Exam prep: 70-411 & 70-417 MCSA: Administering Windows

advertisement
Exam prep: 70-411 & 70-417
MCSA: Administering
Windows Server 2012 (R2)
alojukwu@microsoft.com
http://thedevicepros.com
http://www.facebook.com/thedeviceprofessionals
Session Objective(s):
Identify areas that may require
extra studying
Action plan for exam preparation
and success
Relevance
Broader Skill
Set
Recertification
Rigor
Certification
Requirement
s
Deeper Skill
Set
Cannot move between case studies
700 is not 70%
All questions have a
consistent anatomy
Business Problem
Goal Statement
Questions are not
intended to trick you
One or Multiple Correct Answers
Multiple Distracters
Deploy and manage
server images
Implement patch
management
Monitor servers
Install using Roles and
Features
Configuration Options
Using WDS
Install-WindowsFeature –Name WDS -ComputerName Server01 –
IncludeManagementTools (Servermanagercmd.exe deprecated)
Boot, capture, install,
discover images
Install WSUS role
DISM /Online /Enable-Feature /FeatureName: (dism /online /get-features)
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools
GPOs, client side targeting
Synchronization and WSUS groups
Concepts to know…
ImageX, Package Manager and OCSetup – Deprecated
Automatic Approvals for WSUS
Boot, capture, install, discover images
Know your WDS Options with DHCP
PXE is a driving factor for deployments
Deploy & Capture Images
Update images - patches/hotfixes/drivers/features
Installing Features for Offline Images
Deploy, manage, and maintain server
Tasks currently measured
Task changed\added sinc January 2014
Configure driver groups and packages
Deploy and manage server images
Install the Windows Deployment Services (WDS)
role; configure and manage boot, install, and
discover images; update images with patches,
hotfixes, and drivers; install features for offline
images
Manage patch management in mixed environments
Implement patch management
Install and configure the Windows Server Update
Services (WSUS) role; configure group policies for
updates; configure client-side targeting; configure
WSUS synchronization; configure WSUS groups
Monitor servers
Schedule performance monitoring
Configure Data Collector Sets (DCS); configure
alerts; monitor real-time performance; monitor
virtual machines (VMs); monitor events; configure
event subscriptions; configure network monitoring
Your network contains a Microsoft Windows Deployment Services
(WDS) server. You have added a custom image named
CustomWin8.wim to the server.
After creating and adding the custom image to the WDS server,
you decide that the image is missing a feature. You mount the
image to the c:\mount folder.
You need to add the Telnet Client feature the CustomWin8.wim
image.
What should you do?
A.
B.
C.
D.
Run the command imagex /apply C:\mount\CustomWin8.wim 1 D:\
Run the command dism /Image:C:\mount /Enable-Feature /FeatureName:TelnetClient
Run the command dism /Image:CustomWin8.wim /Enable-Feature /FeatureName:TelnetClient
Run the command imagex /image:C:\mount /Enable-Features /FeatureName:TelnetClient
Configure Distributed File
System (DFS)
Configure File Server
Resource Manager (FSRM)
Configure file and disk
encryption
Configure advanced audit
policies
Overview
DFS Replication and DFS Namespaces are role services (rolling up to File and
Storage Services role)
Know what’s new: PowerShell module, WMI mgmt., site awareness for
DirectAccess, dedupe
Know what’s deprecated: dfscmd, FRS
Install and configure DFS Namespaces
Domain-based namespace
Stand-alone namespace
Get familiar with DFSnRoot & DfsnFolder for powershell
Requires the management of referrals
Configure DFS Replication Targets
Configure Replication Scheduling
1.
2.
3.
4.
Install FSRM
Configure Quotas
Configure File Screens
Configure Reports
New Features
Configure BitLocker encryption
Configure the Network Unlock feature (new)
Configure BitLocker policies (Win8 or Win2012)
Configure the EFS recovery agent
Manage EFS and BitLocker certificates including
backup and restore
Implement auditing using Group Policy and
AuditPol.exe
Create expression-based audit policies
Create removable device audit policies
Configure File and Print Services
Tasks currently measured
Task changed\added since January 2014
Configure File Server Resource Manager (FSRM)
Install the FSRM role; configure quotas; configure file
screens; configure reports
Configure file management tasks
Configure Distributed File System (DFS)
Install and configure DFS namespaces; configure DFS
Replication Targets; configure Replication Scheduling;
configure Remote Differential Compression settings;
configure staging; configure fault tolerance
Clone a DFS database; recover DFS databases; optimize DFS
replication
You are the system administrator for Contoso, Ltd. You manage an Active Directory
Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. The forest
functional level is set to Windows Server 2003. The domain functional level is set to
Windows Server 2008. You are preparing to deploy DFS. The deployment must meet
the following requirements.
Users must not be able to see folders that they do not have access to
Users must be able to create 3,000 total folders
Minimize changes to the environment
You need to deploy DFS to meet the requirements. What should you do?
A.
B.
C.
D. Deploy a domain-based DFS namespace with Windows Server 2008 mode enabled.
Configure DNS
zones
Configure DNS
records
Configure VPN and
routing
Configure
DirectAccess
Configure primary and secondary zones
Configure stub zones
Configure conditional forwarders
Deploy and Configure Network Services
IPv4 & IPv6 addressing
DHCP – failover, name protection
DNS – zones, records, DNSSEC
IPAM
VPN & routing
DirectAccess
Install and configure the Remote Access role
1.
2.
Implement Network Address Translation (NAT)
Configure VPN settings
Configure remote dial-in settings for users
Configure routing
Implement server requirements
Implement client configuration
Configure DNS for DirectAccess
Configure certificates for DirectAccess
Configure Network Services and Access
Tasks currently measured
Task changed\added since January 2014
Configure Web Application proxy in pass-through mode
Configure VPN and routing
Install and configure the Remote Access role; implement
Network Address Translation (NAT); configure VPN
settings; configure remote dial-in settings for users;
configure routing
You are the system administrator for Tailspin Toys. You administer
the Active Directory Domain Services (AD DS) environment along
with DNS. Recently, another administrator added a new DNS
Address (A) record for www2.tailspintoy.com. The record points to
10.10.5.254. Forward name resolution is fully functional. However,
the web administrators are reporting that 10.10.5.254 is not
resolving to www2.tailspintoys.com. You need to ensure that
10.10.5.254 resolves to www2.tailspintoys.com.
What should you do?
A.
B. Add a PTR record for 10.10.5.254 and point it to www2.tailspintoys.com.
C.
D.
Configure Network
Policy Server (NPS)
Configure NPS
policies
Configure Network
Access Protection
(NAP)
Configure multiple RADIUS server infrastructures
Configure RADIUS clients
Manage RADIUS templates
Configure RADIUS accounting
Configure certificates
Configure connection request policies
Configure network policies for VPN clients (multilink
and bandwidth allocation, IP filters, encryption, IP
addressing)
Manage NPS templates
Import and export NPS policies
Configure System Health Validators (SHVs)
Configure health policies
Configure NAP enforcement using DHCP and VPN
Configure a Network Policy Server Infrastructure
Tasks currently measured
Configure Network Policy Server (NPS)
Configure multiple RADIUS server infrastructures;
configure RADIUS clients; manage RADIUS templates;
configure RADIUS accounting; configure certificates
Task changed\added since January 2014
Configure a RADIUS server, including RADIUS proxy; manage
configure RADIUS NPS templates
Configure isolation and remediation of non-compliant
computers using DHCP and VPN
Configure NAP client settings
By default, NAP enforcement clients are disabled
Configure service
authentication
Configure Domain
Controllers
Maintain Active
Directory
Configure account
policies
Create and configure Service Accounts
Create/configure Group Managed Service Accounts
Create and configure Managed Service Accounts
Configure Kerberos delegation
Manage Service Principal Names (SPNs)
Configure Universal Group Membership Caching
Transfer and seize operations masters
Install and configure an RODC
Configure Domain Controller cloning
1.
2.
3.
4.
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-activedirectory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning.aspx
Back up Active Directory and SYSVOL
Manage Active Directory offline
Optimize an Active Directory database
Clean up metadata
Configure Active Directory snapshots
Perform object- and container-level recovery
Perform Active Directory restore
Configure domain user password policy
Configure and apply Password Settings Objects
Delegate password settings management
Configure local user password policy
Configure account lockout settings
Configure and manage Active Directory
Tasks currently measured
Task changed\added since January 2014
Maintain Active Directory
Active Directory Recycle Bin
Configure service authentication
Create and configure Service Accounts; create and
configure Group Managed Service
Accounts; create and configure Managed Service
Accounts; configure Kerberos delegation; manage
Service Principal Names (SPNs)
Configure virtual accounts
Back up Active Directory and SYSVOL; manage Active
Directory offline; optimize an Active Directory database;
clean up metadata; configure Active Directory
snapshots; perform object- and container level
recovery; perform Active Directory restore
Configure account policies
Configure Kerberos Policy settings
Configure domain user password policy; configure and
apply Password Settings Objects (PSOs); delegate
password settings management; configure local user
password policy; configure account lockout settings
Configure Group
Policy processing
Configure Group
Policy settings
Manage Group Policy
objects (GPOs)
Configure Group
Policy preferences
Create and Manage Group Policy
Create and Manage Group Policy
Configure processing order and precedence
Configure blocking of inheritance
Configure enforced policies
Configure security filtering and WMI filtering
Configure loopback processing
Configure and manage slow-link processing
Configure client-side extension (CSE) behavior
Configure settings including software installation
folder redirection, scripts, and administrative template
settings
Import security templates
Import custom administrative template file
Convert admin templates using ADMX Migrator
Configure property filters for admin templates
Backup, import, copy and restore GPOs
Create and configure Migration Table
Reset default GPOs
Delegate Group Policy Management
Group Policy Settings
Group Policy Preferences
Strictly enforce policy settings by
writing the settings to areas of the
registry that standard users cannot
modify
Are written to the normal locations in the
registry that the application or operating
system feature uses to store the setting
Typically disable the user interface for
settings that Group Policy is managing
Do not cause the application or operating
system feature to disable the user interface for
the settings they configure
Refresh policy settings at a regular
interval
Refresh preferences by using the same interval
as Group Policy settings by default
Configure and Manage Group Policy
Tasks currently measured
Task changed\added since January 2014
Configure Group Policy processing
Force Group Policy update; configure and manage slow-link
Configure processing order and precedence; configure processing and Group Policy caching
blocking of inheritance; configure enforced policies;
configure security filtering and WMI filtering; configure
loopback processing; configure and manage slow-link
processing; configure client-side extension (CSE)
behavior
You are the system administrator for Woodgrove Bank. An
existing GPO named GPO1 is linked to an OU named Corp.
The Corp OU contains all user objects. You need to ensure
that a GPO named GPO2 applies to all users in the Corp OU
while also ensuring that settings in GPO2 take precedence
over the same settings in GPO1.
What should you do?
A.
B.
C.
D.
Link GPO2 to the domain.
Link GPO2 to the site.
Migrate GPO2 to a local GPO.
Configure GPO2 to be enforced.
Session Objective(s):
Identify areas that may require
extra studying
Action plan for exam preparation
and success
Addition Exam Prep Sessions
Tuesday, May 13 5:00 PM - 6:15 PM Room: Hilton L2 Ballrm F (Alfred Ojukwu)
Monday, May 12 3:00 PM - 4:15 PM Room: Hilton L2 Ballrm F (Alfred Ojukwu)
Monday, May 12 4:45 PM - 6:00 PM Room: Hilton L2 Ballrm F (Peter De Tender)
Wednesday, May 14 10:15 AM - 11:30 AM Room: Hilton L2 Ballrm F (Ryan Sokolowski)
Hands-on Labs
XX
http://channel9.msdn.com/Events/TechEd
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
Download