and recovering keys, and managing the Certificate Authority. Module 9 – Active Directory Rights Management Services (AD RMS) In this module students will learn concepts about installing and deploying AD RMS. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Module 10 – Active Directory Federation Services 2.1 (AD FS) This module discusses using AD FS to provide access to resources that are offered by trusted partners across the Internet. Practice Exams In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. The practice exams contain examples of the types of questions that a student will find on the actual exam: Windows Server Pro: Advanced Services Practice Exams Microsoft 70-412 Practice Exams Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Course Introduction for Instructors This course provides students with the knowledge to become industry certified as a Windows professional. It prepares the student for the following exams: Microsoft’s 70-412: Configuring Advanced Windows Server 2012 Services TestOut’s Windows Server Pro: Advanced Services Microsoft’s 70-412: Configuring Advanced Windows Server 2012 Services certification measures the students’ ability to administer, configure, and manage Windows Server 2012 advanced services. The following knowledge domains are addressed: Configure and manage high availability Configure file and storage solutions Implement business continuity and disaster recovery Configure network services Configure the Active Directory infrastructure Configure identity and access solutions Note: MS 70-412 objectives are listed in Appendix B: 70-412: Configuring Advanced Windows Server 2012 Services Objectives TestOut’s Windows Server Pro: Advanced Services certification measures the students’ ability to perform real-world job skills using the Windows Server 2012 operating system. The following knowledge domains are addressed: Advanced Active Directory Configuration Advanced Storage Management Server Data Protection Advanced DHCP and DNS Configuration High Availability Implementation Certificate Management Digital Rights Management Note: TestOut’s Windows Server Pro: Advanced Services objectives are listed in Appendix C: Windows Server Pro: Advanced Services Objectives The section introductions in LabSim and the lesson plans list the objectives that are met for each of the exams in that section. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. The following icons are placed in front of lesson items in LabSim to help students quickly recognize the items in each section: = Demonstration = Exam = Lab/Simulation = Text lesson or fact sheet = Video The video and demonstration icons are used throughout the lesson plans to help instructors differentiate between the timing for the videos and demonstrations. In the lesson plans the Total Time for each section is calculated by adding the approximate time for each section which is calculated using the following elements: Video/demo times Approximate time to read the text lesson (the length of each text lesson is taken into consideration) Simulations (5 minutes is assigned per simulation. This is the amount of time it would take for a knowledgeable student to complete the lab activity. Plan that the new students will take much longer than this depending upon their knowledge level and computer experience.) Questions (1 minute per question) Note: Appendix A: Approximate Time for the Course contains the approximate time for each section, which are totaled for the entire course. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 1.1: Multi-Domain Forests Summary This section provides the basics of managing multi-domain forests. Concepts covered include: Prerequisites required before adding the first domain controller running Windows Server 2012 to an existing Active Directory environment: o Server disk space o Supported Windows Server 2012 editions o Forest and domain functional levels Tools to prepare forest and domain to support Windows Server 2012: o Adprep /forestprep o Adprep /domainprep o Adprep /rodcprep Installation scenarios for AD DS for Windows 2012: o Installing a new Windows Server 2012 forest o Installing a new Windows Server 2012 domain controller to create a new domain in an existing Windows Server 2003, 2008, or 2008 R2 forest Tools to promote the Windows Server 2012 system as a domain controller in the domain: o Server Manager o PowerShell (using ADDSDeployment cmdlets) o DCPromo (only for Server Core deployments using an answer file) The role of a functional level Features available at each domain functional level Features available at each forest functional level Management of functional levels Guidelines that apply to raising the domain or forest functional levels Students will learn how to: Raise the functional level of a domain. Raise the functional level of a forest. Add a new child domain to a multi-domain forest. Windows Server Pro: Advanced Services Exam Objectives: 1.0 Advanced Active Directory Configuration. o Raise the functional level of an Active Directory forest Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 70-412 Exam Objectives: 501. Configure a forest or a domain. o Implement multi-domain and multi-forest Active Directory environments including interoperability with previous versions of Active Directory o Upgrade existing domains and forest including environment preparation and functional levels o Configure multiple user principal name (UPN) suffixes Lecture Focus Questions: When do you use the adprep /domainprep /gpprep command instead of the adprep /domainprep command? What are the prerequisites for adding the first domain controller running Windows Server 2012 to an existing Active Directory environment? How does the functional level of a domain impact the capabilities available on domain controllers in the domain or forest? How does the functional level of a domain affect which operating systems you can run on workstations and servers in the domain? What circumstances might prevent you from raising the functional level of a domain? In which two circumstances can you revert to a lower functional level without rebuilding the domain or forest? Video/Demo Time 1.1.1 Multi-Domain Forests 1.1.2 Upgrading Multi-Domain Forests 1.1.3 Adding a New Child Domain Total 10:37 10:01 7:35 28:13 Lab/Activity Raise Functional Levels Raise the Domain and/or Forest Levels Number of Exam Questions 5 questions Total Time About 50 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 1.2: Cross-Forest Trusts Summary This section provides information about preparing and creating cross-forest trusts. Details include: The role of trusts Properties of trusts: o Direction of Trust: One-way Trust Two-way Trust o Direction of Resource Access o Transitivity How trusts are created for: o Domains within a forest o Trusts between forests Considerations when creating forest trusts Authentication security settings that can be applied to trusts: o Selective authentication o Domain-wide authentication o Forest-wide authentication Students will learn how to: Create and configure a forest root trust between two domains. Create trust relationships with a specified domain. Windows Server Pro: Advanced Services Exam Objectives: 1.0 Advanced Active Directory Configuration. o Create forest root, cross-forest, external, shortcut, and realm trusts 70-412 Exam Objectives: 502 Configure trusts. o Configure trust authentication Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: Which types of trusts are created automatically for domains within a forest? What are the characteristics of automatically-created domain trusts? What are the characteristics of trusts between forests? When can forest trusts be used? When must you create an external trust? What advantages does selective authentication provide to system administrators for securing resources in a forest? Video/Demo Time 1.2.1 Cross-Forest Trusts 1.2.2 Preparation for a Cross-Forest Trust 1.2.3 Preparing for a Cross-Forest Trust 1.2.4 Creating a Cross-Forest Trust Total 6:26 1:29 7:40 11:56 27:31 Lab/Activity Create a Forest Root Trust Design Trusts Number of Exam Questions 9 questions Total Time About 50 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 1.3: External, Shortcut and Realm Trusts Summary This section provides details about creating external, shortcut, and realm trusts. Students will learn how to: Manually create an external trust to allow users on one domain to access resources in a domain of another forest. Create a shortcut trust to speed up authentication between domains in the same forest. Windows Server Pro: Advanced Services Objectives: 1.0 Advanced Active Directory Configuration. o Create forest root, cross-forest, external, shortcut, and realm trusts 70-412 Exam Objectives: 502 Configure trusts. o Configure external, forest, shortcut, and realm trusts o Configure trust authentication o Configure SID filtering o Configure name suffix routing Lecture Focus Questions: How do shortcut trusts improve user logon times between two domains within a forest? What are the characteristics of an external trust? When should you use a realm trust? What features does Active Directory Federated Services (AD FS) offer? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 1.3.1 External, Shortcut and Realm Trusts 1.3.2 Creating a Shortcut Trust Total 5:00 2:23 7:23 Lab/Activity Create a Shortcut Trust Number of Exam Questions 4 questions Total Time About 20 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 1.4: Sites Overview Summary This section provides an overview of sites and subnets. Details covered include: The role of a site The role of a subnet Considerations about sites and subnets Sites and subnets allow an administrator to monitor: o Active Directory replication between locations o Workstation logon traffic o Objects in Active Directory o Distributed File System (DFS) resource access o File Replication Service (FRS) characteristics o Properties for any site-aware application Students will learn how to: Create and manage sites, subnets, and site links. 70-412 Exam Objectives: 503. Configure sites. o Configure sites and subnets o Create and configure site links o Move domain controllers between sites Lecture Focus Questions: How does a subnet differ from a site? What is the purpose of sites and subnets? What criteria are used to assign computers to sites? How are clients assigned to sites? What criteria determine the site that a domain controller is assigned? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 1.4.1 Overview of Sites 1.4.2 Creating Sites, Subnets, and Site Links Total 7:54 12:47 20:41 Lab/Activity Manage Sites and Subnets Number of Exam Questions 3 questions Total Time About 30 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 1.5: Managing Sites Summary This section discusses the following issues when managing sites: Logon requests Site link cost Site link schedules Site link interval Global Catalog servers Universal Group Membership Caching Students will learn how to: Determine the domain controller that will process logon requests at a site. Set up a Global Catalog. Enable Universal Group Membership Caching. Windows Server Pro: Advanced Services Objectives: 1.0 Advanced Active Directory Configuration. o Manage sites, subnets, and site links 70-412 Exam Objectives: 503. Configure sites. o Manage site coverage o Manage registration of SRV records Lecture Focus Questions: How can you determine which domain controller will authenticate a client when more than one domain controller exists at a site? How are site link costs determined? What steps can you take to ensure that a particular domain controller does not authenticate clients from another site? How does a Global Catalog server facilitate faster searches and logon? What are the benefits of Universal Group Membership Caching? When should it be used? What two things should you consider when defining site link schedules? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 1.5.1 Site Management 1.5.2 Managing Sites Total Time 17:10 10:01 27:11 Number of Exam Questions 10 questions Total Time About 40 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 1.6: Managing Replication Summary This section examines managing replication. Concepts covered include: Terms to be familiar with: o Site link bridge o Bridgehead server o Connection Sites and Services distinguishes between two types of replication: o Intrasite o Intersite Transport protocols used by replication: o Directory Services Remote Procedure Call (DS-RPC) o Inter-Site Messaging Simple Mail Transfer Protocol (ISM-SMTP) Facts about intrasite replication: o Occurs between domain controllers within a site o By default, occurs once every hour o Modifying the replication frequency o Connections are created automatically as necessary Intersite replication configuration steps: o Preferred bridgehead server o Replication schedule o Replication frequency o Site link cost o Bridged site replication o Forced replication Example of site link bridging The role of SYSVOL folder File Replication Service (FRS) vs. Distributed File System (DFS) Benefits of DFS replication Migrating from FRS replication to DFS replication States that indicate stable stages in the migration process: o Not initiated o Start o Prepared o Redirected o Eliminated Considerations when managing migration Students will learn how to: Create a site link bridge. Manage replication of AD and SYSVOL. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Monitor replication of AD and SYSVOL. Windows Server Pro: Advanced Services Objectives: 1.0 Advanced Active Directory Configuration. o Manage sites, subnets, and site links. o Configure site replication. 70-412 Exam Objectives: 504. Manage Active Directory and SYSVOL replication. o Monitor and manage replication o Upgrade SYSVOL replication to Distributed File System Replication (DFSR) Lecture Focus Questions: What types of trusts are enabled by default for site link bridges? How do you establish bidirectional communications between domain controllers? How does intrasite replication differ from intersite replication? What are three ways that you can force replication? How can you force a certain path between sites for replication? What is the process for migrating from FRS replication to DFS replication when the domain is at Windows Server 2003 functional level? During which migration stages are you able to roll back the migration? Video/Demo Time 1.6.1 Active Directory Replication 1.6.2 Monitoring and Managing Replication 12:46 12:51 Total 25:37 Lab/Activity Configure Intrasite Replication Configure Intersite Replication Number of Exam Questions 15 questions Total Time About 60 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 1.7: Read-Only Domain Controllers (RODCs) Summary In this section students will learn details about creating RODCs. Concepts covered include: Features of RODCs: o Administrator role separation o Unidirectional replication o Read-only data o Password replication o DNS Server service Requirements to be met before RODCs are installed in a domain Performing a staged installation of an RODC in which the installation is performed by two different individuals in separated stages Generals steps to install a read-only domain controller (RODC) Considerations when installing RODC Students will learn how to: Create and configure an RODC account. Windows Server Pro: Advanced Services Exam Objectives: 1.0 Advanced Active Directory Configuration. o Implement read-only domain controllers 70-412 Exam Objectives: 504. Manage Active Directory and SYSVOL replication. o Configure replication to Read-Only Domain Controllers (RODCs) Lecture Focus Questions: In which environments is an RODC typically deployed? What are the benefits and the drawbacks of unilateral replication? What are the requirements for installing an RODC in a domain? How does the administrative role separation (ARS) feature protect domain controller security? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 1.7.1 Read-Only Domain Controllers 1.7.2 Pre-Staging RODC Accounts 1.7.3 Joining an RODC to the Domain Total 9:11 6:53 4:57 21:01 Lab/Activity Create RODC Accounts Number of Exam Questions 5 questions Total Time About 35 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 1.8: RODC Management Summary This section discusses the following considerations managing an RODC: Administrator role separation Replication traffic management Security management Students will learn how to: Configure the password replication policy on the RODC to cache only passwords for specified users. Prepopulate passwords before users even attempt to log on. Windows Server Pro: Advanced Services Exam Objectives: 1.0 Active Directory Configuration. o Implement read-only domain controllers 70-412 Exam Objectives: 504. Manage Active Directory and SYSVOL replication. o Configure Password Replication Policy (PRP) for RODCs Lecture Focus Questions: How does the password replication policy control password replication? What preventative measures can you implement to protect the data on an RODC in the event it is lost or stolen? How can you prevent certain data from being replicated to an RODC? What steps should you take if an RODC has been compromised? When does an RODC attempt inbound replication? Which two built-in groups can be used for password replication on RODCs? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 1.8.1 RODC Management 1.8.2 Managing RODCs Total 9:52 6:01 15:53 Lab/Activity Edit the Password Replication Policy Number of Exam Questions 6 questions Total Time About 35 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 2.1: Network File System (NFS) Summary This section discusses using Network File System (NFS) to transfer files between computers running Windows and UNIX/Linux operating systems. Details include: Considerations when deploying NFS file sharing on Windows Server 2012: o System requirements o NFS service installation o NFS service configuration o NFS share configuration Students will learn how to: Create and configure an NFS share. Windows Server Pro: Advanced Services Exam Objectives: 2.0 Advanced Storage Management. o Implement NFS to support UNIX/Linux systems 70-412 Exam Objectives: 201. Configure advanced file services. o Configure NFS data store Lecture Focus Questions: Which PowerShell cmdlets install NFS sharing components on a Windows Server 2012 system? What configuration tasks must be completed before using the NFS Server or Client on a Windows Server 2012 system? What are two ways you can create shares in the server's NTFS file system and export them to NFS clients? In which two ways can you map a UNIX/Linux user or group to a Windows user or group? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 2.1.1 NFS Overview 2.1.2 Configuring an NFS Data Store Total 1:53 12:10 14:03 Lab/Activity Configure an NFS Share Number of Exam Questions 4 questions Total Time About 25 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 2.2: BranchCache Summary This section discusses using BranchCache to allow users in branch offices to access information more quickly. Concepts covered include: The role of BranchCache BranchCache modes: o Hosted Cache o Distributed Cache Students will learn how to: Configure a BranchCache content server. Configure a hosted BranchCache server. Use PowerShell cmdlets to configure BranchCache clients. Verify BranchCache client settings. 70-412 Exam Objectives: 201. Configure advanced file services. o Configure BranchCache Lecture Focus Questions: What method do you use to configure a file server as a BranchCache content server? How does hosted cache mode differ from distributed cache mode in systems using BranchCache? What are the advantages of using Group Policy to configure BranchCache on multiple computers? How do you use Group Policy to configure firewall rules for BranchCache clients? Which settings should you verify when inspecting the current BranchCache operation mode using the Get-BCStatus cmdlet? What should you be aware of if you use both PowerShell cmdlets and Group Policy to configure BranchCache on client systems? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 2.2.1 BranchCache Overview 2.2.2 Configure BranchCache Total Time 5:34 6:11 11:45 Number of Exam Questions 10 questions Total Time About 25 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 2.3: Dynamic Access Control (DAC) Summary In this section students will learn about using Dynamic Access control (DAC) to enable granular control over data access. Details include: The role of Dynamic Access Control (AC) Factors that can be used to change the level of access of a user Components of DAC implementation: o Resource properties o Classification rules o Claims-based access control: User claims Devices claims o Central access rules o Central access policies Considerations when setting up the permission for DAC and NTFS file permissions Tasks to implement Dynamic Access Control (DAC): o Install FSRM o Define resource properties o Create classification rules o Configure claim types o Define central access rules o Define central access policies o Configure Group Policy settings o Apply central access policies Students will learn how to: Use FSRM to configure File Classification Infrastructure. Create and configure classification rules. Configure a classification schedule. Windows Server Pro: Advanced Services Exam Objectives: 2.0 Advanced Storage Management. o Implement Dynamic Access Control (DAC) Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 70-412 Exam Objectives: 201. Configure advanced file services. o Configure File Classification Infrastructure (FCI) using File Server Resource Manager (FSRM) 202. Implement Dynamic Access Control (DAC). o Configure user and device claim types o Configure file classification o Create and configure Central Access rules and policies o Create and configure resource properties and lists Lecture Focus Questions: By implementing DAC, what criteria can you use to dynamically change the level of access a user has to file server data? How can you use NTFS file system permissions and DAC to control resource access? To which types of data can classification rules be applied? How does the Content Classifier method of assigning a property to a file differ from the Windows PowerShell Classifier method? What are the components of a central access rule? Which Kerberos Group Policy settings must be enabled to support DAC? Video/Demo Time 2.3.1 DAC Overview 2.3.2 Configuring File Classification Infrastructure (FCI) using FSRM 2.3.3 Implementing DAC Policies Total 10:22 11:30 19:59 41:51 Lab/Activity Configure File Classification Infrastructure Number of Exam Questions 4 questions Total Time About 55 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 2.4: DAC Management Summary In this section students will learn about options to manage Dynamic Access Control (DAC). Details in this section include: Staging Access-denied remediation Students will learn how to: Staging policy changes for central access policies for DAC. Use Group Policy to configure file access auditing. Windows Server Pro: Advanced Services Exam Objectives: 2.0 Advanced Storage Management. o Implement Dynamic Access Control (DAC) 70-412 Exam Objectives: 201. Configure advanced file services. o Configure file access auditing 202. Implement Dynamic Access Control (DAC). o Implement policy changes and staging o Perform access-denied remediation Lecture Focus Questions: How can you test the effect of DAC rules without enforcing them? What is the purpose of access-denied remediation? What are two requirements for using access-denied remediation? What should you be aware of if you use both File Server Resource Manager and Group Policy to configure DAC? Video/Demo 2.4.1 DAC Management 2.4.2 Implementing Policy Changes and Staging 2.4.3 Performing Access-denied Remediation Total Time 5.01 6:40 5:09 16:50 Number of Exam Questions 3 questions Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Total Time About 20 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 2.5: Advanced Storage Summary This section examines using iSCSI and iSNS to provide advanced storage capabilities. Details include: Hardware required to create an iSCSI SAN: o Ethernet cabling o Ethernet switches o Ethernet NICs The role of iSCSI targets The role of iSCSI initiator iSCSI terminology to be familiar with: o network entity o network portal o Protocol Data Unit (PDU) o iSCSI name o iSCSI Qualified Name (IQN) o iSCSI target o iSCSI initiator o LUN Considerations when choosing between iSCSI and other SAN technologies Steps to configure iSCSI initiators The role of Internet Storage Name Service (iSNS) Students will learn how to: Create an iSCSI virtual disk and configure an iSCSI target on it. Configure an iSCSI initiator with access to the virtual disk. Install the iSNS Server Service feature and configure iSNS. Windows Server Pro: Advanced Services Exam Objectives: 2.0 Advanced Storage Management. o Implement an iSCSI SAN 70-412 Exam Objectives: 203 Configure and optimize storage. o Configure iSCSI Target and Initiator o Configure Internet Storage Name server (iSNS) Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: What are the hardware components of a SAN? What is the advantage of using Ethernet hardware for a SAN implementation? What is the benefit from implementing a second, parallel network infrastructure dedicated only to the iSCSI SAN? In an iSCSI SAN, what purpose does the network portal serve? What are the steps to configure iSCSI initiators? What functions does Storage Name Service (iSNS) provide? Video/Demo Time 2.5.1 iSCSI and Internet Storage Name Server (iSNS) 2.5.2 Configuring an iSCSI Target 2.5.3 Configuring the iSCSI Initiator 2.5.4 Configuring iSNS Total 2:35 2:23 4:19 3:11 12:28 Lab/Activity Configure an iSCSI Target Configure the iSCSI Initiator Number of Exam Questions 8 questions Total Time About 35 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 2.6: Storage Optimization Summary This section covers optimizing storage by using storage spaces and storage pools. Concepts covered include: Components of storage spaces: o Devices o Pools o Storage spaces Steps to follow when more disk space is needed Configuration options in storage pool creation: o Allocation o Storage layout: Simple Two-way mirror Three-way mirror Parity o Provisioning: Fixed provisioning Thin provisioning Considerations about storage spaces Storage pool limitations PowerShell commands to manage storage spaces: o New-StoragePool o Add-PhysicalDisk o New-VirtualDisk o Get-StoragePool Options to optimized storage on a Windows Server 2012 system: o Data deduplication o Features on Demand Students will learn how to: Configure storage pools. Reduce disk space used by Windows Server 2012 using Features on Demand. Enable data deduplication to optimize data storage. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 70-412 Exam Objectives: 102 Configure failover clustering. o Configure and optimize clustered shared volumes o Configure storage spaces 203 Configure and optimize storage. o Implement thin provisioning and trim o Manage server free space using Features on Demand Lecture Focus Questions: How does fixed provisioning differ from thin provisioning? What are the limitations of the storage pool? Which PowerShell cmdlets can you use to manage storage spaces and what is the function of each? How does data deduplication differ from Features on Demand? How can you use Features on Demand to manage free space of a Windows Server 2012 server? Video/Demo Time 2.6.1 Storage Optimization 2.6.2 Optimizing Storage 2.6.3 Storage Tiers Total 4:33 12:33 12:51 29:57 Number of Exam Questions 8 questions Total Time About 45 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 3.1: Windows Server Backup Summary This section provides details of using Windows Server Backup. Concepts covered include: The role of the Online Backup feature in Windows 2012 Steps to perform online backups The role of the Windows Server Local Backup Considerations about using Windows Server Backup Methods Windows Server Backup provides to run backups: o Windows Server Backup MMC snap-in o Wbadmin from the command prompt o PowerShell cmdlets for Windows Server Backup Options available with Windows Server Backup: o Full Server o Bare metal recovery o System state o Individual volumes o Folders or files Storage types that Windows Server Backup can save backups to: o Internal disk o External disk o Shared folder o DVD, other optical or removable media When using Windows Server Backup you cannot back to: o Tape o USB flash drives o Pen drives Students will learn how to: Install Windows Server Backup. Configure a regular backup schedule for a server. Back up a server. Windows Server Pro: Advanced Services Exam Objectives: 3.0 Server Data Protection. o Configure server backups Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 70-412 Exam Objectives: 301 Configure and manage backups. o Configure Windows Server backups o Configure Windows Online backups o Configure role-specific backups Lecture Focus Questions: When using the Online Backup feature in Windows Server 2012, what options do you have for obtaining the certificate file? Which types of backups are not supported by Online Backup and must be done using a local backup? What is the best practice for securing the Online Backup passphrase? What happens if the online backup destination does not have sufficient space available to store the backup? When using Windows Server Backup, which backup option would you use if you want to be able to recover all volumes including system state and bare metal recoveries? Which media types are not supported by Windows Server Backup? Video/Demo Time 3.1.1 Windows Server Backup 3:16 3.1.2 Configuring Windows Server Backup for Local Backup 2:33 3.1.4 Configuring Windows Server Backup for Online Backup 6:27 Total 12:16 Lab/Activity Back Up a Server Number of Exam Questions 13 questions Total Time About 35 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 3.2: Restore from Backup Summary This section discusses restoring from backup. Concepts covered include: Considerations when restoring from backups Recovery types and the tools to perform them: o Online o Files and folders o Hyper-V o Volumes o Applications o Bare metal or full server o System state Students will learn how to: Restore a server from backup. Restore user data from backup. Perform a Bare Metal Recovery. Windows Server Pro: Advanced Services Exam Objectives: 3.0 Server Data Protection. o Restore server data from backup 70-412 Exam Objectives: 302 Recover servers. o Restore from backups o Perform a Bare Metal Restore (BMR) Lecture Focus Questions: Which are the only types of files that can be recovered from an online backup? Which are the only media supported for recovering files and folders using Windows Server Backup? Who is authorized to perform recoveries using Windows Server Backup? What tool allows you to recover Hyper-V virtual machines? When recovering volumes, how is the existing data on the destination volume handled? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 3.2.1 Restore from Backup 3.2.2 Recovering User Data 3.2.3 Performing a Bare Metal Recovery (BMR) Total Time 1:38 3:42 3:30 8:50 Number of Exam Questions 3 questions Total Time About 15 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 3.3: Volume Shadow Copies Summary This section discusses using Volume Shadow Copies to make copies of user files at regular intervals. Concepts covered include: The role of Volume Shadow Copy Service (VSS) Considerations when using VSS VSS areas when implementing shadow copies: o Scheduling o Storing o Recovering o NTFS Permissions o VSSAdmin Students will learn how to: Enable and configure shadow copies for shared folders. Restore a previous version of a file. Use VSSAdmin to manage VSS settings from the command line. Windows Server Pro: Advanced Services Exam Objectives: 3.0 Server Data Protection. o Enable shadow copies 70-412 Exam Objectives: 301 Configure and manage backups. o Manage VSS settings using VSSAdmin Lecture Focus Questions: How do you view and manage previous versions of volumes, folders and files? What criteria should you use for scheduling shadow copies of volume data? How are NTFS permissions on previous versions of a file affected during recovery? How does restoring folders affect new files that have been added since the shadow copy was made? What steps should you take to allow defragmentation on volumes with VSS enabled? What happens if you delete a volume before disabling VSS? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 3.3.1 Volume Shadow Copies 2:25 3.3.2 Configuring VSS 3:21 3.3.2 Managing VSS Settings with VSSAdmin 2:07 Total 7:53 Lab/Activity Enable Shadow Copies Restore Previous Version 1 Restore Previous Version 2 Number of Exam Questions 11 questions Total Time About 35 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 3.4: Boot Configuration Data (BCD) Store Summary In this section students will learn about Boot Configuration Data (BCD) Store. Concepts covered include: Tools to assist in system recovery: o System Recovery Options o Boot Configuration Data (BCD) o Windows Memory Diagnostic Tool (WMDT) o Startup and Recovery options o System Configuration utility (Msconfig.exe) The role of boot options Windows Server 2012 startup modes: o Repair Your Computer o Safe Mode o Safe Mode with Networking o Safe Mode with Command Prompt o Enable Boot logging o Enable low-resolution video o Last Known Good Configuration o Debugging Mode o Disable automatic restart on a system failure o Disable Driver Signature Enforcement o Disable Early Launch Anti-Malware Protection Recommendations to troubleshoot startup errors with the advanced boot options Students will learn how to: Configure the BCD store. Use Advanced Boot options to boot a computer. 70-412 Exam Objectives: 302 Recover servers. o Recover servers using Windows Recovery Environment (Win RE) and safe mode o Configure the Boot Configuration Data (BCD) store Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: When would you need to use the System Image Recovery tool? In which situations would the System Configuration utility (bcd) be useful? What actions can you take to boot your system if it is not running and will not boot normally? When should you access the Repair Your Computer option? When should you boot your computer into safe mode? In which situations will the Last Known Good Configuration option be useful? Why would it be useful to enable the Disable automatic restart on system failure option? Video/Demo Time 3.4.1 BCD Store Overview 3.4.2 Configuring the BCD Store Total 1:27 7:55 9:22 Number of Exam Questions 4 questions Total Time About 20 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 4.1: DHCP Overview Summary This section provides an overview of DHCP. Concepts covered include: Methods that clients use to obtain an address from a DHCP server: o DHCP Discover (D) o DHCP Offer (O) o DHCP Request (R) o DHCP ACK (A) DHCP Authorization requirements DHCP Server authorization verification Considerations when installing and configuring a DHCP Server DHCP console context-sensitive icons: o Check mark in a green circle o Red down arrow o Horizontal white line inside a red circle o Exclamation sign inside a yellow triangle o Exclamation sign inside a blue circle Students will learn how to: Install a DHCP server. Authorize a DHCP server. 70-412 Exam Objectives: 401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution. o Implement DHCPv6 Lecture Focus Questions: What are the steps a DHCP client uses to obtain an IP address from a DHCP server? What permissions do you need to authorize a DHCP server? When is authorization not required for a DHCP server? What happens when a DHCP server's IP address is not found in Active Directory? How would you set up a DHCP Administrator so that the administrator has rights on all DHCP servers in the domain? In the DHCP console, you notice that the DHCP server icon has a red down arrow beside it. What is the status of the DHCP server? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 4.1.1 DHCP Overview 4.1.2 Installing and Authorizing DHCP Server 1:42 1:49 Total 3:31 Number of Exam Questions 5 questions Total Time About 10 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 4.2: DHCP Scopes Summary This section provides details of using DHCP scopes. Concepts covered include: Working with DHCP scopes DHCP options: o Server options o Scope options o Class options o Client options Common options include: o 003 Router o 006 DNS Servers o 015 DNS Domain Name Considerations when working with DHCP options Key components of DHCP policies: o Conditions o Settings The role of a superscope Options for a DHCP server to service a subnet separated with a router: o 1542 compliant router o DHCP relay agent Students will learn how to: Create and activate DHCP scopes. Create a multicast scope. Create and configure a superscope. 70-412 Exam Objectives: 401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution. o Create and configure superscopes and multicast scopes o Configure DNS registration Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: What are the four levels of DHCP IP configuration options and what is the purpose of each? In what order are DHCP options applied? Which option values take precedence: those delivered through DHCP or those configured manually on the client? How can you change the subnet mask in an existing scope? When should you use reservations for a DHCP client? When would you use a DHCP policy? When might you use a superscope? Video/Demo Time 4.2.1 DHCP Scopes 4.2.2 Creating IPv4 Scopes 7:33 14:22 Total 21:55 Lab/Activity Create a Superscope Number of Exam Questions 11 questions Total Time About 45 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 4.3: DHCP and IPv6 Summary This section provides the basic information about the structure of IPv6 and using DHCP in an IPv6 environment. Components of a IPv6 address: o Format o Leading zeros o Prefix and interface ID Considerations when using Ipv6 Comparison of IPv4 address types with IPv4 address types The process to configure the IPv6 Address assignment Address types of an autoconfigured IPv6 address: o Tentative o Valid: Preferred Deprecated o Invalid The role of DHCP in an IPv6 environment DHCPv6 broadcasts: o Solicit Packet (S) o Advertise Packet (A) o Request Packet (R) o Reply Packet (R) Configuring a DHCP server for IPv6 Students will learn how to: Create an IPv6 scope. Configure DHCPv6 scope options. Windows Server Pro: Advanced Services Exam Objectives: 4.0 Advanced DHCP and DNS Configuration. o Configure DHCP to support IPv6 Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 70-412 Exam Objectives: 401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution. o Implement DHCPv6 Lecture Focus Questions: How does IPv6 differ from IPv4? What is the purpose of a neighbor solicitation? If the M and O flags in the router advertisement (RA) message are set to 1, what type of configuration method should you use? What options do you have for dealing with zeros (0s) in an IPv6 address? How is autoconfiguration in IPv6 improved over autoconfiguration in IPv4? What does a multicast address indicate? Video/Demo Time 4.3.1 IPv6 Overview 4.3.2 Implementing IPv6 Total 3:59 1:39 5:38 Lab/Activity Configure an IPv6 Scope Number of Exam Questions 9 questions Total Time About 25 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 4.4: DHCP High Availability Summary This section discusses the following DHCP high availability features available on Windows Server 2012. Split scopes Failover Name Protection Students will learn how to: Create and configure a split scope Configure a DHCP failover Windows Server Pro: Advanced Services Exam Objectives: 4.0 Advanced DHCP and DNS Configuration. o Configure split DHCP scopes o Configure DHCP failover 70-412 Exam Objectives: 401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution. o Configure high availability for DHCP including DHCP failover and split scopes o Configure DHCP Name Protection Lecture Focus Questions: What is a split scope? How do you create a split scope? When configuring a split scope, how can you help to ensure that the preferred server is accepted by the client computer? How does DHCP implement name protection? In which two ways can you implement DHCP failover? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 4.4.1 DHCP High Availability 4.4.2 DHCP Split Scopes 4.4.4 DHCP Failover 4.4.7 DHCP Name Protection Total Time 4:59 4:11 6:18 1:35 17:03 Lab/Activity Configure a Split Scope Configure DHCP Failover 1 Configure DHCP Failover 2 Number of Exam Questions 3 questions Total Time About 40 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 4.5: IPAM Overview Summary This section provides an overview of IP Address Management (IPAM). Details include: The role of IPAM Key IPAM specifications Phases for the process of installing IPAM: o Install the IPAM role o Connect to the IPAM server o Provision the IPAM server o Configure server discovery o Discover servers o Define managed servers o Gather data from managed servers Features that Windows Server 2012 R2 supports Students will learn how to: Manually configure IPAM. Configure IPAM using the IPAM Provisioning Wizard, a Group Policy based provisioning method. Configure server discovery to discover domain controllers, DHCP servers, DNS servers, and NPS servers, and automatically add them to the IPAM console. 70-412 Exam Objectives: 403 Deploy and manage IPAM. o Configure IPAM manually or by using Group Policy o Configure server discovery o Migrate to IPAM o Configure IPAM database storage Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: What functions does the IP Address Management (IPAM) server perform? What is the IPAM server scope discovery range in Active Directory? Why should you not install IPAM on a DHCP server? What is IPAM provisioning? What are the steps for provisioning an IPAM server? What tasks must be performed before the Server Discovery task can work properly? How do you configure discovered servers as managed servers? Video/Demo Time 4.5.1 IPAM Basics 4:38 4.5.2 Configuring IPAM Manually or Using GPO 9:56 4.5.3 IPAM on Server 2012 R2 11:01 Total 25:35 Number of Exam Questions 7 questions Total Time About 35 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 4.6: IPAM Configuration Summary In this section students will learn about configuring IPAM. Concepts covered in this section include: IP Address information managed by IPAM is organized into the following hierarchy: o IP address space o IP address blocks o IP address ranges o IP address inventory IPAM console provide the following options: o DNS and DHCP servers o DHCP scopes o DNS zones o Server groups Students will learn how to: Manage IP block and ranges from the IPAM console. Use the IPAM console to manage DHCP and DNS servers. 70-412 Exam Objectives: 403 Deploy and manage IPAM. o Create and manage IP blocks and ranges o Monitor utilization of IP address space o Manage IPAM collections Lecture Focus Questions: What is the hierarchical organization of IP address information managed by IPAM? How does the IP address inventory organize IP addresses? What information about DNS and DHCP servers does IPAM store? How do you view IP address ranges using the IPAM console? What DNS zone information can you view in IPAM? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 4.6.1 IPAM Configuration 4.6.2 Managing IP Blocks and Ranges 3:59 15:01 Total 19:00 Number of Exam Questions 7 questions Total Time About 30 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 4.7: IPAM Management Summary This section discusses the following key tasks of managing an IPAM server. Assign the appropriate right to the user. Allow the user to access the server remotely. Add the remote IPAM server to the server pool in Server Manager. Students will learn how to: Assign a user the rights to remotely act as an IPAM administrator. 70-412 Exam Objectives: 403 Deploy and manage IPAM. o Delegate IPAM administration Lecture Focus Questions: Which local group on the IPAM server should you assign a user to so that they will have the appropriate rights to manage an IPAM server? Which tasks must be completed to delegate to a user the ability to manage an IPAM server? If Group Policy provisioning was used to set up the IPAM server, what domain administrator privileges should a user have in order to indicate that servers in inventory are managed or not managed? Which group must a user be a member of in order to access the IPM server from a remote IPAM client? How can you allow a user to manage an IPAM server from a remote location? Video/Demo Time 4.7.1 IPAM Management 4.7.2 Delegating IPAM Administration 0:50 2:41 Total 3:31 Number of Exam Questions 2 questions Total Time About 5 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 5.1: DNS Security Summary This section discusses strategies for DNS security. The following details are covered: Goals for designing security for a DNS solution Strategies to improve DNS security: o Provide redundancy and automatic backup of DNS data o Prevent zone transfer except to specific servers o Prevent unauthorized modification of zone data on secondary servers o Prevent zone transfers except to domain controllers o Secure zone transfer data while in transit o Prevent unauthorized modification of dynamic DNS records o Secure DNS data on the servers o Cryptographically sign DNS zone records o Lock records in the DNS cache o Randomize the port used for DNS queries o Audit DNS activity Security considerations for DNS servers available to Internet users Students will learn how to: Configure DNSSEC on a zone to secure data by signing DNS zones and records. Configure DNS socket pooling and cache locking to increase security for the DNS cache. Windows Server Pro: Advanced Services Exam Objectives: 4.0 Advanced DHCP and DNS Configuration. o Protect zone data with DNSSEC 70-412 Exam Objectives: 402 Implement an advanced DNS solution. o Configure security for DNS including DNSSEC, DNS Socket Pool, and cache locking o Isolate DNSSEC key management and storage Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: What security goals should you set for your DNS solution? How can you limit zone transfer to specific servers? How can you limit zone transfer to specific domain controllers? What security issue is addressed by converting all zones to Active Directory-integrated and allowing only secure dynamic update? How does DNSSec make DNS zone records more secure? How do you randomize the port used for DNS queries? Video/Demo Time 5.1.1 DNS Security 5.1.2 Configuring DNSSEC 5.1.3 Configuring DNS Socket Pooling 5.1.4 Configuring Cache Locking 12:50 10:21 2:20 1:19 Total 26:50 Number of Exam Questions 10 questions Total Time About 40 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 5.2: Advanced DNS Settings Summary This section discusses using the DNS Manager to configure advanced DNS settings. DNS Manager tabs to configure DNS server properties: o Interfaces o Forwarders o Root Hints o Debug Logging o Event Logging o Monitoring o Security o Advanced Windows Server 2012 R2 enhanced zone level statistics: o All Statistics o Query Statistics o Transfer statistics o Update statistics Students will learn how to: Configure a server with DNS advanced settings. Windows Server Pro: Advanced Services Exam Objectives: 4.0 Advanced DHCP and DNS Configuration. o Configure advanced DNS server settings 70-412 Exam Objectives: 402. Implement an advanced DNS solution. o Configure DNS logging o Configure delegated administration o Configure recursion o Configure netmask ordering o Analyze zone level statistics Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: What information do you enter on the Forwarders tab of DNS Manager? When are root name servers used to resolve DNS queries? Which DNS Manager feature would you use to gather data about the type of traffic being sent to your system? What advanced DNS Manager feature prevents corrupted zone data from being loaded into DNS? How does the Secure cache against pollution feature keep the DNS cache accurate and streamlined? Video/Demo Time 5.2.1 Configuring Advanced DNS Settings 5.2.2 Using DNS Zone Statistics 4:33 2:46 Total 7:19 Lab/Activity Configure DNS Advanced Settings Number of Exam Questions 8 questions Total Time About 20 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 5.3: GlobalNames Zones Summary This section covers using GlobalNames zone on the DNS server that is used for single-label name resolution. The role of GlobalNames zone Considerations for managing the GlobalNames zone Students will learn how to: Create a GlobalNames zone. Windows Server Pro: Advanced Services Exam Objectives: 4.0 Advanced DHCP and DNS Configuration. o Configure a GlobalNames zone 70-412 Exam Objectives: 402. Implement an advanced DNS solution. o Configure a GlobalNames zone Lecture Focus Questions: In addition to supporting single-label name resolution, what are other features of a GlobalNames zone? What are the steps for configuring a GlobalNames zone? How can you extend the GlobalNames zone to multiple forests? What is the server operating system requirement for authoritative DNS servers when you implement the GlobalName zone? What changes are required for client machines when you implement the GlobalNames zone? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 5.3.1 GlobalNames Zones 5.3.2 Creating a GlobalNames Zones 2:03 2:38 Total 4:41 Lab/Activity Configure a GlobalNames Zone Number of Exam Questions 5 questions Total Time About 15 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 6.1: Virtual Machine Management Summary This section examines managing virtual machines. Concepts covered include: Methods to move an entire virtual machine along with the virtual hard disks: o Export/Import o Manual Cloning an existing virtual domain controller System prerequisites before cloning a virtual domain controller: o Supported Hypervisors o Supported Guest Operating Systems o PDC Emulator The process for cloning a virtual domain controller Students will learn how to: Export and import virtual machines. Clone domain controllers to quickly provide new domain controllers. 70-412 Exam Objectives: 104 Manage Virtual Machine (VM) movement. o Import, export, and copy VMs o Migrate from other platforms (P2V and V2V) 303 Configure site-level fault tolerance. o Configure Hyper-V Replica including Hyper-V Replica Broker and VMs Lecture Focus Questions: What options do you have for moving an entire virtual machine, including virtual disks? How can an exported snapshot of a virtual machine be used? Why is it useful to use the Copy on Import feature of Hyper-V? What are the steps for manually moving a virtual machine? How are domain controllers cloned? What system prerequisites must be met before cloning a virtual domain controller? What should you do if the New-ADDCCLoneConfigFile cmdlet found incompatible applications on the source domain controller? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 6.1.1 Migrate Virtual Machines from Other Platforms 6.1.2 Virtual Machine Management 6.1.3 Managing Virtual Machines Total Time 1:15 2:30 7:10 10:55 Number of Exam Questions 12 questions Total Time About 30 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 6.2: Hyper-V High Availability Summary This section examines Hyper-V high availability. Concepts covered include: The role of Hyper-V Replication Initial replication Replication frequency Planned failover Reverse replication Unplanned failover Prerequisites for deploying Hyper-V Replica: o Physical location o Network o Storage hardware o Server o Domain membership o Encryption Tasks to implement Hyper-V Replica: o Configure the replica server to accept replication o Enable virtual machine replication o Monitor replication Failover options available once a virtual machine has been protected with Hyper-V Replica: o Test failover o Planned failover o Unplanned failover Students will learn how to: Configure Hyper-V replicas for failover. Windows Server Pro: Advanced Services Exam Objectives: 5.0 High Availability Implementation. o Enable virtual machine replication 70-412 Exam Objectives: 303 Configure site-level fault tolerance. o Configure Hyper-V Replica including Hyper-V Replica Broker and VMs Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: What prerequisites must be met before deploying a Hyper-V Replica? In which two ways can you complete the initial replication process? What steps do you take to perform a planned failover? When you perform a planned failover, how can you make sure that changes made to the replica virtual machine are copied back to the primary virtual machine when it is brought back online? How can you monitor replication? What steps do you take to perform an unplanned failover? Video/Demo 6.2.1 Hyper-V Replicas 6.2.2 Configuring Hyper-V Replicas and VMs Total Time 1:38 12:30 14:08 Lab/Activity Configure Hyper-V Replicas Number of Exam Questions 6 questions Total Time About 30 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 7.1: Network Load Balancing Summary This section discusses using Network Load Balancing to achieve optimal resource utilization. Concepts covered include: The role of Load Balancing How servers operate using NLB Cluster operating modes: o Unicast o Multicast Prerequisites prior to installing and configuring Network Load Balancing (NLB): o Install services o Configure networking Tasks to create an NLB cluster: o Configure cluster DNS records o Install the NLB feature o Synchronize content o Configure cluster members NLB configuration facts Students will learn how to: Prepare a system for Network Load Balancing. Install Network Load Balancing nodes. Windows Server Pro: Advanced Services Exam Objectives: 5.0 High Availability Implementation. o Implement network load balancing 70-412 Exam Objectives: 101 Configure Network Load Balancing (NLB). o Install NLB nodes o Configure NLB prerequisites o Configure cluster operation mode Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: What are the characteristics of NLB cluster members? What mechanism do cluster members use to communicate consistent information about cluster membership? In unicast mode, how are MAC addresses used by cluster members? How does communication between cluster members take place when multicast mode is implemented? What are the prerequisites for installing and configuring a Network Load Balancing cluster? What are the steps for creating an NLB cluster? If you add a new host to a cluster, when does the new host to come online? Video/Demo 7.1.1 Network Load Balancing Overview 7.1.2 Configuring NLB Prerequisites and Installing NLB Nodes Total Time 3:53 7:30 11:23 Number of Exam Questions 4 questions Total Time About 20 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 7.2: Network Load Balancing Management Summary This section discusses management of Network Load Balancing. Details covered include: Port rules Considerations when configuring port rules Cluster status options for the Network Load Balancing Manger console or Nlb.exe to manage the status of the NLB cluster: o Suspend o Resume o Start o Stop o Drainstop Students will learn how to: Create and configure an Network Load Balancing cluster. Define the port rules and cluster parameters for a NLB cluster. 70-412 Exam Objectives: 101 Configure Network Load Balancing (NLB). o Configure affinity o Configure port rules o Upgrade an NLB cluster Lecture Focus Questions: How do port rules control how an NLB cluster functions? What is the client affinity setting? How can you ensure that requests from clients on a specific subnet always connect to a specific cluster host? What happens when you add a host to a cluster that has different port rules? What tasks do you perform to implement a load balancing cluster? What happens to traffic processing after you use the drainstop option? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 7.2.1 Network Load Balancing Management 7.2.2 Managing Network Load Balancing Total Time 5:19 4:45 10:04 Lab/Activity Configure an NLB Cluster 1 Configure an NLB Cluster 2 Number of Exam Questions 12 questions Total Time About 35 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 7.3: Failover Clustering Summary This section examines using Failover Clustering to increase the availability and fault tolerance of network servers. Details covered include: The role of Failover Clustering Quorum modes: o Node Majority o Node and Disk Majority o Node and File Share Majority o No Majority: Disk Only Dynamic quorum management Cluster Shared Volumes New key Failover Clustering features in Windows Server 2012: o Cluster management o Scale-out file server support o Cluster-aware updates o Virtual machine monitoring and management New Failover Clustering features in Windows Server 2012 R2: o CSV enhancements o Guest clustering o Active Directory-detached cluster support Prerequisites before implementing Failover Clustering: o Hardware o Software Tasks to configure Failover Clustering: o Configure shared storage o Add the Failover Clustering feature to the cluster members o Validate the cluster configuration o Create the failover cluster o Configure the quorum o Configure cluster storage Implementing a guest cluster Students will learn how to: Install the Failover Cluster role on specified servers and create a failover cluster. Configure cluster storage. Validate the cluster storage using the Validate Cluster Wizard. Configure a cluster quorum. Configure a file share witness. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Add cluster storage to a cluster and make the storage available to two servers. Windows Server Pro: Advanced Services Exam Objectives: 5.0 High Availability Implementation. o Create a failover cluster 70-412 Exam Objectives: 102 Configure failover clustering. o Configure Quorum o Configure cluster networking o Configure cluster storage o Configure and optimize clustered shared volumes o Configure clusters without network names 103 Manage failover clustering roles o Configure role-specific settings including continuously available shares o Configure guest clustering 104. Manage virtual machine (VM) movement. o Configure virtual machine network health protection o Configure drain on shutdown 303. Configure site-level fault tolerance. o Configure Hyper-V Replica extended replication o Configure Global Update Manager Lecture Focus Questions: How does Failover Clustering differ from Network Load Balancing? How does a single-instance application differ from a multiple-instance application? What are the four quorum modes and what method does each mode use to reach a consensus? Which quorum mode should be used if you have an even number of cluster hosts and why? Which quorum mode allows the cluster to continue operating even if only one cluster host is still available? How does dynamic quorum management for clusters in Windows Server 2012 differ from previous versions of Windows Server? What considerations must you keep in mind when deploying serial attached SCSI clustered storage configured with Storage Spaces? Why is it important to run the validation wizard before creating a failover cluster? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo Time 7.3.1 Failover Clustering Overview 10:51 7.3.2 Creating a Failover Cluster 4:44 7.3.3 Configuring Cluster Storage 2:25 7.3.4 Failover Clusters on Server 2012 R2 19:59 7.3.5 Configuring Failover Clusters on Server 2012 R2 4:30 7.3.6 Configuring Guest Clusters 17:02 7.3.7 Deploying a No Name Cluster 5:47 Total 65:18 Lab/Activity Create a Failover Cluster Configure Cluster Quorum Settings Add Storage to a Cluster Number of Exam Questions 15 questions Total Time About 100 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 7.4: Failover Cluster Management Summary This section discusses management of Failover Cluster. Details covered include: Types of networks a cluster can use: o Cluster storage o Cluster node communication o Client connections How to simulate a failure and test failover procedures Considerations when implementing a multi-site cluster Cluster-Aware Updating (CAU) CAU terminology: o Updating run o Update coordinator o Updating run profiles Tasks to implement CAU: o Install CAU o Verify CAU requirements o (Optional) Configure hosts for remote updating o Disable other automatic update mechanisms o Launch the CAU console o Run the CAU Best Practices Analyzer Using the CAU console Students will learn how to: Manage failover clusters. Manage a multi-site failover cluster. Implement cluster-aware updating. Rebuild a failed cluster. 70-412 Exam Objectives: 102 Configure failover clustering. o Restore single node or cluster configuration o Implement Cluster Aware Updating o Upgrade a cluster 303 Configure site-level fault tolerance. o Configure multi-site clustering including network settings, Quorum, and failover settings. o Recover a multi-site failover cluster 402. Implement an advanced DNS solution. o Isolate DNSSEC key management and storage Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: What are some ways you can simulate a failure in order to test failover procedures? What are the three types of networking available with clusters? What is the advantage of locating the file share witness at a different location than a cluster node? In what two ways can you configure multi-site clustering? Which configuration would be more likely to experience failover latency? What are the steps to restore a failed cluster database from backup? How can you tune the heartbeat settings to optimize a multi-site cluster? Why can't you use DFS to replicate data in a multi-site cluster? What is Cluster-Aware Updating? Video/Demo 7.4.1 Failover Cluster Configuration 7.4.2 Implementing Cluster-Aware Updating 7.4.3 Restoring Single-node or Cluster Configuration Total Time 9:00 2:52 1:19 13:11 Number of Exam Questions 4 questions Total Time About 25 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 7.5: Failover Clustered Role Management Summary This section discusses management of the Failover Clustered role. Details covered include: Task to install and configure cluster roles: o Select clustered applications o Install clustered roles o Configure clustered roles Students will learn how to: Manage failover cluster roles. Configure preferred owners to identify the preferred host. Configure policies to define what to do if a failure occurs. Windows Server Pro: Advanced Services Exam Objectives: 5.0 High Availability Implementation. o Configure clustered roles 70-412 Exam Objectives: 103 Manage failover clustering roles. o Configure role-specific settings including continuously available shares. o Configure failover and preference settings. Lecture Focus Questions: What is a potential problem when running non-cluster-aware applications on a cluster? How do stateful applications differ from stateless applications? What is a scale-out file server? What type of storage does a scale-out file server require? What is the purpose of the preferred owners setting? What is failback? What types of failback are available for a clustered role? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 7.5.1 Configuring Failover and Preference Settings Time 6:10 Lab/Activity Add a Failover Cluster Role Configure Failover and Preference Settings Number of Exam Questions 8 questions Total Time About 25 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 7.6: Failover Cluster with Hyper-V Summary This section discusses using Failover Clustering to increase the availability of Hyper-V virtual machines. Details include: Tasks to implement a virtual machine within a cluster: o Install the cluster o Implement CSV o Create the virtual machine and install the guest operating system Windows Server 2012 features to manage the availability of clustered Hyper-V virtual machines: o Replication o Storage migration o Quick migration o Live migration o Virtual machine monitoring Students will learn how to: Migrate a virtual machine and all of its storage to a Hyper-V host server. Windows Server Pro: Advanced Services Exam Objectives: 2.0 Advanced Storage Management. o Migrate virtual machine storage. 70-412 Exam Objectives: 103. Manage failover clustering roles. o Configure VM monitoring 104 Manage Virtual Machine (VM) movement. o Perform live migration o Perform quick migration o Perform storage migration Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: How does Storage Migration differ from Quick Migration? What condition could cause an unplanned Live Migration to occur? What is the main difference between a Quick Migration and a Live Migration? Video/Demo 7.6.1 Virtual Machine Monitoring and Migrations 7.6.2 Configuring Virtual Machine Monitoring 7.6.3 Migrating Virtual Machines Total Time 4:37 3:06 11:35 19:18 Lab/Activity Migrate Virtual Machine Storage Migrate a Virtual Machine Number of Exam Questions 6 questions Total Time About 35 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 8.1: Active Directory Certificate Services Overview Summary This section provides an overview of Active Directory Certificate Services. Details covered include: Terms with encryption and certificates: o Cipher or algorithm o Key o Certificate Encryption methods: o Symmetric encryption o Asymmetric Encryption (PKI) Certification Authorities (CA) Certification hierarchy Role services to choose from when installing Active Directory Certificate Services (AD CS): o Certification Authority o Certification Authority Web Enrollment o Online Responder o Network Device Enrollment Service (NDES) o Certificate Enrollment Web Service o Certificate Enrollment Policy Web Service Features available through Active Directory Certificate Services: o Certificate templates o Autoenrollment o Web enrollment o Credential roaming o Certificate enrollment across forests (cross-certification) o High-volume CA support Facts about CA installation Students will learn how to: Install an Enterprise Certificate Authority (CA). Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Windows Server Pro: Advanced Services Exam Objectives: 6.0 File Certificate Management. o Configure a private certification authority 70-412 Exam Objectives: 602 Install and configure Active Directory Certificate Services (AD CS). o Install an Enterprise Certificate Authority (CA) Lecture Focus Questions: What is the difference between symmetric and asymmetric encryption? How do certificates prove identity? What kinds of information do certificates hold? What is the relationship of a CA to a PKI? How can you ensure that users outside your organization trust your certificate? What are the advantages of using an enterprise CA over a standalone CA? How does an enterprise root differ from an enterprise subordinate? Which server role should you add to make a server a CA that can issue certificates to other CAs, users, and computers? What features does the Online Responder service provide? What is credential roaming? Video/Demo 8.1.1 Overview of Certificates 8.1.2 Overview of Certificate Services 8.1.3 Installing an Enterprise AD CS Total Time 11:21 9:17 5:42 26:20 Number of Exam Questions 7 questions Total Time About 40 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 8.2: Certificate Management Summary This section discusses the following concepts of management of certificates: Using certutil command options: o -Verify o -VerifyStore o -VerifyKeys o -RecoverKey o -oid Methods for requesting a certificate: o Web Enrollment Pages o Certificate Request Wizard through the Certificates snap-in o Autoenrollment o Command line Facts about certificate requests Students will learn how to: Manage certificates such as requesting a user certificate and approving pending certificates. Revoke a certificate. Windows Server Pro: Advanced Services Exam Objectives: 6.0 File Certificate Management. o Issue certificates 70-412 Exam Objectives: 603 Install and configure Active Directory Certificate Services (AD CS). o Manage certificate renewal o Implement and manage certificate deployment, validation, and revocation o Manage certificate enrollment and renewal to computers and users using Group Policies Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: Which certutil command option would you use to verify a key set? What functions does the Certification Authority Web Enrollment role service provide? How does an Enterprise CA process a certificate request differently from a stand-alone CA? What command would you enter at the command line to accept and install a certificate? What is the process for requesting a certificate from an offline CA? Video/Demo 8.2.1 Managing Certificates Time 3:22 Lab/Activity Manage Certificates Number of Exam Questions 12 questions Total Time About 25 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 8.3: Certificate Revocation Summary This section discusses certificate revocation. Details covered include: Situations in which a digital certificate would be revoked Facts about certificate revocation: o The process used by a client to retrieve the certificate status information o The process to configure the online responder: Install the Online Responder role service Configure the OCSP Response Signing certificate Configure each CA to issue the OCSP Response Signing template Configure each CA to include the online responder Configure revocation configurations on the online responder o Considerations when configuring the online responder Additional features that can be configured for the Revocation Configuration on an online responder: o Nonce/no-nonce request support o Advanced cryptography o Kerberos protocol integration Considerations when configuring a single CA with multiple online responders Students will learn how to: Configure a CRL Distribution Point. Configure an Online Responder. Manage certificate revocation. Windows Server Pro: Advanced Services Exam Objectives: 6.0 File Certificate Management. o Revoke certificates 70-412 Exam Objectives: 602 Install and configure Active Directory Certificate Services (AD CS). o Configure CRL distribution points o Install and configure Online Responder 603 Manage certificates. o Implement and manage certificate deployment, validation, and revocation Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: In what situations would a certificate be revoked? If a revoked certificate might be reinstated, what reason for revocation should you use? How do you specify CRL Distribution Points? When would you publish a delta CRL? What are the advantages to using an Online Responder to verify certificate status? What two options do you have for obtaining the OCSP Response Signing Certificate? Why is it necessary to configure CRLs and CDPs when you use an Online Responder? Video/Demo 8.3.1 Certificate Revocation 8.3.2 Configuring a CRL Distribution Point 8.3.3 Configuring an Online Responder Total Time 5:07 2:29 3:36 11:12 Lab/Activity Manage Certificate Revocation Number of Exam Questions 6 questions Total Time About 30 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 8.4: Certificate Templates Summary This section discusses using certificate templates. Details include: The role of certificate templates Considerations when managing certificate templates Certificate template permissions: o Full Control o Read o Write o Enroll o Autoenroll Considerations when managing certificate template permissions Schema version 1, 2, and 3 templates Settings that can be modified for schema version 2 and 3 templates: o Validity Period o Publish in Active Directory o Key Purpose o Cryptographic Service Provider (CSP) o Subject Name o Issuance Requirement o Extensions Students will learn how to: Manage and modify certificate templates. Create and issue a certificate template. Windows Server Pro: Advanced Services Exam Objectives: 6.0 File Certificate Management. o Manage certificate templates 70-412 Exam Objectives: 603 Install and configure Active Directory Certificate Services (AD CS). o Manage certificate templates o Implement and manage certificate deployment, validation, and revocation Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: What are the purpose and the benefits of a certificate template? What is best practice for maintaining the integrity of default templates? How do you control which templates a CA can issue? How are certificate templates replicated? Which permissions does an administrator need to set and modify certificate template contents and permissions? Video/Demo 8.4.1 Certificate Templates 8.4.2 Using Certificate Templates Total Time 4:24 9:40 14:04 Lab/Activity Modify Certificate Templates 1 Modify Certificate Templates 2 Number of Exam Questions 6 questions Total Time About 35 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 8.5: Certificate Autoenrollment Summary In this section students will learn about certificate autoenrollment. Details include: The role of autoenrollment Steps to configure autoenrollment Students will learn how to: Configure the templates for autoenrollment. Enable certificate autoenrollment for users and computers. Create certificates for smart cards and require smart cards for logon. Windows Server Pro: Advanced Services Exam Objectives: 6.0 File Certificate Management. o Enable autoenrollment 70-412 Exam Objectives: 603 Manage certificates. o Manage certificate renewal o Manage certificate enrollment and renewal to computers and users using Group Policies Lecture Focus Questions: Which three autoenroll settings require user intervention when selected? In addition to allowing certificates to be requested, issued, or renewed, which other management tasks does autoenrollment perform? Which template version(s) is required for autoenrollment? When automatic renewal is enabled, how can you force users to re-enroll for a certificate template? When configuring autoenrollment, which permissions should you grant to users or computers to allow autoenrollment? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 8.5.1 Certificate Autoenrollment 8.5.2 Configuring Certificate Autoenrollment Total Time 0:49 2:49 3:38 Lab/Activity Configure Templates for Autoenrollment Enable Autoenrollment for the Domain Create Certificates for Smart Cards Require Smart Cards for Logon Number of Exam Questions 5 questions Total Time About 30 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 8.6: Key Archival and Recovery Summary This section examines key archival and recovery. Details in this section include: Methods to back up private keys Key archival Steps to configure key archival Recovering a lost key Students will learn how to: Create and publish the key recovery agent to the CA. Configure a CA for key archival. Recover a key. Windows Server Pro: Advanced Services Exam Objectives: 6.0 File Certificate Management. o Issue certificates 70-412 Exam Objectives: 603 Manage certificates. o Configure and manage key archival and recovery Lecture Focus Questions: In order for a user's private key to be backed up, what action must the user take? Which permission does this action require? What is key archival? What steps are involved in key archival? What function does a Key Recovery Agent perform? What are the template requirements for key archival? What are the steps for recovering a lost key? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 8.6.1 Key Archival and Recovery 8.6.2 Creating and Managing Key Recovery Agents 8.6.3 Configuring a CA for Key Archival 8.6.4 Recovering a Key Total Time 3:03 3:49 4:47 3:49 15:28 Number of Exam Questions 7 questions Total Time About 25 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 8.7: Certificate Authority (CA) Management Summary This section examines the following about managing the Certificate Authority: Permissions that control the ability to manage the CA: o Read o Issue and Manage Certificates o Manage CA o Request Certificates Enabling administrative role separation Tasks that can be performed through Certification Authority snap-in or the certutil.exe command line utility: o Certificate Management Delegation o Enrollment Agent Delegation o Key Archival o Certificate Request Handling o Auditing Students will learn how to: Configure security roles on the CA; the enrollment agent, certificate manager, and the CA manager. Restrict the security role of an enrollment agent or a certificate manager to a particular template. Configure administrative role separation to not allow a user to have multiple roles assigned. 70-412 Exam Objectives: 602 Manage certificates. o Implement administrative role separation Lecture Focus Questions: Which permission(s) do you need to access and modify CA properties? What is administrative role separation? What implication does it have for assigning permissions for certificate management? How do you control the certificates that a manager can manage? How can you monitor changes to the CA configuration? Which Group Policy setting must you enable to do this? What are the steps in key archival? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 8.7.1 Managing the CA 8.7.2 Configuring Security Roles on the CA 8.7.3 Limiting Security Roles on the CA 8.7.2 Configuring Administrative Role Separation Total Time 3:50 2:02 3:28 1:36 10:56 Number of Exam Questions 6 questions Total Time About 20 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 8.8: CA Backup and Recovery Summary This section covers methods to back up and restore a CA. Details include: System State Backup Certification Authority Console backup Backup and restore using certutil.exe Steps to move a CA from one server to another Students will learn how to: Use the certutil command to backup and recover CA files. 70-412 Exam Objectives: 602 Install and configure Active Directory Certificate Services (AD CS). o Configure CA backup and recovery Lecture Focus Questions: Which components of a CA does a system state backup back up? How does a Certification Authority Console backup differ from a system state backup? When you move a CA from one server to another, which items might need to be reconfigured? Which options would you use with the certutil command to back up only the CA database and the keys and certificates? Video/Demo 8.8.1 CA Backup and Recovery 8.8.2 CA Backup and Recovery Total Time 0:51 2:26 3:17 Number of Exam Questions 8 questions Total Time About 15 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 9.1: AD RMS Overview Summary This section provides an overview of AD RMS. Concepts covered include: Usage policies Templates Licenses: o Client license o Publishing license o Use license Components of an AD RMS system: o AD RMS server o Database server o AD DS o AD RMS-enabled application o AD RMS client o AD RMS Add-on for IE Active Directory Federation Services (AD FS) AD RMS trust policies AD RMS supports the following trust hierarchies: o ISV hierarchy o Production hierarchy Add AD RMS domains to a list of trusted user domains in an AD RMS cluster AD RMS consists of the following services: o Logging services o Web services Windows Server Pro: Advanced Services Exam Objectives: 7.0 Digital Rights Management. o Configure AD RMS policies o Configure trusted user domains 70-412 Exam Objectives: 604 Install and configure Active Directory Rights Management Services (AD RMS). o Manage trusted user domains Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: How do usage policies help safeguard digital information from intentional or unintentional misuse? How are usage policy templates used by administrators in implementing AD RMS? How does a client license differ from a use license? How are protected documents created? What RMS related functions do RMS-enabled applications perform? Video/Demo 9.1.1 AD RMS Overview Time 5:49 Number of Exam Questions 3 questions Total Time About 10 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 9.2: AD RMS Installation Summary This section discusses installing and configuring AD RMS. Concepts covered include: AD RMS hardware and software requirements Configuration choices to make during AD RMS installation: o Cluster o Database location o Service account o Cluster key o Cluster address o Service connection point (SCP) Considerations about AD RMS installation Windows PowerShell cmdlets modules for: o AD RMS deployment o AD RMS administration Key tasks for AD RMS backup and recovery: o Secure the cluster key password o Export the trusted publishing domain o Back up the AD RMS database o Restore the AD RMS database Students will learn how to: Install and configure AD RMS. Configure the AD RMS Service Connection Point (SCP). Windows Server Pro: Advanced Services Exam Objectives: 7.0 Digital Rights Management. o Configure trusted publishing domains 70-412 Exam Objectives: 604 Install and configure Active Directory Rights Management Services (AD RMS). o Install a licensing or certificate AD RMS server o Manage AD RMS Service Connection Point (SCP) o Backup and restore AD RMS Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: In addition to the AD RMS role, which Web services are required to install AD RMS? How does a root cluster differ from a licensing-only cluster? What advantages does a licensing-only cluster have in implementing AD RMS? What are the requirements for setting up the service account for AD RMS? Which tasks use the AD RMS administrator password? What should you consider when defining a cluster address? Video/Demo 9.2.1 AD RMS Installation 9.2.2 Installing AD RMS 9.2.3 Configuring AD RMS Backup and Recovery 9.2.4 Configuring the AD RMS Service Connection Point (SCP) Total Time 4:06 10:59 6:40 2:27 24:12 Number of Exam Questions 9 questions Total Time About 40 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 9.3: AD RMS Client Deployments Summary This section discusses considerations when working with AD RMS client deployments. Students will learn how to: Configure the client workstation to manage AD RMS client deployments. 70-412 Exam Objectives: 604 Install and configure Active Directory Rights Management Services. o Manage AD RMS client deployment Lecture Focus Questions: Why it is necessary to add the URL of the AD RMS server to the Local Intranet zone of each AD RMS client workstation? In addition to Read and Change permissions, what options can be configured on a document or a message? How are restrictions within a document or message assigned? What are the software requirements for opening AD RMS protected documents? How can users determine the level of access they have to a document or message? Video/Demo 9.3.1 Managing AD RMS Client Deployments Time 10:02 Number of Exam Questions 7 questions Total Time About 20 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 9.4: AD RMS Templates Summary In this section students will learn about using AD RMS templates. Concepts covered include: Rights policy templates: o Distributed rights policy templates o Archived rights policy templates o Exclusion policies Tasks to create a new distributed rights policy template: o Add template identification information o Add user rights o Specify an expiration policy o Specify extended policy conditions o Specify a revocation policy Best practice guidelines when deploying rights policy templates with AD RMS client Certificates or licenses that are used by AD RMS: o Server Licensor Certificate (SLC) o Rights Account Certificate (RAC) o Client Licensor Certificate (CLC) o Machine Certificate o Publishing License o Use License Students will learn how to: Create custom templates that can be distributed to users. Configure a user exclusion policy that will restrict particular users from obtaining licenses from a specified cluster. Windows Server Pro: Advanced Services Exam Objectives: 7.0 Digital Rights Management. o Manage AD RMS templates 70-412 Exam Objectives: 604 Install and configure Active Directory Rights Management Services. o Manage RMS templates o Configure Exclusion Policies Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Lecture Focus Questions: How can administrators deploy rights policy templates to user computers so the templates are available for offline publishing? What is the purpose of archiving rights policy templates that are no longer being used for new documents? What are lockbox exclusion policies? How does the AD RMS client manage rights policy templates? What conditions can be used to configure an expiration policy? What is self-enrollment? How is it used in AD RMS? Video/Demo 9.4.1 AD RMS Templates 9.4.2 Using AD RMS Templates Total Time 1:52 15:12 17:04 Lab/Activity Configure a Distributed Rights Policy Template Configure a User Exclusion Number of Exam Questions 4 questions Total Time About 25 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 10.1: AD FS Overview Summary This section provides an overview of Active Directory Federation Services (AD FS). Concepts covered include: The role of AD FS Organizations that AD FS is designed for AD FS terms: o Account partner o AD FS Web agent o AD FS-enabled Web server o Claim o Claims-aware application o Claim mapping o Federation o Federation servers o Federation trust o Organization claim o Resource partner o Security token o Security Token Service (STS) o Single Sign-On (SSO) o Trust policy o Windows token-based Lecture Focus Questions: What are the benefits of Active Directory Federated Services (AD FS)? You have users in a domain who need to access a Web application in a partner domain. Which domain is the account domain, and which is the resource domain? What is a claim? What type of information can be included in a claim? What is the difference between a claims-aware application and a tokenbased application? What is claim mapping? What is a trust policy? Video/Demo 10.1.1 AD FS Overview Time 4:04 Number of Exam Questions 3 questions Total Time About 10 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 10.2: AD FS Certificates Summary This section provides details of using AD FS certificates. AD FS requires each server have a certificate that is used for SSL communications Tasks to configure AD FS server relationships: o Issuance an SSL certificate to the root CAs in both forests o Export both root CAs’ certificates o Enroll the SSL certificates on the AD FS servers o Configure each serer to trust its own root CA o Configure each AD FS server to trust the root CAs from the other forest Students will learn how to: Enroll SSL certificates on AD FS servers. Configure an AD FS server to trust its own root CAs. Configure an AD FS server to trust the root CA from another forest. 70-412 Exam Objectives: 601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Manage AD FS certificates Lecture Focus Questions: What trust relationships must be configured for AD FS servers? How do you configure an AD FS server to trust the root CA from another forest? Which parameters do you configure when using the Certificate Enrollment wizard to request an SSL certificate? When exporting root CA certificates, which parameters should you use? Video/Demo Time 10.2.1 AD FS Certificates 10.2.2 Managing AD FS Certificates 1:33 11:35 Total 13:08 Number of Exam Questions 3 questions Total Time About 15 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 10.3: Resource Partner Summary This section provides information about configuring the resource partner. Concepts covered include: Role services that can be installed during the installation of AD FS: o Federation Service o Federation Service Proxy o Claims-aware Agent o Windows Token-based Agent Tasks to install AD FS: o Create SSL certificates o Create a group managed service account o Install the AD FS role\Run the AD FS Federation Server Configuration Wizard The role of the resource partner The role of federation servers The role of the AD FS Management snap-in Tasks to create a claims provider trust on the resource partner: o Start the Add Claims Provider Trust Wizard o Specify the data source o Configure a display name o Edit claim rules Windows Server 2012 R2: o AD FS can use multi-factor authentication (MFA) o Default AD FS authentication primary methods to validate users’ identities: Forms Authentication Windows Authentication o The process to configure MFA o Workplace join o Considerations when applying an authentication policy as a global scope Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Students will learn how to: Configure the AD FS server on the resource partner. 70-412 Exam Objectives: 601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Install AD FS o Configure authentication policies o Configure multi-factor authentication o Configure Workplace Join Lecture Focus Questions: What is the role of the resource partner in AD FS? When adding a claims provider, what are the preferred ways to obtain data about the claims provider? What is the function of the claims-aware agent? How does the Windows token-based agent allow Windows token-based applications to work with AD FS? What is the function of acceptance transform rules? Where are they configured? Video/Demo 10.3.1 Resource Partner 10.3.2 Configuring the Resource Partner 10.3.6 Configuring Multi-factor Authentication 10.3.7 Configuring Workplace Join Total Time 5:08 20:38 5:48 19:15 50:49 Number of Exam Questions 7 questions Total Time About 65 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 10.4: Accounts Partner Summary This section discusses configuring the accounts partner. Concepts covered include: The role of account partner The role of Federation servers Using the AD FS Management snap-in Tasks to create a relying party trust on the account partner: o Start the Add Relying Party Trust Wizard o Specify the data source o Configure a display name o Configure issuance authorization rules o Edit claim rules Students will learn how to: Create a relying party trust on the account partner. 70-412 Exam Objectives: 601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Implement claims-based authentication including Relying Party Trusts Lecture Focus Questions: How do federation servers in the account partner organization enable single sign-on capabilities to users? What are relying party trusts? In which locations are relying party trusts usually created? What functions does the account partner provide? What is the purpose of delegation authorization rules? Video/Demo 10.4.1 Configuring the Accounts Partner Time 8:21 Number of Exam Questions 6 questions Total Time About 15 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 10.5: AD FS Proxies Summary This section discusses AD FS proxies. Details include: The role of the AD FS Proxy Tasks to configure an AD FS Proxy server: o Export the internal AD FS server certificate o Import AD FS server certificate o Configure an SSL certificate on the default IIS web site o Add an entry for the AD FS server to the hosts file o Install the AD FS Proxy role service o Configure the AD FS Proxy o Configure the DNS records Students will learn how to: Install an AD FS proxy server. Configure an AD FS proxy server. 70-412 Exam Objectives: 601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Configure AD FS proxy Lecture Focus Questions: What are the differences between the Federation Service and Federation Service Proxy? How can an AD FS Proxy provide protection for your network? How does DNS perform resolution when an AD FS proxy resides in a DMZ? What information does the AD FS proxy server store? For what purposes does AD FS proxy use WE-Federation Passive Requestor Profile (WS-F PRP) protocols? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 10.5.1 AD FS Proxies 10.5.2 Configuring AD FS Proxies Total Time 1:48 9:00 10:48 Number of Exam Questions 5 questions Total Time About 20 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 10.6: AD FS and Cloud Services Summary In this section students will learn the following facts about integrating AD FS and cloud services. Install prerequisite software Install Windows Azure Pack for Windows Server Configure the AD FS server Configure the Azure management portals to trust the AD FS server Configure the Azure tenant authentication site to trust the AD FS server Configure the AD FS server to trust the Azure management portals 70-412 Exam Objectives: 601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Integrate with Cloud Services Lecture Focus Questions: What are the benefits of integrating AD FS with Cloud services? What Web Platform products must be installed before installing Windows Azure on a Windows Server? Which management portals must the AD FS host be configured to reach? Which transformation rules must be applied to the management portal for tenants? Video/Demo 10.6.1 AD FS and Cloud Services Time 1:25 Number of Exam Questions 5 questions Total Time About 10 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Section 10.7: AD FS and AD RMS Summary In this section students will learn about options to select if the AD RMS system need to support users located in a different forest: Trusted user domains Trusted publishing domains AD RMS federated identity support Students will learn how to: Configure a trusted user domain. Configure a trusted publishing domain. Enable Federated Identity Support on an AD RMS server. 70-412 Exam Objectives: 604 Install and configure Active Directory Rights Management Services (AD RMS). o Manage Federated Identity support Lecture Focus Questions: What is a possible ramification of failing to configure trusted email domains? What options do you have if the AD RMS system needs to support users located in a different forest? Which option for AD RMS support poses the greatest security risk? What are the advantages to using AD RMS Federated Identity support? Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Video/Demo 10.7.1 AD FS and AD RMS 10.7.2 Configuring Trusted User Domains 10.7.4 Configuring Trusted Publishing Domains 10.7.6 Managing Federated Identity Support Total Time 2:49 2:51 3:17 4:10 13:07 Lab/Activity Configure a Trusted User Domain Configure a Trusted Publishing Domain Number of Exam Questions 5 questions Total Time About 30 minutes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Windows Server Pro: Advanced Services Practice Exams Summary This section provides information to help prepare students to take the Windows Server Pro: Advanced Services certification exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 5-10 minutes (depending upon the complexity and their level of knowledge) to complete each simulation question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. Objective 1: Advanced Active Directory Configuration (10 simulation questions) Objective 2: Advanced Storage Management (4 simulation question) Objective 3: Server Data Protection (4 simulation questions) Objective 4: Advanced DHCP and DNS Configuration (7 simulation questions) Objective 5: High Availability Implementation (10 simulation questions) Objective 6: Certificate Management (8 simulation questions) Objective 7: Digital Rights Management (4 simulation questions) The Windows Server Pro: Advanced Services Certification Practice Exam consists of 15 simulation questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Microsoft 70-412 Practice Exams Summary This section provides information to help prepare students to take the MS 70-412 exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. Objective 100. Configure and Manage High Availability (62 questions) Objective 200. Configure File and Storage Solutions (37 questions) Objective 300. Implement Business Continuity and Disaster Recovery (39 questions) Objective 400. Configure Network Services (67 questions) Objective 500. Configure the Active Directory Infrastructure (60 questions) Objective 600. Configure Identity and Access Solutions (112 questions) The Microsoft 70-412 Certification Practice Exam consists of 60 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 2 hours. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Appendix A: Approximate Time for the Course The total time for the LabSim Windows Server Pro: Advanced Services course is approximately 40 hours and 10 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements: Video/demo times Approximate time to read the text lesson (the length of each text lesson is taken into consideration) Simulations (5 minutes assigned per simulation, of course many students may take longer depending upon their knowledge level and experience) Questions (1 minute per question) The breakdown for this course is as follows: Module Sections Time Minute HR:MM 50 50 20 30 40 60 35 35 320 5:20 25 25 55 20 35 45 205 3:25 35 15 35 20 105 1:45 1.0 Active Directory Infrastructure 1.1 Multi-Domain Forests 1.2 Cross-Forest Trusts 1.3 External, Shortcut and Realm Trusts 1.4 Sites Overview 1.5 Managing Sites 1.6 Managing Replication 1.7 Read-Only Domain Controllers (RODCs) 1.8 RODC Management 2.0 File and Storage Solutions 2.1 Network File System (NFS) 2.2 BranchCache 2.3 Dynamic Access Control (DAC) 2.4 DAC Management 2.5 Advanced Storage 2.6 Storage Optimization 3.0 Disaster Recovery 3.1 Windows Server Backup 3.2 Restore from Backup 3.3 Volume Shadow Copies 3.4 Boot Configuration Data (BCD) Store Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 4.0 Advanced DHCP 4.1 DHCP Overview 4.2 DHCP Scopes 4.3 DHCP and IPv6 4.4 DHCP High Availability 4.5 IPAM Overview 4.6 IPAM Configuration 4.7 IPAM Management 10 45 25 40 35 30 5 190 3:10 40 20 15 75 1:15 30 30 60 1:00 20 35 100 25 25 35 240 4:00 40 25 30 35 30 25 20 15 220 3:40 10 40 20 25 95 1:35 5.0 Advanced DNS 5.1 DNS Security 5.2 Advanced DNS Settings 5.3 GlobalNames Zones 6.0 Hyper-V 6.1 Virtual Machine Management 6.2 Hyper-V High Availability 7.0 High Availability 7.1 Network Load Balancing 7.2 Network Load Balancing Management 7.3 Failover Clustering 7.4 Failover Cluster Management 7.5 Failover Clustered Role Management 7.6 Failover Cluster with Hyper-V 8.0 Active Directory Certificate Services 8.1 Active Directory Certificate Services Overview 8.2 Certificate Management 8.3 Certificate Revocation 8.4 Certificate Templates 8.5 Certificate Autoenrollment 8.6 Key Archival and Recovery 8.7 Certificate Authority (CA) Management 8.8 CA Backup and Recovery 9.0 Active Directory Rights Management Services (AD RMS) 9.1 AD RMS Overview 9.2 AD RMS Installation 9.3 AD RMS Client Deployments 9.4 AD RMS Templates Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 10.0 Active Directory Federation Services (AD FS) 10.1 AD FS Overview 10.2 AD FS Certificates 10.3 Resource Partner 10.4 Accounts Partner 10.5 AD FS Proxies 10.6 AD FS and Cloud Services 10.7 AD FS and AD RMS 10 15 65 15 20 10 30 165 2:45 310 5:10 425 7:05 2410 40:10 Windows Server Pro: Advanced Services Practice Exam Obj. 1. Advanced Active Directory Configuration (10 simulation questions) Obj. 2. Advanced Storage Management (4 simulation questions) Obj. 3. Server Data Protection (4 simulation questions) Obj. 4. Advanced DHCP and DNS Configuration (7 simulation questions) Obj. 5. High Availability Implementation (10 simulation questions) Obj. 6. Certificate Management (8 simulation questions) Obj. 7. Digital Rights Management (4 simulation questions) Certification Practice Exam (15 questions) 50 20 20 35 50 40 20 75 Microsoft 70-412 Practice Exams Obj. 100. Configure and Manage High Availability (59 questions) 59 Obj. 200. Configure File and Storage Solutions (35 questions) 35 Obj. 300. Implement Business Continuity and Disaster Recovery (39 questions) Obj. 400. Configure Network Services (63 questions) 39 63 Obj. 500. Configure the Active Directory Infrastructure (60 questions) 60 Obj. 600. Configure Identity and Access Solutions (109 questions) Certification Practice Exam (60 questions) 109 60 Total Time Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Appendix B: Exam 70-412: Configuring Advanced Windows Server 2012 Services Objectives The Windows Exam 70-412: Configuring Advanced Windows Server 2012 Services certification exam covers the following objectives. In the spread sheet below, the column to the right lists the sections where the information is located in the course: # Objective 100 Configure and Manage High Availability (17 percent) 101 Configure Network Load Balancing (NLB) This objective may include but is not limited to: Module.Section 7.1, 7.2 Install NLB nodes Configure NLB prerequisites Configure affinity Configure port rules Configure cluster operation mode Upgrade an NLB cluster 102 Configure failover clustering This objective may include but is not limited to: 2.6, 7.3, 7.4 Configure Quorum Configure cluster networking Restore single node or cluster configuration Configure cluster storage Implement Cluster Aware Updating Upgrade a cluster Configure and optimize clustered shared volumes Configure clusters without network names Configure storage spaces 103 Manage failover clustering roles This objective may include but is not limited to: 7.3, 7.5, 7.6 Configure role-specific settings, including continuously available shares Configure virtual machine (VM) monitoring Configure failover and preference settings Configure guest clustering Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 104 Manage Virtual Machine (VM) movement This objective may include but is not limited to: 6.1, 7.3, 7.6 Perform live migration Perform quick migration Perform storage migration Import, export, and copy VMs Migrate from other platforms (P2v and V2V) Configure VM network health protection Configure drain on shutdown 200 Configure File and Storage Solutions (16 percent) 201 Configure advanced file services This objective may include but is not limited to: 2.1, 2.2, 2.3, 2.4 Configure NFS data store Configure BranchCache Configure File Classification Infrastructure (FCI) using File Server Resource Manager (FSRM) Configure file access auditing 202 Implement Dynamic Access Control (DAC) This objective may include but is not limited to: 2.3, 2.4 Configure user and device claim types Implement policy changes and staging Perform access-denied remediation Configure file classification Create and configure Central Access rules and policies Create and configure resource properties and lists 203 Configure and optimize storage This objective may include but is not limited to: 2.5, 2.6 Configure iSCSI Target and Initiator Configure Internet Storage Name server (iSNS) Implement thin provisioning and trim Manage server free space using Features on Demand Configure tiered storage Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 300 Implement Business Continuity and Disaster Recovery (16 percent) 301 Configure and manage backups This objective may include but is not limited to: 3.1, 3.3 Configure Windows Server backups Configure Windows Online backups Configure role-specific backups Manage VSS settings using VSSAdmin 302 Recover servers This objective may include but is not limited to: 3.2, 3.4 Restore from backups Perform a Bare Metal Restore (BMR) Recover servers using Windows Recovery Environment (Win RE) and safe mode Apply System Restore snapshots Configure the Boot Configuration Data (BCD) store 303 Configure site-level fault tolerance This objective may include but is not limited to: 6.1, 6.2, 7.3, 7.4 Configure Hyper-V Replica, including Hyper-V Replica Broker and VMs Configure multi-site clustering, including network settings, Quorum, and failover settings Configure Hyper-V Replica extended replication Configure Global Update Manager Recover a multi-site failover cluster 400 Configure Network Services (17 percent) 401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution This objective may include but is not limited to: 4.1, 4.2, 4.3, 4.4 Create and configure superscopes and multicast scopes Implement DHCPv6 Configure high availability for DHCP, including DHCP failover and split scopes Configure DHCP Name Protection Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Configure DNS registration 402 Implement an advanced DNS solution This objective may include but is not limited to: 5.1, 5.2, 5.3 Configure security for DNS including Domain Name System Security Extensions (DNSSEC), DNS Socket Pool, and cache locking Configure DNS logging Configure delegated administration Configure recursion Configure netmask ordering Configure a GlobalNames zone Analyze zone level statistics Isolate DNSSEC key management and storage. 403 Deploy and manage IPAM This objective may include but is not limited to: 4.5, 4.6, 4.7 Provision IPAM manually or by using Group Policy Configure server discovery Create and manage IP blocks and ranges Monitor utilization of IP address space Migrate to IPAM Delegate IPAM administration Manage IPAM collections Configure IPAM database storage 500 Configure the Active Directory Infrastructure (18 percent) 501 Configure a forest or a domain This objective may include but is not limited to: 1.1 Implement multi-domain and multi-forest Active Directory environments including interoperability with previous versions of Active Directory Upgrade existing domains and forests including environment preparation and functional levels Configure multiple user principal name (UPN) suffixes Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 502 Configure trusts This objective may include but is not limited to: 1.2, 1.3 Configure external, forest, shortcut, and realm trusts Configure trust authentication Configure SID filtering Configure name suffix routing 503 Configure sites This objective may include but is not limited to: 1.4, 1.5 Configure sites and subnets Create and configure site links Manage site coverage Manage registration of SRV records Move domain controllers between sites 504 Manage Active Directory and SYSVOL replication This objective may include but is not limited to: 1.6, 1.7, 1.8 Configure replication to Read-Only Domain Controllers (RODCs) Configure Password Replication Policy (PRP) for RODCs Monitor and manage replication Upgrade SYSVOL replication to Distributed File System Replication (DFSR) 600 Configure Identity and Access Solutions (16 percent) 601 Implement Active Directory Federation Services 2.1 (AD FSv2.1) This objective may include but is not limited to: 10.1, 10.2, 10.3, 10.4,10.5, 10.6 Install AD FS Implement claims-based authentication, including Relying Party Trusts Configure authentication policies Configure Workplace Join Configure multi-factor authentication Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 602 Install and configure Active Directory Certificate Services (AD CS) This objective may include but is not limited to: 8.1, 8.3. 8.7, 8.8 Install an Enterprise Certificate Authority (CA) Configure CRL distribution points Install and configure Online Responder Implement administrative role separation Configure CA backup and recovery 603 Manage certificates This objective may include but is not limited to: 8.2, 8.3, 8.4, 8.5, 8.6 Manage certificate templates Implement and manage certificate deployment, validation, and revocation Manage certificate renewal Manage certificate enrollment and renewal to computers and users using Group Policies Configure and manage key archival and recovery 604 Install and configure Active Directory Rights Management Services (AD RMS) This objective may include but is not limited to: 9.1, 9.2, 9.3, 9.4,10.7 Install a licensing or certificate AD RMS server Manage AD RMS Service Connection Point (SCP) Manage RMS templates Configure Exclusion Policies Back up and restore AD RMS Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. Appendix C: Windows Server Pro: Advanced Services Objectives The Windows Server Pro: Advanced Services certification exam covers the following objectives. In the spread sheet below, the column to the right lists the sections where the information is located in the course: # 1.0 Objective Advanced Active Directory Configuration Raise the functional level of an Active Directory forest. Create forest root, cross-forest, external, shortcut, and realm trusts. Manage sites, subnets, and site links. Configure site replication. Implement read-only domain controllers. 2.0 Module.Section Advanced Storage Management 1.1, 1.2, 1.3, 1.5, 1.6, 1.7, 1.8 2.1, 2.3, 2.4, 2.5, 7.6 Implement NFS to support UNIX/Linux systems. Implement Dynamic Access Control (DAC). Implement an iSCSI SAN. Migrate virtual machine storage. 3.0 Server Data Protection 3.1, 3.2, 3.3 Configure server backups. Enable shadow copies. Restore server data from backup. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them. 4.0 Advanced DHCP and DNS Configuration 4.3, 4.4, 5.1, 5.2, 5.3 Configure DHCP to support IPv6. Configure split DHCP scopes. Configure DHCP failover. Protect zone data with DNSSEC. Configure advanced DNS server settings. Configure a GlobalNames zone. 5.0 High Availability Implementation 6.2, 7.1, 7.3, 7.5 Implement network load balancing. Create a failover cluster. Configure clustered roles. Enable virtual machine replication 6.0 Certificate Management 8.1, 8.2, 8.3, 8.4, 8.5, 8.6 Configure a private certification authority. Manage certificate templates. Issue certificates. Revoke certificates. Enable autoenrollment. 7.0 Digital Rights Management 9.1, 9.2, 9.4 Configure AD RMS policies. Manage AD RMS templates. Configure trusted user domains. Configure trusted publishing domains. Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them.