lesson plan - it certification training courseware · lesson plan . revised 2016/05/17 ... exam and...

TestOut Server Pro:

Advanced Services – English 3.1.x

LESSON PLAN

Revised 2016/05/17

Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft. Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them.

Table of Contents

Course Overview .................................................................................................. 4 Course Introduction for Instructors ........................................................................ 6 Section 1.1: Multi-Domain Forests ........................................................................ 8 Section 1.2: Cross-Forest Trusts ........................................................................ 10 Section 1.3: External, Shortcut and Realm Trusts .............................................. 12 Section 1.4: Sites Overview ................................................................................ 14 Section 1.5: Managing Sites ............................................................................... 16 Section 1.6: Managing Replication...................................................................... 18 Section 1.7: Read-Only Domain Controllers (RODCs) ........................................ 20 Section 1.8: RODC Management........................................................................ 22 Section 2.1: Network File System (NFS) ............................................................. 24

Section 2.2: BranchCache .................................................................................. 26 Section 2.3: Dynamic Access Control (DAC) ...................................................... 28 Section 2.4: DAC Management........................................................................... 30 Section 2.5: Advanced Storage .......................................................................... 32 Section 2.6: Storage Optimization....................................................................... 34 Section 3.1: Windows Server Backup ................................................................. 36 Section 3.2: Restore from Backup ...................................................................... 38 Section 3.3: Volume Shadow Copies .................................................................. 40 Section 3.4: Boot Configuration Data (BCD) Store ............................................. 42 Section 4.1: DHCP Overview .............................................................................. 44 Section 4.2: DHCP Scopes ................................................................................. 46 Section 4.3: DHCP and IPv6 ............................................................................... 48

Section 4.4: DHCP High Availability .................................................................... 50 Section 4.5: IPAM Overview ............................................................................... 52 Section 4.6: IPAM Configuration ......................................................................... 54 Section 4.7: IPAM Management ......................................................................... 56 Section 5.1: DNS Security .................................................................................. 57 Section 5.2: Advanced DNS Settings .................................................................. 59 Section 5.3: GlobalNames Zones ....................................................................... 61 Section 6.1: Virtual Machine Management ......................................................... 63 Section 6.2: Hyper-V High Availability ................................................................. 65 Section 7.1: Network Load Balancing ................................................................. 67

Section 7.2: Network Load Balancing Management ........................................... 69 Section 7.3: Failover Clustering .......................................................................... 71 Section 7.4: Failover Cluster Management ......................................................... 74

Section 7.5: Failover Clustered Role Management ............................................. 76 Section 7.6: Failover Cluster with Hyper-V ......................................................... 78

Section 8.1: Active Directory Certificate Services Overview ............................... 80 Section 8.2: Certificate Management .................................................................. 82 Section 8.3: Certificate Revocation ..................................................................... 84 Section 8.4: Certificate Templates ...................................................................... 86 Section 8.5: Certificate Autoenrollment ............................................................... 88


Section 8.6: Key Archival and Recovery ............................................................. 90

Section 8.7: Certificate Authority (CA) Management ........................................... 92 Section 8.8: CA Backup and Recovery ............................................................... 94 Section 9.1: AD RMS Overview .......................................................................... 95 Section 9.2: AD RMS Installation ........................................................................ 97 Section 9.3: AD RMS Client Deployments .......................................................... 99 Section 9.4: AD RMS Templates ...................................................................... 100 Section 10.1: AD FS Overview ......................................................................... 102 Section 10.2: AD FS Certificates....................................................................... 103 Section 10.3: Resource Partner ........................................................................ 104 Section 10.4: Accounts Partner ........................................................................ 106 Section 10.5: AD FS Proxies ............................................................................ 107 Section 10.6: AD FS and Cloud Services ......................................................... 109

Section 10.7: AD FS and AD RMS .................................................................... 110

Server Pro: Advanced Services Practice Exams ............................... 112 Microsoft 70-412 Practice Exams ..................................................................... 113 Appendix A: Approximate Time for the Course ................................................. 114 Appendix B: Exam 70-412: Configuring Advanced Windows Server 2012 Services Objectives .......................................................................................... 117

Appendix C: Server Pro: Advanced Services Objectives................... 123

Course Overview This course prepares students for TestOut’s Server Pro: Advanced Services exam and Microsoft’s 70-412 certification exam.

Module 1 – Active Directory Infrastructure

This module teaches the students details about the infrastructure of Active Directory and how to manage the elements involved.

Module 2 – File and Storage Solutions In this module students will learn about file and storage solutions, such as file

sharing, using BranchCache, implementing and managing Dynamic Access

Control, configuring iSCSI, and storage spaces.

Module 3 – Disaster Recovery

This module teaches students about backing up and restoring data, implementing shadow copies, and finding tools to assist in system recovery.

Module 4 – Advanced DHCP

This module examines using Dynamic Host Configuration Protocol (DHCP) and IPAM to centralize and streamline management of IP address assignments.

Module 5 – Advanced DNS

In this module students will learn concepts about configuring DNS security: DNSSEC, DNS Socket Pooling, Cache Locking, Advanced DNS settings, and GlobalNames zones.

Module 6 – Hyper-V

This module discusses management of virtual machines and Hyper-V replicas.

Module 7 – High Availability This module teaches students about the components that create high availability:

Network load balancing, Failover Clustering, Active Directory Certificate Service,

AD RMS, and AD FS.

Module 8 – Active Directory Certificate Services

This module examines encryption and certificate solutions using Active Directory Certificate Services. This includes managing and revoking certificates, using certificate templates, configuring Certificate Autoenrollment, archiving and recovering keys, and managing the Certificate Authority.

Module 9 – Active Directory Rights Management Services (AD RMS)

In this module students will learn concepts about installing and deploying AD RMS.



Module 10 – Active Directory Federation Services 2.1 (AD FS)

This module discusses using AD FS to provide access to resources that are offered by trusted partners across the Internet.

Practice Exams

In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. The practice exams contain examples of the types of questions that a student will find on the actual exam:

Server Pro: Advanced Services Practice Exams

Microsoft 70-412 Practice Exams


Course Introduction for Instructors

This course provides students with the knowledge to become industry certified as a Windows professional. It prepares the student for the following exams:

Microsoft’s 70-412: Configuring Advanced Windows Server 2012 Services

TestOut’s Server Pro: Advanced Services

Microsoft’s 70-412: Configuring Advanced Windows Server 2012 Services certification measures the students’ ability to administer, configure, and manage Windows Server 2012 advanced services. The following knowledge domains are addressed:

Configure and manage high availability

Configure file and storage solutions

Implement business continuity and disaster recovery

Configure network services

Configure the Active Directory infrastructure

Configure identity and access solutions

Note: MS 70-412 objectives are listed in Appendix B: 70-412: Configuring Advanced Windows Server 2012 Services Objectives

TestOut’s Server Pro: Advanced Services certification measures the students’ ability to perform real-world job skills using the Windows Server 2012 operating system. The following knowledge domains are addressed:

Advanced Active Directory Configuration

Advanced Storage Management

Server Data Protection

Advanced DHCP and DNS Configuration

High Availability Implementation

Certificate Management

Digital Rights Management

Note: TestOut’s Server Pro: Advanced Services objectives are listed in Appendix C: Server Pro: Advanced Services Objectives

The section introductions in LabSim and the lesson plans list the objectives that are met for each of the exams in that section.


The following icons are placed in front of lesson items in LabSim to help students quickly recognize the items in each section:

= Demonstration

= Exam

= Lab/Simulation

= Text lesson or fact sheet

= Video The video and demonstration icons are used throughout the lesson plans to help instructors differentiate between the timing for the videos and demonstrations. In the lesson plans the Total Time for each section is calculated by adding the approximate time for each section which is calculated using the following elements:

Video/demo times

Approximate time to read the text lesson (the length of each text lesson is taken into consideration)

Simulations (5 minutes is assigned per simulation. This is the amount of time it would take for a knowledgeable student to complete the lab activity. Plan that the new students will take much longer than this depending upon their knowledge level and computer experience.)

Questions (1 minute per question) Note: Appendix A: Approximate Time for the Course contains the approximate time for each section, which are totaled for the entire course.


Section 1.1: Multi-Domain Forests

Summary

This section provides the basics of managing multi-domain forests. Concepts covered include:

Prerequisites required before adding the first domain controller runningWindows Server 2012 to an existing Active Directory environment:

o Server disk spaceo Supported Windows Server 2012 editionso Forest and domain functional levels

Tools to prepare forest and domain to support Windows Server 2012:o Adprep /forestprepo Adprep /domainprepo Adprep /rodcprep

Installation scenarios for AD DS for Windows 2012:o Installing a new Windows Server 2012 foresto Installing a new Windows Server 2012 domain controller to create a

new domain in an existing Windows Server 2003, 2008, or 2008 R2forest

Tools to promote the Windows Server 2012 system as a domain controllerin the domain:

o Server Managero PowerShell (using ADDSDeployment cmdlets)o DCPromo (only for Server Core deployments using an answer file)

The role of a functional level

Features available at each domain functional level

Features available at each forest functional level

Management of functional levels

Guidelines that apply to raising the domain or forest functional levels

Students will learn how to:

Raise the functional level of a domain.

Raise the functional level of a forest.

Add a new child domain to a multi-domain forest.

Server Pro: Advanced Services Exam Objectives:

1.0 Advanced Active Directory Configuration.o Raise the functional level of an Active Directory forest


70-412 Exam Objectives:

501. Configure a forest or a domain. o Implement multi-domain and multi-forest Active Directory

environments including interoperability with previous versions of Active Directory

o Upgrade existing domains and forest including environment preparation and functional levels

o Configure multiple user principal name (UPN) suffixes Lecture Focus Questions:

When do you use the adprep /domainprep /gpprep command instead of the adprep /domainprep command?

What are the prerequisites for adding the first domain controller running Windows Server 2012 to an existing Active Directory environment?

How does the functional level of a domain impact the capabilities available on domain controllers in the domain or forest?

How does the functional level of a domain affect which operating systems you can run on workstations and servers in the domain?

What circumstances might prevent you from raising the functional level of a domain?

In which two circumstances can you revert to a lower functional level without rebuilding the domain or forest?

Video/Demo Time

1.1.1 Multi-Domain Forests 10:37 1.1.2 Upgrading Multi-Domain Forests 10:01 1.1.3 Adding a New Child Domain 7:35

Total 28:13

Lab/Activity

Raise Functional Levels Raise the Domain and/or Forest Levels

Number of Exam Questions

5 questions

Total Time

About 50 minutes


Section 1.2: Cross-Forest Trusts

Summary

This section provides information about preparing and creating cross-forest trusts. Details include:

The role of trusts

Properties of trusts:o Direction of Trust:

One-way Trust Two-way Trust

o Direction of Resource Accesso Transitivity

How trusts are created for:o Domains within a foresto Trusts between forests

Considerations when creating forest trusts

Authentication security settings that can be applied to trusts:o Selective authenticationo Domain-wide authenticationo Forest-wide authentication


Create and configure a forest root trust between two domains.

Create trust relationships with a specified domain.


1.0 Advanced Active Directory Configuration.o Create forest root, cross-forest, external, shortcut, and realm trusts


502 Configure trusts.o Configure trust authentication


Lecture Focus Questions:

Which types of trusts are created automatically for domains within a forest?

What are the characteristics of automatically-created domain trusts?

What are the characteristics of trusts between forests?

When can forest trusts be used?

When must you create an external trust?

What advantages does selective authentication provide to system administrators for securing resources in a forest?

Video/Demo Time

1.2.1 Cross-Forest Trusts 6:26 1.2.2 Preparation for a Cross-Forest Trust 1:29 1.2.3 Preparing for a Cross-Forest Trust 7:40 1.2.4 Creating a Cross-Forest Trust 11:56

Total 27:31

Lab/Activity

Create a Forest Root Trust Design Trusts


9 questions

Total Time

About 50 minutes


Section 1.3: External, Shortcut and Realm Trusts

Summary

This section provides details about creating external, shortcut, and realm trusts.


Manually create an external trust to allow users on one domain to accessresources in a domain of another forest.

Create a shortcut trust to speed up authentication between domains in thesame forest.

Server Pro: Advanced Services Objectives:

1.0 Advanced Active Directory Configuration.o Create forest root, cross-forest, external, shortcut, and realm trusts


502 Configure trusts.o Configure external, forest, shortcut, and realm trustso Configure trust authenticationo Configure SID filteringo Configure name suffix routing


How do shortcut trusts improve user logon times between two domainswithin a forest?

What are the characteristics of an external trust?

When should you use a realm trust?

What features does Active Directory Federated Services (AD FS) offer?


Video/Demo Time

1.3.1 External, Shortcut and Realm Trusts 5:00 1.3.2 Creating a Shortcut Trust 2:23

Total 7:23

Lab/Activity

Create a Shortcut Trust


4 questions

Total Time

About 20 minutes


Section 1.4: Sites Overview

Summary

This section provides an overview of sites and subnets. Details covered include:

The role of a site

The role of a subnet

Considerations about sites and subnets

Sites and subnets allow an administrator to monitor: o Active Directory replication between locations o Workstation logon traffic o Objects in Active Directory o Distributed File System (DFS) resource access o File Replication Service (FRS) characteristics o Properties for any site-aware application


Create and manage sites, subnets, and site links.


503. Configure sites. o Configure sites and subnets o Create and configure site links o Move domain controllers between sites


How does a subnet differ from a site?

What is the purpose of sites and subnets?

What criteria are used to assign computers to sites?

How are clients assigned to sites?

What criteria determine the site that a domain controller is assigned?


Video/Demo Time

1.4.1 Overview of Sites 7:54 1.4.2 Creating Sites, Subnets, and Site Links 12:47

Total 20:41

Lab/Activity

Manage Sites and Subnets


3 questions

Total Time

About 30 minutes


Section 1.5: Managing Sites

Summary

This section discusses the following issues when managing sites:

Logon requests

Site link cost

Site link schedules

Site link interval

Global Catalog servers

Universal Group Membership Caching


Determine the domain controller that will process logon requests at a site.

Set up a Global Catalog.

Enable Universal Group Membership Caching.


1.0 Advanced Active Directory Configuration.o Manage sites, subnets, and site links


503. Configure sites.o Manage site coverageo Manage registration of SRV records


How can you determine which domain controller will authenticate a clientwhen more than one domain controller exists at a site?

How are site link costs determined?

What steps can you take to ensure that a particular domain controller doesnot authenticate clients from another site?

How does a Global Catalog server facilitate faster searches and logon?

What are the benefits of Universal Group Membership Caching? Whenshould it be used?

What two things should you consider when defining site link schedules?


Video/Demo Time

1.5.1 Site Management 17:10 1.5.2 Managing Sites 10:01

Total 27:11


10 questions

Total Time

About 40 minutes


Section 1.6: Managing Replication

Summary

This section examines managing replication. Concepts covered include:

Terms to be familiar with: o Site link bridge o Bridgehead server o Connection

Sites and Services distinguishes between two types of replication: o Intrasite o Intersite

Transport protocols used by replication: o Directory Services Remote Procedure Call (DS-RPC) o Inter-Site Messaging Simple Mail Transfer Protocol (ISM-SMTP)

Facts about intrasite replication: o Occurs between domain controllers within a site o By default, occurs once every hour o Modifying the replication frequency o Connections are created automatically as necessary

Intersite replication configuration steps: o Preferred bridgehead server o Replication schedule o Replication frequency o Site link cost o Bridged site replication o Forced replication

Example of site link bridging

The role of SYSVOL folder

File Replication Service (FRS) vs. Distributed File System (DFS)

Benefits of DFS replication

Migrating from FRS replication to DFS replication

States that indicate stable stages in the migration process: o Not initiated o Start o Prepared o Redirected o Eliminated

Considerations when managing migration Students will learn how to:

Create a site link bridge.

Manage replication of AD and SYSVOL.


Monitor replication of AD and SYSVOL.


1.0 Advanced Active Directory Configuration.o Manage sites, subnets, and site links.o Configure site replication.


504. Manage Active Directory and SYSVOL replication.o Monitor and manage replicationo Upgrade SYSVOL replication to Distributed File System Replication

(DFSR)


What types of trusts are enabled by default for site link bridges?

How do you establish bidirectional communications between domaincontrollers?

How does intrasite replication differ from intersite replication?

What are three ways that you can force replication?

How can you force a certain path between sites for replication?

What is the process for migrating from FRS replication to DFS replicationwhen the domain is at Windows Server 2003 functional level?

During which migration stages are you able to roll back the migration?

Video/Demo Time

1.6.1 Active Directory Replication 12:46 1.6.2 Monitoring and Managing Replication 12:51

Total 25:37

Lab/Activity

Configure Intrasite Replication Configure Intersite Replication


15 questions

Total Time

About 60 minutes


Section 1.7: Read-Only Domain Controllers (RODCs)

Summary

In this section students will learn details about creating RODCs. Concepts covered include:

Features of RODCs:o Administrator role separationo Unidirectional replicationo Read-only datao Password replicationo DNS Server service

Requirements to be met before RODCs are installed in a domain

Performing a staged installation of an RODC in which the installation isperformed by two different individuals in separated stages

Generals steps to install a read-only domain controller (RODC)

Considerations when installing RODC


Create and configure an RODC account.


1.0 Advanced Active Directory Configuration.o Implement read-only domain controllers


504. Manage Active Directory and SYSVOL replication.o Configure replication to Read-Only Domain Controllers (RODCs)


In which environments is an RODC typically deployed?

What are the benefits and the drawbacks of unilateral replication?

What are the requirements for installing an RODC in a domain?

How does the administrative role separation (ARS) feature protect domaincontroller security?


Video/Demo Time

1.7.1 Read-Only Domain Controllers 9:11 1.7.2 Pre-Staging RODC Accounts 6:53 1.7.3 Joining an RODC to the Domain 4:57

Total 21:01

Lab/Activity

Create RODC Accounts


5 questions

Total Time

About 35 minutes


Section 1.8: RODC Management

Summary

This section discusses the following considerations managing an RODC:

Administrator role separation

Replication traffic management

Security management


Configure the password replication policy on the RODC to cache onlypasswords for specified users.

Prepopulate passwords before users even attempt to log on.


1.0 Active Directory Configuration.o Implement read-only domain controllers


504. Manage Active Directory and SYSVOL replication.o Configure Password Replication Policy (PRP) for RODCs


How does the password replication policy control password replication?

What preventative measures can you implement to protect the data on anRODC in the event it is lost or stolen?

How can you prevent certain data from being replicated to an RODC?

What steps should you take if an RODC has been compromised?

When does an RODC attempt inbound replication?

Which two built-in groups can be used for password replication onRODCs?


Video/Demo Time

1.8.1 RODC Management 9:52 1.8.2 Managing RODCs 6:01

Total 15:53

Lab/Activity

Edit the Password Replication Policy


6 questions

Total Time

About 35 minutes


Section 2.1: Network File System (NFS)

Summary

This section discusses using Network File System (NFS) to transfer files between computers running Windows and UNIX/Linux operating systems. Details include:

Considerations when deploying NFS file sharing on Windows Server2012:

o System requirementso NFS service installationo NFS service configurationo NFS share configuration


Create and configure an NFS share.


2.0 Advanced Storage Management.o Implement NFS to support UNIX/Linux systems


201. Configure advanced file services.o Configure NFS data store


Which PowerShell cmdlets install NFS sharing components on a WindowsServer 2012 system?

What configuration tasks must be completed before using the NFS Serveror Client on a Windows Server 2012 system?

What are two ways you can create shares in the server's NTFS file systemand export them to NFS clients?

In which two ways can you map a UNIX/Linux user or group to a Windowsuser or group?


Video/Demo Time

2.1.1 NFS Overview 1:53 2.1.2 Configuring an NFS Data Store 12:10

Total 14:03

Lab/Activity

Configure an NFS Share


4 questions

Total Time

About 25 minutes


Section 2.2: BranchCache

Summary

This section discusses using BranchCache to allow users in branch offices to access information more quickly. Concepts covered include:

The role of BranchCache

BranchCache modes: o Hosted Cache o Distributed Cache


Configure a BranchCache content server.

Configure a hosted BranchCache server.

Use PowerShell cmdlets to configure BranchCache clients.

Verify BranchCache client settings.


201. Configure advanced file services. o Configure BranchCache


What method do you use to configure a file server as a BranchCache content server?

How does hosted cache mode differ from distributed cache mode in systems using BranchCache?

What are the advantages of using Group Policy to configure BranchCache on multiple computers?

How do you use Group Policy to configure firewall rules for BranchCache clients?

Which settings should you verify when inspecting the current BranchCache operation mode using the Get-BCStatus cmdlet?

What should you be aware of if you use both PowerShell cmdlets and Group Policy to configure BranchCache on client systems?


Video/Demo Time

2.2.1 BranchCache Overview 5:34 2.2.2 Configure BranchCache 6:11

Total 11:45


10 questions

Total Time

About 25 minutes


Section 2.3: Dynamic Access Control (DAC)

Summary

In this section students will learn about using Dynamic Access control (DAC) to enable granular control over data access. Details include:

The role of Dynamic Access Control (AC)

Factors that can be used to change the level of access of a user

Components of DAC implementation:o Resource propertieso Classification ruleso Claims-based access control:

User claims Devices claims

o Central access ruleso Central access policies

Considerations when setting up the permission for DAC and NTFS filepermissions

Tasks to implement Dynamic Access Control (DAC):o Install FSRMo Define resource propertieso Create classification ruleso Configure claim typeso Define central access ruleso Define central access policieso Configure Group Policy settingso Apply central access policies


Use FSRM to configure File Classification Infrastructure.

Create and configure classification rules.

Configure a classification schedule.


2.0 Advanced Storage Management.o Implement Dynamic Access Control (DAC)



201. Configure advanced file services. o Configure File Classification Infrastructure (FCI) using File Server

Resource Manager (FSRM)

202. Implement Dynamic Access Control (DAC). o Configure user and device claim types o Configure file classification o Create and configure Central Access rules and policies o Create and configure resource properties and lists


By implementing DAC, what criteria can you use to dynamically change the level of access a user has to file server data?

How can you use NTFS file system permissions and DAC to control resource access?

To which types of data can classification rules be applied?

How does the Content Classifier method of assigning a property to a file differ from the Windows PowerShell Classifier method?

What are the components of a central access rule?

Which Kerberos Group Policy settings must be enabled to support DAC?

Video/Demo Time

2.3.1 DAC Overview 10:22 2.3.2 Configuring File Classification Infrastructure (FCI) using FSRM 11:30 2.3.3 Implementing DAC Policies 19:59

Total 41:51

Lab/Activity

Configure File Classification Infrastructure


4 questions

Total Time

About 55 minutes


Section 2.4: DAC Management

Summary

In this section students will learn about options to manage Dynamic Access Control (DAC). Details in this section include:

Staging

Access-denied remediation


Staging policy changes for central access policies for DAC.

Use Group Policy to configure file access auditing.


2.0 Advanced Storage Management.o Implement Dynamic Access Control (DAC)


201. Configure advanced file services.o Configure file access auditing

202. Implement Dynamic Access Control (DAC).o Implement policy changes and stagingo Perform access-denied remediation


How can you test the effect of DAC rules without enforcing them?

What is the purpose of access-denied remediation?

What are two requirements for using access-denied remediation?

What should you be aware of if you use both File Server ResourceManager and Group Policy to configure DAC?

Video/Demo Time

2.4.1 DAC Management 5.01 2.4.2 Implementing Policy Changes and Staging 6:40 2.4.3 Performing Access-denied Remediation 5:09

Total 16:50


3 questions


Total Time

About 20 minutes


Section 2.5: Advanced Storage

Summary

This section examines using iSCSI and iSNS to provide advanced storage capabilities. Details include:

Hardware required to create an iSCSI SAN:o Ethernet cablingo Ethernet switcheso Ethernet NICs

The role of iSCSI targets

The role of iSCSI initiator

iSCSI terminology to be familiar with:o network entityo network portalo Protocol Data Unit (PDU)o iSCSI nameo iSCSI Qualified Name (IQN)o iSCSI targeto iSCSI initiatoro LUN

Considerations when choosing between iSCSI and other SANtechnologies

Steps to configure iSCSI initiators

The role of Internet Storage Name Service (iSNS)


Create an iSCSI virtual disk and configure an iSCSI target on it.

Configure an iSCSI initiator with access to the virtual disk.

Install the iSNS Server Service feature and configure iSNS.


2.0 Advanced Storage Management.o Implement an iSCSI SAN


203 Configure and optimize storage.o Configure iSCSI Target and Initiatoro Configure Internet Storage Name server (iSNS)



What are the hardware components of a SAN?

What is the advantage of using Ethernet hardware for a SAN implementation?

What is the benefit from implementing a second, parallel network infrastructure dedicated only to the iSCSI SAN?

In an iSCSI SAN, what purpose does the network portal serve?

What are the steps to configure iSCSI initiators?

What functions does Storage Name Service (iSNS) provide?

Video/Demo Time

2.5.1 iSCSI and Internet Storage Name Server (iSNS) 2:35 2.5.2 Configuring an iSCSI Target 2:23 2.5.3 Configuring the iSCSI Initiator 4:19 2.5.4 Configuring iSNS 3:11

Total 12:28

Lab/Activity

Configure an iSCSI Target Configure the iSCSI Initiator


8 questions

Total Time

About 35 minutes


Section 2.6: Storage Optimization

Summary

This section covers optimizing storage by using storage spaces and storage pools. Concepts covered include:

Components of storage spaces: o Devices o Pools o Storage spaces

Steps to follow when more disk space is needed

Configuration options in storage pool creation: o Allocation o Storage layout:

Simple Two-way mirror Three-way mirror Parity

o Provisioning: Fixed provisioning Thin provisioning

Considerations about storage spaces

Storage pool limitations

PowerShell commands to manage storage spaces: o New-StoragePool o Add-PhysicalDisk o New-VirtualDisk o Get-StoragePool

Options to optimized storage on a Windows Server 2012 system: o Data deduplication o Features on Demand


Configure storage pools.

Reduce disk space used by Windows Server 2012 using Features on Demand.

Enable data deduplication to optimize data storage.



102 Configure failover clustering. o Configure and optimize clustered shared volumes o Configure storage spaces

203 Configure and optimize storage. o Implement thin provisioning and trim o Manage server free space using Features on Demand


How does fixed provisioning differ from thin provisioning?

What are the limitations of the storage pool?

Which PowerShell cmdlets can you use to manage storage spaces and what is the function of each?

How does data deduplication differ from Features on Demand?

How can you use Features on Demand to manage free space of a Windows Server 2012 server?

Video/Demo Time

2.6.1 Storage Optimization 4:33 2.6.2 Optimizing Storage 12:33 2.6.3 Storage Tiers 12:51

Total 29:57


8 questions

Total Time

About 45 minutes


Section 3.1: Windows Server Backup

Summary

This section provides details of using Windows Server Backup. Concepts covered include:

The role of the Online Backup feature in Windows 2012

Steps to perform online backups

The role of the Windows Server Local Backup

Considerations about using Windows Server Backup

Methods Windows Server Backup provides to run backups:o Windows Server Backup MMC snap-ino Wbadmin from the command prompto PowerShell cmdlets for Windows Server Backup

Options available with Windows Server Backup:o Full Servero Bare metal recoveryo System stateo Individual volumeso Folders or files

Storage types that Windows Server Backup can save backups to:o Internal disko External disko Shared foldero DVD, other optical or removable media

When using Windows Server Backup you cannot back to:o Tapeo USB flash driveso Pen drives


Install Windows Server Backup.

Configure a regular backup schedule for a server.

Back up a server.


3.0 Server Data Protection.o Configure server backups



301 Configure and manage backups. o Configure Windows Server backups o Configure Windows Online backups o Configure role-specific backups


When using the Online Backup feature in Windows Server 2012, what options do you have for obtaining the certificate file?

Which types of backups are not supported by Online Backup and must be done using a local backup?

What is the best practice for securing the Online Backup passphrase?

What happens if the online backup destination does not have sufficient space available to store the backup?

When using Windows Server Backup, which backup option would you use if you want to be able to recover all volumes including system state and bare metal recoveries?

Which media types are not supported by Windows Server Backup?

Video/Demo Time

3.1.1 Windows Server Backup 3:16 3.1.2 Configuring Windows Server Backup for Local Backup 2:33 3.1.4 Configuring Windows Server Backup for Online Backup 6:27

Total 12:16

Lab/Activity

Back Up a Server


13 questions

Total Time

About 35 minutes


Section 3.2: Restore from Backup

Summary

This section discusses restoring from backup. Concepts covered include:

Considerations when restoring from backups

Recovery types and the tools to perform them:o Onlineo Files and folderso Hyper-Vo Volumeso Applicationso Bare metal or full servero System state


Restore a server from backup.

Restore user data from backup.

Perform a Bare Metal Recovery.


3.0 Server Data Protection.o Restore server data from backup


302 Recover servers.o Restore from backupso Perform a Bare Metal Restore (BMR)


Which are the only types of files that can be recovered from an onlinebackup?

Which are the only media supported for recovering files and folders usingWindows Server Backup?

Who is authorized to perform recoveries using Windows Server Backup?

What tool allows you to recover Hyper-V virtual machines?

When recovering volumes, how is the existing data on the destinationvolume handled?


Video/Demo Time 3.2.1 Restore from Backup 1:38 3.2.2 Recovering User Data 3:42 3.2.3 Performing a Bare Metal Recovery (BMR) 3:30

Total 8:50


3 questions

Total Time

About 15 minutes


Section 3.3: Volume Shadow Copies

Summary

This section discusses using Volume Shadow Copies to make copies of user files at regular intervals. Concepts covered include:

The role of Volume Shadow Copy Service (VSS)

Considerations when using VSS

VSS areas when implementing shadow copies:o Schedulingo Storingo Recoveringo NTFS Permissionso VSSAdmin


Enable and configure shadow copies for shared folders.

Restore a previous version of a file.

Use VSSAdmin to manage VSS settings from the command line.


3.0 Server Data Protection.o Enable shadow copies


301 Configure and manage backups.o Manage VSS settings using VSSAdmin


How do you view and manage previous versions of volumes, folders andfiles?

What criteria should you use for scheduling shadow copies of volumedata?

How are NTFS permissions on previous versions of a file affected duringrecovery?

How does restoring folders affect new files that have been added sincethe shadow copy was made?

What steps should you take to allow defragmentation on volumes withVSS enabled?

What happens if you delete a volume before disabling VSS?


Video/Demo Time

3.3.1 Volume Shadow Copies 2:25 3.3.2 Configuring VSS 3:21 3.3.2 Managing VSS Settings with VSSAdmin 2:07

Total 7:53

Lab/Activity

Enable Shadow Copies Restore Previous Version 1 Restore Previous Version 2


11 questions

Total Time

About 35 minutes


Section 3.4: Boot Configuration Data (BCD) Store

Summary

In this section students will learn about Boot Configuration Data (BCD) Store. Concepts covered include:

Tools to assist in system recovery: o System Recovery Options o Boot Configuration Data (BCD) o Windows Memory Diagnostic Tool (WMDT) o Startup and Recovery options o System Configuration utility (Msconfig.exe)

The role of boot options

Windows Server 2012 startup modes: o Repair Your Computer o Safe Mode o Safe Mode with Networking o Safe Mode with Command Prompt o Enable Boot logging o Enable low-resolution video o Last Known Good Configuration o Debugging Mode o Disable automatic restart on a system failure o Disable Driver Signature Enforcement o Disable Early Launch Anti-Malware Protection

Recommendations to troubleshoot startup errors with the advanced boot options


Configure the BCD store.

Use Advanced Boot options to boot a computer. 70-412 Exam Objectives:

302 Recover servers. o Recover servers using Windows Recovery Environment (Win RE)

and safe mode o Configure the Boot Configuration Data (BCD) store



When would you need to use the System Image Recovery tool?

In which situations would the System Configuration utility (bcd) be useful?

What actions can you take to boot your system if it is not running and will not boot normally?

When should you access the Repair Your Computer option?

When should you boot your computer into safe mode?

In which situations will the Last Known Good Configuration option be useful?

Why would it be useful to enable the Disable automatic restart on system failure option?

Video/Demo Time

3.4.1 BCD Store Overview 1:27 3.4.2 Configuring the BCD Store 7:55

Total 9:22


4 questions

Total Time

About 20 minutes


Section 4.1: DHCP Overview

Summary

This section provides an overview of DHCP. Concepts covered include:

Methods that clients use to obtain an address from a DHCP server: o DHCP Discover (D) o DHCP Offer (O) o DHCP Request (R) o DHCP ACK (A)

DHCP Authorization requirements

DHCP Server authorization verification

Considerations when installing and configuring a DHCP Server

DHCP console context-sensitive icons: o Check mark in a green circle o Red down arrow o Horizontal white line inside a red circle o Exclamation sign inside a yellow triangle o Exclamation sign inside a blue circle


Install a DHCP server.

Authorize a DHCP server. 70-412 Exam Objectives:

401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution.

o Implement DHCPv6


What are the steps a DHCP client uses to obtain an IP address from a DHCP server?

What permissions do you need to authorize a DHCP server?

When is authorization not required for a DHCP server?

What happens when a DHCP server's IP address is not found in Active Directory?

How would you set up a DHCP Administrator so that the administrator has rights on all DHCP servers in the domain?

In the DHCP console, you notice that the DHCP server icon has a red down arrow beside it. What is the status of the DHCP server?


Video/Demo Time

4.1.1 DHCP Overview 1:42 4.1.2 Installing and Authorizing DHCP Server 1:49

Total 3:31


5 questions

Total Time

About 10 minutes


Section 4.2: DHCP Scopes

Summary

This section provides details of using DHCP scopes. Concepts covered include:

Working with DHCP scopes

DHCP options: o Server options o Scope options o Class options o Client options

Common options include: o 003 Router o 006 DNS Servers o 015 DNS Domain Name

Considerations when working with DHCP options

Key components of DHCP policies: o Conditions o Settings

The role of a superscope

Options for a DHCP server to service a subnet separated with a router: o 1542 compliant router o DHCP relay agent


Create and activate DHCP scopes.

Create a multicast scope.

Create and configure a superscope.



o Create and configure superscopes and multicast scopes o Configure DNS registration



What are the four levels of DHCP IP configuration options and what is the purpose of each?

In what order are DHCP options applied?

Which option values take precedence: those delivered through DHCP or those configured manually on the client?

How can you change the subnet mask in an existing scope?

When should you use reservations for a DHCP client?

When would you use a DHCP policy?

When might you use a superscope?

Video/Demo Time

4.2.1 DHCP Scopes 7:33 4.2.2 Creating IPv4 Scopes 14:22

Total 21:55

Lab/Activity

Create a Superscope


11 questions

Total Time

About 45 minutes


Section 4.3: DHCP and IPv6

Summary

This section provides the basic information about the structure of IPv6 and using DHCP in an IPv6 environment.

Components of a IPv6 address:o Formato Leading zeroso Prefix and interface ID

Considerations when using Ipv6

Comparison of IPv4 address types with IPv4 address types

The process to configure the IPv6 Address assignment

Address types of an autoconfigured IPv6 address:o Tentativeo Valid:

Preferred Deprecated

o Invalid

The role of DHCP in an IPv6 environment

DHCPv6 broadcasts:o Solicit Packet (S)o Advertise Packet (A)o Request Packet (R)o Reply Packet (R)

Configuring a DHCP server for IPv6


Create an IPv6 scope.

Configure DHCPv6 scope options.


4.0 Advanced DHCP and DNS Configuration.o Configure DHCP to support IPv6




o Implement DHCPv6


How does IPv6 differ from IPv4?

What is the purpose of a neighbor solicitation?

If the M and O flags in the router advertisement (RA) message are set to 1, what type of configuration method should you use?

What options do you have for dealing with zeros (0s) in an IPv6 address?

How is autoconfiguration in IPv6 improved over autoconfiguration in IPv4?

What does a multicast address indicate?

Video/Demo Time

4.3.1 IPv6 Overview 3:59 4.3.2 Implementing IPv6 1:39

Total 5:38

Lab/Activity

Configure an IPv6 Scope


9 questions

Total Time

About 25 minutes


Section 4.4: DHCP High Availability

Summary

This section discusses the following DHCP high availability features available on Windows Server 2012.

Split scopes

Failover

Name Protection


Create and configure a split scope

Configure a DHCP failover


4.0 Advanced DHCP and DNS Configuration.o Configure split DHCP scopeso Configure DHCP failover


401 Implement an advanced Dynamic Host Configuration Protocol(DHCP) solution.

o Configure high availability for DHCP including DHCP failover andsplit scopes

o Configure DHCP Name Protection


What is a split scope?

How do you create a split scope?

When configuring a split scope, how can you help to ensure that thepreferred server is accepted by the client computer?

How does DHCP implement name protection?

In which two ways can you implement DHCP failover?


Video/Demo Time

4.4.1 DHCP High Availability 4:59 4.4.2 DHCP Split Scopes 4:11 4.4.4 DHCP Failover 6:18 4.4.7 DHCP Name Protection 1:35

Total 17:03

Lab/Activity

Configure a Split Scope Configure DHCP Failover 1 Configure DHCP Failover 2


3 questions

Total Time

About 40 minutes


Section 4.5: IPAM Overview

Summary

This section provides an overview of IP Address Management (IPAM). Details include:

The role of IPAM

Key IPAM specifications

Phases for the process of installing IPAM: o Install the IPAM role o Connect to the IPAM server o Provision the IPAM server o Configure server discovery o Discover servers o Define managed servers o Gather data from managed servers

Features that Windows Server 2012 R2 supports Students will learn how to:

Manually configure IPAM.

Configure IPAM using the IPAM Provisioning Wizard, a Group Policy based provisioning method.

Configure server discovery to discover domain controllers, DHCP servers, DNS servers, and NPS servers, and automatically add them to the IPAM console.


403 Deploy and manage IPAM. o Configure IPAM manually or by using Group Policy o Configure server discovery o Migrate to IPAM o Configure IPAM database storage



What functions does the IP Address Management (IPAM) server perform?

What is the IPAM server scope discovery range in Active Directory?

Why should you not install IPAM on a DHCP server?

What is IPAM provisioning?

What are the steps for provisioning an IPAM server?

What tasks must be performed before the Server Discovery task can work properly?

How do you configure discovered servers as managed servers?

Video/Demo Time

4.5.1 IPAM Basics 4:38 4.5.2 Configuring IPAM Manually or Using GPO 9:56 4.5.3 IPAM on Server 2012 R2 11:01

Total 25:35


7 questions

Total Time

About 35 minutes


Section 4.6: IPAM Configuration

Summary

In this section students will learn about configuring IPAM. Concepts covered in this section include:

IP Address information managed by IPAM is organized into the following hierarchy:

o IP address space o IP address blocks o IP address ranges o IP address inventory

IPAM console provide the following options: o DNS and DHCP servers o DHCP scopes o DNS zones o Server groups


Manage IP block and ranges from the IPAM console.

Use the IPAM console to manage DHCP and DNS servers.


403 Deploy and manage IPAM. o Create and manage IP blocks and ranges o Monitor utilization of IP address space o Manage IPAM collections


What is the hierarchical organization of IP address information managed by IPAM?

How does the IP address inventory organize IP addresses?

What information about DNS and DHCP servers does IPAM store?

How do you view IP address ranges using the IPAM console?

What DNS zone information can you view in IPAM?


Video/Demo Time

4.6.1 IPAM Configuration 3:59 4.6.2 Managing IP Blocks and Ranges 15:01

Total 19:00


7 questions

Total Time

About 30 minutes


Section 4.7: IPAM Management

Summary

This section discusses the following key tasks of managing an IPAM server.

Assign the appropriate right to the user.

Allow the user to access the server remotely.

Add the remote IPAM server to the server pool in Server Manager. Students will learn how to:

Assign a user the rights to remotely act as an IPAM administrator.


403 Deploy and manage IPAM. o Delegate IPAM administration


Which local group on the IPAM server should you assign a user to so that they will have the appropriate rights to manage an IPAM server?

Which tasks must be completed to delegate to a user the ability to manage an IPAM server?

If Group Policy provisioning was used to set up the IPAM server, what domain administrator privileges should a user have in order to indicate that servers in inventory are managed or not managed?

Which group must a user be a member of in order to access the IPM server from a remote IPAM client?

How can you allow a user to manage an IPAM server from a remote location?

Video/Demo Time

4.7.1 IPAM Management 0:50 4.7.2 Delegating IPAM Administration 2:41

Total 3:31


2 questions

Total Time

About 5 minutes


Section 5.1: DNS Security

Summary

This section discusses strategies for DNS security. The following details are covered:

Goals for designing security for a DNS solution

Strategies to improve DNS security:o Provide redundancy and automatic backup of DNS datao Prevent zone transfer except to specific serverso Prevent unauthorized modification of zone data on secondary

serverso Prevent zone transfers except to domain controllerso Secure zone transfer data while in transito Prevent unauthorized modification of dynamic DNS recordso Secure DNS data on the serverso Cryptographically sign DNS zone recordso Lock records in the DNS cacheo Randomize the port used for DNS querieso Audit DNS activity

Security considerations for DNS servers available to Internet users


Configure DNSSEC on a zone to secure data by signing DNS zones andrecords.

Configure DNS socket pooling and cache locking to increase security forthe DNS cache.


4.0 Advanced DHCP and DNS Configuration.o Protect zone data with DNSSEC


402 Implement an advanced DNS solution.o Configure security for DNS including DNSSEC, DNS Socket Pool,

and cache lockingo Isolate DNSSEC key management and storage



What security goals should you set for your DNS solution?

How can you limit zone transfer to specific servers?

How can you limit zone transfer to specific domain controllers?

What security issue is addressed by converting all zones to Active Directory-integrated and allowing only secure dynamic update?

How does DNSSec make DNS zone records more secure?

How do you randomize the port used for DNS queries?

Video/Demo Time

5.1.1 DNS Security 12:50 5.1.2 Configuring DNSSEC 10:21 5.1.3 Configuring DNS Socket Pooling 2:20 5.1.4 Configuring Cache Locking 1:19

Total 26:50


10 questions

Total Time

About 40 minutes


Section 5.2: Advanced DNS Settings

Summary

This section discusses using the DNS Manager to configure advanced DNS settings.

DNS Manager tabs to configure DNS server properties:o Interfaceso Forwarderso Root Hintso Debug Loggingo Event Loggingo Monitoringo Securityo Advanced

Windows Server 2012 R2 enhanced zone level statistics:o All Statisticso Query Statisticso Transfer statisticso Update statistics


Configure a server with DNS advanced settings.


4.0 Advanced DHCP and DNS Configuration.o Configure advanced DNS server settings


402. Implement an advanced DNS solution.o Configure DNS loggingo Configure delegated administrationo Configure recursiono Configure netmask orderingo Analyze zone level statistics



What information do you enter on the Forwarders tab of DNS Manager?

When are root name servers used to resolve DNS queries?

Which DNS Manager feature would you use to gather data about the type of traffic being sent to your system?

What advanced DNS Manager feature prevents corrupted zone data from being loaded into DNS?

How does the Secure cache against pollution feature keep the DNS cache accurate and streamlined?

Video/Demo Time

5.2.1 Configuring Advanced DNS Settings 4:33 5.2.2 Using DNS Zone Statistics 2:46

Total 7:19

Lab/Activity

Configure DNS Advanced Settings


8 questions

Total Time

About 20 minutes


Section 5.3: GlobalNames Zones

Summary

This section covers using GlobalNames zone on the DNS server that is used for single-label name resolution.

The role of GlobalNames zone

Considerations for managing the GlobalNames zone


Create a GlobalNames zone.


4.0 Advanced DHCP and DNS Configuration.o Configure a GlobalNames zone


402. Implement an advanced DNS solution.o Configure a GlobalNames zone


In addition to supporting single-label name resolution, what are otherfeatures of a GlobalNames zone?

What are the steps for configuring a GlobalNames zone?

How can you extend the GlobalNames zone to multiple forests?

What is the server operating system requirement for authoritative DNSservers when you implement the GlobalName zone?

What changes are required for client machines when you implement theGlobalNames zone?


Video/Demo Time

5.3.1 GlobalNames Zones 2:03 5.3.2 Creating a GlobalNames Zones 2:38

Total 4:41

Lab/Activity

Configure a GlobalNames Zone


5 questions

Total Time

About 15 minutes


Section 6.1: Virtual Machine Management

Summary

This section examines managing virtual machines. Concepts covered include:

Methods to move an entire virtual machine along with the virtual hard disks:

o Export/Import o Manual

Cloning an existing virtual domain controller

System prerequisites before cloning a virtual domain controller: o Supported Hypervisors o Supported Guest Operating Systems o PDC Emulator

The process for cloning a virtual domain controller Students will learn how to:

Export and import virtual machines.

Clone domain controllers to quickly provide new domain controllers.


104 Manage Virtual Machine (VM) movement. o Import, export, and copy VMs o Migrate from other platforms (P2V and V2V)

303 Configure site-level fault tolerance. o Configure Hyper-V Replica including Hyper-V Replica Broker and

VMs


What options do you have for moving an entire virtual machine, including virtual disks?

How can an exported snapshot of a virtual machine be used?

Why is it useful to use the Copy on Import feature of Hyper-V?

What are the steps for manually moving a virtual machine?

How are domain controllers cloned?

What system prerequisites must be met before cloning a virtual domain controller?

What should you do if the New-ADDCCLoneConfigFile cmdlet found incompatible applications on the source domain controller?


Video/Demo Time

6.1.1 Migrate Virtual Machines from Other Platforms 1:15 6.1.2 Virtual Machine Management 2:30 6.1.3 Managing Virtual Machines 7:10

Total 10:55


12 questions

Total Time

About 30 minutes


Section 6.2: Hyper-V High Availability

Summary

This section examines Hyper-V high availability. Concepts covered include:

The role of Hyper-V Replication

Initial replication

Replication frequency

Planned failover

Reverse replication

Unplanned failover

Prerequisites for deploying Hyper-V Replica:o Physical locationo Networko Storage hardwareo Servero Domain membershipo Encryption

Tasks to implement Hyper-V Replica:o Configure the replica server to accept replicationo Enable virtual machine replicationo Monitor replication

Failover options available once a virtual machine has been protected withHyper-V Replica:

o Test failovero Planned failovero Unplanned failover


Configure Hyper-V replicas for failover.


5.0 High Availability Implementation.o Enable virtual machine replication


303 Configure site-level fault tolerance.o Configure Hyper-V Replica including Hyper-V Replica Broker and

VMs



What prerequisites must be met before deploying a Hyper-V Replica?

In which two ways can you complete the initial replication process?

What steps do you take to perform a planned failover?

When you perform a planned failover, how can you make sure that changes made to the replica virtual machine are copied back to the primary virtual machine when it is brought back online?

How can you monitor replication?

What steps do you take to perform an unplanned failover?

Video/Demo Time

6.2.1 Hyper-V Replicas 1:38 6.2.2 Configuring Hyper-V Replicas and VMs 12:30

Total 14:08

Lab/Activity

Configure Hyper-V Replicas


6 questions

Total Time

About 30 minutes


Section 7.1: Network Load Balancing

Summary

This section discusses using Network Load Balancing to achieve optimal resource utilization. Concepts covered include:

The role of Load Balancing

How servers operate using NLB

Cluster operating modes:o Unicasto Multicast

Prerequisites prior to installing and configuring Network Load Balancing(NLB):

o Install serviceso Configure networking

Tasks to create an NLB cluster:o Configure cluster DNS recordso Install the NLB featureo Synchronize contento Configure cluster members

NLB configuration facts


Prepare a system for Network Load Balancing.

Install Network Load Balancing nodes.


5.0 High Availability Implementation.o Implement network load balancing


101 Configure Network Load Balancing (NLB).o Install NLB nodeso Configure NLB prerequisiteso Configure cluster operation mode



What are the characteristics of NLB cluster members?

What mechanism do cluster members use to communicate consistent information about cluster membership?

In unicast mode, how are MAC addresses used by cluster members?

How does communication between cluster members take place when multicast mode is implemented?

What are the prerequisites for installing and configuring a Network Load Balancing cluster?

What are the steps for creating an NLB cluster?

If you add a new host to a cluster, when does the new host to come online?

Video/Demo Time

7.1.1 Network Load Balancing Overview 3:53 7.1.2 Configuring NLB Prerequisites and Installing NLB Nodes 7:30

Total 11:23


4 questions

Total Time

About 20 minutes


Section 7.2: Network Load Balancing Management

Summary

This section discusses management of Network Load Balancing. Details covered include:

Port rules

Considerations when configuring port rules

Cluster status options for the Network Load Balancing Manger console or Nlb.exe to manage the status of the NLB cluster:

o Suspend o Resume o Start o Stop o Drainstop


Create and configure an Network Load Balancing cluster.

Define the port rules and cluster parameters for a NLB cluster.


101 Configure Network Load Balancing (NLB). o Configure affinity o Configure port rules o Upgrade an NLB cluster


How do port rules control how an NLB cluster functions?

What is the client affinity setting?

How can you ensure that requests from clients on a specific subnet always connect to a specific cluster host?

What happens when you add a host to a cluster that has different port rules?

What tasks do you perform to implement a load balancing cluster?

What happens to traffic processing after you use the drainstop option?


Video/Demo Time

7.2.1 Network Load Balancing Management 5:19 7.2.2 Managing Network Load Balancing 4:45

Total 10:04

Lab/Activity

Configure an NLB Cluster 1 Configure an NLB Cluster 2


12 questions

Total Time

About 35 minutes


Section 7.3: Failover Clustering

Summary

This section examines using Failover Clustering to increase the availability and fault tolerance of network servers. Details covered include:

The role of Failover Clustering

Quorum modes: o Node Majority o Node and Disk Majority o Node and File Share Majority o No Majority: Disk Only

Dynamic quorum management

Cluster Shared Volumes

New key Failover Clustering features in Windows Server 2012: o Cluster management o Scale-out file server support o Cluster-aware updates o Virtual machine monitoring and management

New Failover Clustering features in Windows Server 2012 R2: o CSV enhancements o Guest clustering o Active Directory-detached cluster support

Prerequisites before implementing Failover Clustering: o Hardware o Software

Tasks to configure Failover Clustering: o Configure shared storage o Add the Failover Clustering feature to the cluster members o Validate the cluster configuration o Create the failover cluster o Configure the quorum o Configure cluster storage

Implementing a guest cluster Students will learn how to:

Install the Failover Cluster role on specified servers and create a failover cluster.

Configure cluster storage.

Validate the cluster storage using the Validate Cluster Wizard.

Configure a cluster quorum.

Configure a file share witness.


Add cluster storage to a cluster and make the storage available to twoservers.


5.0 High Availability Implementation.o Create a failover cluster


102 Configure failover clustering.o Configure Quorumo Configure cluster networkingo Configure cluster storageo Configure and optimize clustered shared volumeso Configure clusters without network names

103 Manage failover clustering roleso Configure role-specific settings including continuously available

shareso Configure guest clustering

104. Manage virtual machine (VM) movement.o Configure virtual machine network health protectiono Configure drain on shutdown

303. Configure site-level fault tolerance.o Configure Hyper-V Replica extended replicationo Configure Global Update Manager


How does Failover Clustering differ from Network Load Balancing?

How does a single-instance application differ from a multiple-instanceapplication?

What are the four quorum modes and what method does each mode useto reach a consensus?

Which quorum mode should be used if you have an even number ofcluster hosts and why?

Which quorum mode allows the cluster to continue operating even if onlyone cluster host is still available?

How does dynamic quorum management for clusters in Windows Server2012 differ from previous versions of Windows Server?

What considerations must you keep in mind when deploying serialattached SCSI clustered storage configured with Storage Spaces?

Why is it important to run the validation wizard before creating a failovercluster?


Video/Demo Time

7.3.1 Failover Clustering Overview 10:51 7.3.2 Creating a Failover Cluster 4:44 7.3.3 Configuring Cluster Storage 2:25 7.3.4 Failover Clusters on Server 2012 R2 19:59 7.3.5 Configuring Failover Clusters on Server 2012 R2 4:30 7.3.6 Configuring Guest Clusters 17:02 7.3.7 Deploying a No Name Cluster 5:47

Total 65:18

Lab/Activity

Create a Failover Cluster Configure Cluster Quorum Settings Add Storage to a Cluster


15 questions

Total Time

About 100 minutes


Section 7.4: Failover Cluster Management

Summary

This section discusses management of Failover Cluster. Details covered include:

Types of networks a cluster can use: o Cluster storage o Cluster node communication o Client connections

How to simulate a failure and test failover procedures

Considerations when implementing a multi-site cluster

Cluster-Aware Updating (CAU)

CAU terminology: o Updating run o Update coordinator o Updating run profiles

Tasks to implement CAU: o Install CAU o Verify CAU requirements o (Optional) Configure hosts for remote updating o Disable other automatic update mechanisms o Launch the CAU console o Run the CAU Best Practices Analyzer

Using the CAU console Students will learn how to:

Manage failover clusters.

Manage a multi-site failover cluster.

Implement cluster-aware updating.

Rebuild a failed cluster.


102 Configure failover clustering. o Restore single node or cluster configuration o Implement Cluster Aware Updating o Upgrade a cluster

303 Configure site-level fault tolerance. o Configure multi-site clustering including network settings, Quorum,

and failover settings. o Recover a multi-site failover cluster

402. Implement an advanced DNS solution. o Isolate DNSSEC key management and storage



What are some ways you can simulate a failure in order to test failover procedures?

What are the three types of networking available with clusters?

What is the advantage of locating the file share witness at a different location than a cluster node?

In what two ways can you configure multi-site clustering? Which configuration would be more likely to experience failover latency?

What are the steps to restore a failed cluster database from backup?

How can you tune the heartbeat settings to optimize a multi-site cluster?

Why can't you use DFS to replicate data in a multi-site cluster?

What is Cluster-Aware Updating?

Video/Demo Time

7.4.1 Failover Cluster Configuration 9:00 7.4.2 Implementing Cluster-Aware Updating 2:52 7.4.3 Restoring Single-node or Cluster Configuration 1:19

Total 13:11


4 questions

Total Time

About 25 minutes


Section 7.5: Failover Clustered Role Management

Summary

This section discusses management of the Failover Clustered role. Details covered include:

Task to install and configure cluster roles:o Select clustered applicationso Install clustered roleso Configure clustered roles


Manage failover cluster roles.

Configure preferred owners to identify the preferred host.

Configure policies to define what to do if a failure occurs.


5.0 High Availability Implementation.o Configure clustered roles


103 Manage failover clustering roles.o Configure role-specific settings including continuously available

shares.o Configure failover and preference settings.


What is a potential problem when running non-cluster-aware applicationson a cluster?

How do stateful applications differ from stateless applications?

What is a scale-out file server? What type of storage does a scale-out fileserver require?

What is the purpose of the preferred owners setting?

What is failback? What types of failback are available for a clustered role?


Video/Demo Time

7.5.1 Configuring Failover and Preference Settings 6:10

Lab/Activity

Add a Failover Cluster Role Configure Failover and Preference Settings


8 questions

Total Time

About 25 minutes


Section 7.6: Failover Cluster with Hyper-V

Summary

This section discusses using Failover Clustering to increase the availability of Hyper-V virtual machines. Details include:

Tasks to implement a virtual machine within a cluster:o Install the clustero Implement CSVo Create the virtual machine and install the guest operating system

Windows Server 2012 features to manage the availability of clusteredHyper-V virtual machines:

o Replicationo Storage migrationo Quick migrationo Live migrationo Virtual machine monitoring


Migrate a virtual machine and all of its storage to a Hyper-V host server.


2.0 Advanced Storage Management.o Migrate virtual machine storage.


103. Manage failover clustering roles.o Configure VM monitoring

104 Manage Virtual Machine (VM) movement.o Perform live migrationo Perform quick migrationo Perform storage migration



How does Storage Migration differ from Quick Migration?

What condition could cause an unplanned Live Migration to occur?

What is the main difference between a Quick Migration and a Live Migration?

Video/Demo Time

7.6.1 Virtual Machine Monitoring and Migrations 4:37 7.6.2 Configuring Virtual Machine Monitoring 3:06 7.6.3 Migrating Virtual Machines 11:35

Total 19:18

Lab/Activity

Migrate Virtual Machine Storage Migrate a Virtual Machine


6 questions

Total Time

About 35 minutes


Section 8.1: Active Directory Certificate Services Overview

Summary

This section provides an overview of Active Directory Certificate Services. Details covered include:

Terms with encryption and certificates: o Cipher or algorithm o Key o Certificate

Encryption methods: o Symmetric encryption o Asymmetric Encryption (PKI)

Certification Authorities (CA)

Certification hierarchy

Role services to choose from when installing Active Directory Certificate Services (AD CS):

o Certification Authority o Certification Authority Web Enrollment o Online Responder o Network Device Enrollment Service (NDES) o Certificate Enrollment Web Service o Certificate Enrollment Policy Web Service

Features available through Active Directory Certificate Services: o Certificate templates o Autoenrollment o Web enrollment o Credential roaming o Certificate enrollment across forests (cross-certification) o High-volume CA support

Facts about CA installation Students will learn how to:

Install an Enterprise Certificate Authority (CA).



6.0 File Certificate Management.o Configure a private certification authority


602 Install and configure Active Directory Certificate Services (AD CS).o Install an Enterprise Certificate Authority (CA)


What is the difference between symmetric and asymmetric encryption?

How do certificates prove identity?

What kinds of information do certificates hold?

What is the relationship of a CA to a PKI?

How can you ensure that users outside your organization trust yourcertificate?

What are the advantages of using an enterprise CA over a standaloneCA?

How does an enterprise root differ from an enterprise subordinate?

Which server role should you add to make a server a CA that can issuecertificates to other CAs, users, and computers?

What features does the Online Responder service provide?

What is credential roaming?

Video/Demo Time

8.1.1 Overview of Certificates 11:21 8.1.2 Overview of Certificate Services 9:17 8.1.3 Installing an Enterprise AD CS 5:42

Total 26:20


7 questions

Total Time

About 40 minutes


Section 8.2: Certificate Management

Summary

This section discusses the following concepts of management of certificates:

Using certutil command options:o -Verifyo -VerifyStoreo -VerifyKeyso -RecoverKeyo -oid

Methods for requesting a certificate:o Web Enrollment Pageso Certificate Request Wizard through the Certificates snap-ino Autoenrollmento Command line

Facts about certificate requests


Manage certificates such as requesting a user certificate and approvingpending certificates.

Revoke a certificate.


6.0 File Certificate Management.o Issue certificates


603 Install and configure Active Directory Certificate Services (AD CS).o Manage certificate renewalo Implement and manage certificate deployment, validation, and

revocationo Manage certificate enrollment and renewal to computers and users

using Group Policies



Which certutil command option would you use to verify a key set?

What functions does the Certification Authority Web Enrollment role service provide?

How does an Enterprise CA process a certificate request differently from a stand-alone CA?

What command would you enter at the command line to accept and install a certificate?

What is the process for requesting a certificate from an offline CA?

Video/Demo Time

8.2.1 Managing Certificates 3:22

Lab/Activity

Manage Certificates


12 questions

Total Time

About 25 minutes


Section 8.3: Certificate Revocation

Summary

This section discusses certificate revocation. Details covered include:

Situations in which a digital certificate would be revoked

Facts about certificate revocation:o The process used by a client to retrieve the certificate status

informationo The process to configure the online responder:

Install the Online Responder role service Configure the OCSP Response Signing certificate Configure each CA to issue the OCSP Response Signing

template Configure each CA to include the online responder Configure revocation configurations on the online responder

o Considerations when configuring the online responder

Additional features that can be configured for the RevocationConfiguration on an online responder:

o Nonce/no-nonce request supporto Advanced cryptographyo Kerberos protocol integration

Considerations when configuring a single CA with multiple onlineresponders


Configure a CRL Distribution Point.

Configure an Online Responder.

Manage certificate revocation.


6.0 File Certificate Management.o Revoke certificates


602 Install and configure Active Directory Certificate Services (AD CS).o Configure CRL distribution pointso Install and configure Online Responder

603 Manage certificates.o Implement and manage certificate deployment, validation, and

revocation



In what situations would a certificate be revoked?

If a revoked certificate might be reinstated, what reason for revocation should you use?

How do you specify CRL Distribution Points?

When would you publish a delta CRL?

What are the advantages to using an Online Responder to verify certificate status?

What two options do you have for obtaining the OCSP Response Signing Certificate?

Why is it necessary to configure CRLs and CDPs when you use an Online Responder?

Video/Demo Time

8.3.1 Certificate Revocation 5:07 8.3.2 Configuring a CRL Distribution Point 2:29 8.3.3 Configuring an Online Responder 3:36

Total 11:12

Lab/Activity

Manage Certificate Revocation


6 questions

Total Time

About 30 minutes


Section 8.4: Certificate Templates

Summary

This section discusses using certificate templates. Details include:

The role of certificate templates

Considerations when managing certificate templates

Certificate template permissions:o Full Controlo Reado Writeo Enrollo Autoenroll

Considerations when managing certificate template permissions

Schema version 1, 2, and 3 templates

Settings that can be modified for schema version 2 and 3 templates:o Validity Periodo Publish in Active Directoryo Key Purposeo Cryptographic Service Provider (CSP)o Subject Nameo Issuance Requiremento Extensions


Manage and modify certificate templates.

Create and issue a certificate template.


6.0 File Certificate Management.o Manage certificate templates


603 Install and configure Active Directory Certificate Services (AD CS).o Manage certificate templateso Implement and manage certificate deployment, validation, and

revocation



What are the purpose and the benefits of a certificate template?

What is best practice for maintaining the integrity of default templates?

How do you control which templates a CA can issue?

How are certificate templates replicated?

Which permissions does an administrator need to set and modify certificate template contents and permissions?

Video/Demo Time

8.4.1 Certificate Templates 4:24 8.4.2 Using Certificate Templates 9:40

Total 14:04

Lab/Activity

Modify Certificate Templates 1 Modify Certificate Templates 2


6 questions

Total Time

About 35 minutes


Section 8.5: Certificate Autoenrollment

Summary

In this section students will learn about certificate autoenrollment. Details include:

The role of autoenrollment

Steps to configure autoenrollment


Configure the templates for autoenrollment.

Enable certificate autoenrollment for users and computers.

Create certificates for smart cards and require smart cards for logon.


6.0 File Certificate Management.o Enable autoenrollment


603 Manage certificates.o Manage certificate renewalo Manage certificate enrollment and renewal to computers and users

using Group Policies


Which three autoenroll settings require user intervention when selected?

In addition to allowing certificates to be requested, issued, or renewed,which other management tasks does autoenrollment perform?

Which template version(s) is required for autoenrollment?

When automatic renewal is enabled, how can you force users to re-enrollfor a certificate template?

When configuring autoenrollment, which permissions should you grant tousers or computers to allow autoenrollment?


Video/Demo Time

8.5.1 Certificate Autoenrollment 0:49 8.5.2 Configuring Certificate Autoenrollment 2:49

Total 3:38

Lab/Activity

Configure Templates for Autoenrollment Enable Autoenrollment for the Domain Create Certificates for Smart Cards Require Smart Cards for Logon


5 questions

Total Time

About 30 minutes


Section 8.6: Key Archival and Recovery

Summary

This section examines key archival and recovery. Details in this section include:

Methods to back up private keys

Key archival

Steps to configure key archival

Recovering a lost key


Create and publish the key recovery agent to the CA.

Configure a CA for key archival.

Recover a key.


6.0 File Certificate Management.o Issue certificates


603 Manage certificates.o Configure and manage key archival and recovery


In order for a user's private key to be backed up, what action must theuser take? Which permission does this action require?

What is key archival? What steps are involved in key archival?

What function does a Key Recovery Agent perform?

What are the template requirements for key archival?

What are the steps for recovering a lost key?


Video/Demo Time

8.6.1 Key Archival and Recovery 3:03 8.6.2 Creating and Managing Key Recovery Agents 3:49 8.6.3 Configuring a CA for Key Archival 4:47 8.6.4 Recovering a Key 3:49

Total 15:28


7 questions

Total Time

About 25 minutes


Section 8.7: Certificate Authority (CA) Management

Summary

This section examines the following about managing the Certificate Authority:

Permissions that control the ability to manage the CA: o Read o Issue and Manage Certificates o Manage CA o Request Certificates

Enabling administrative role separation

Tasks that can be performed through Certification Authority snap-in or the certutil.exe command line utility:

o Certificate Management Delegation o Enrollment Agent Delegation o Key Archival o Certificate Request Handling o Auditing


Configure security roles on the CA; the enrollment agent, certificate manager, and the CA manager.

Restrict the security role of an enrollment agent or a certificate manager to a particular template.

Configure administrative role separation to not allow a user to have multiple roles assigned.


602 Manage certificates. o Implement administrative role separation


Which permission(s) do you need to access and modify CA properties?

What is administrative role separation? What implication does it have for assigning permissions for certificate management?

How do you control the certificates that a manager can manage?

How can you monitor changes to the CA configuration? Which Group Policy setting must you enable to do this?

What are the steps in key archival?


Video/Demo Time

8.7.1 Managing the CA 3:50 8.7.2 Configuring Security Roles on the CA 2:02 8.7.3 Limiting Security Roles on the CA 3:28 8.7.2 Configuring Administrative Role Separation 1:36

Total 10:56


6 questions

Total Time

About 20 minutes


Section 8.8: CA Backup and Recovery

Summary

This section covers methods to back up and restore a CA. Details include:

System State Backup

Certification Authority Console backup

Backup and restore using certutil.exe

Steps to move a CA from one server to another Students will learn how to:

Use the certutil command to backup and recover CA files.


602 Install and configure Active Directory Certificate Services (AD CS). o Configure CA backup and recovery


Which components of a CA does a system state backup back up?

How does a Certification Authority Console backup differ from a system state backup?

When you move a CA from one server to another, which items might need to be reconfigured?

Which options would you use with the certutil command to back up only the CA database and the keys and certificates?

Video/Demo Time

8.8.1 CA Backup and Recovery 0:51 8.8.2 CA Backup and Recovery 2:26

Total 3:17


8 questions

Total Time

About 15 minutes


Section 9.1: AD RMS Overview

Summary

This section provides an overview of AD RMS. Concepts covered include:

Usage policies

Templates

Licenses:o Client licenseo Publishing licenseo Use license

Components of an AD RMS system:o AD RMS servero Database servero AD DSo AD RMS-enabled applicationo AD RMS cliento AD RMS Add-on for IE

Active Directory Federation Services (AD FS)

AD RMS trust policies

AD RMS supports the following trust hierarchies:o ISV hierarchyo Production hierarchy

Add AD RMS domains to a list of trusted user domains in an AD RMScluster

AD RMS consists of the following services:o Logging serviceso Web services


7.0 Digital Rights Management.o Configure AD RMS policieso Configure trusted user domains


604 Install and configure Active Directory Rights Management Services(AD RMS).

o Manage trusted user domains



How do usage policies help safeguard digital information from intentional or unintentional misuse?

How are usage policy templates used by administrators in implementing AD RMS?

How does a client license differ from a use license?

How are protected documents created?

What RMS related functions do RMS-enabled applications perform?

Video/Demo Time

9.1.1 AD RMS Overview 5:49


3 questions

Total Time

About 10 minutes


Section 9.2: AD RMS Installation

Summary

This section discusses installing and configuring AD RMS. Concepts covered include:

AD RMS hardware and software requirements

Configuration choices to make during AD RMS installation:o Clustero Database locationo Service accounto Cluster keyo Cluster addresso Service connection point (SCP)

Considerations about AD RMS installation

Windows PowerShell cmdlets modules for:o AD RMS deploymento AD RMS administration

Key tasks for AD RMS backup and recovery:o Secure the cluster key passwordo Export the trusted publishing domaino Back up the AD RMS databaseo Restore the AD RMS database


Install and configure AD RMS.

Configure the AD RMS Service Connection Point (SCP).


7.0 Digital Rights Management.o Configure trusted publishing domains


604 Install and configure Active Directory Rights Management Services(AD RMS).

o Install a licensing or certificate AD RMS servero Manage AD RMS Service Connection Point (SCP)o Backup and restore AD RMS



In addition to the AD RMS role, which Web services are required to install AD RMS?

How does a root cluster differ from a licensing-only cluster?

What advantages does a licensing-only cluster have in implementing AD RMS?

What are the requirements for setting up the service account for AD RMS?

Which tasks use the AD RMS administrator password?

What should you consider when defining a cluster address?

Video/Demo Time

9.2.1 AD RMS Installation 4:06 9.2.2 Installing AD RMS 10:59 9.2.3 Configuring AD RMS Backup and Recovery 6:40 9.2.4 Configuring the AD RMS Service Connection Point (SCP) 2:27

Total 24:12


9 questions

Total Time

About 40 minutes


Section 9.3: AD RMS Client Deployments

Summary

This section discusses considerations when working with AD RMS client deployments. Students will learn how to:

Configure the client workstation to manage AD RMS client deployments.


604 Install and configure Active Directory Rights Management Services. o Manage AD RMS client deployment


Why it is necessary to add the URL of the AD RMS server to the Local Intranet zone of each AD RMS client workstation?

In addition to Read and Change permissions, what options can be configured on a document or a message?

How are restrictions within a document or message assigned?

What are the software requirements for opening AD RMS protected documents?

How can users determine the level of access they have to a document or message?

Video/Demo Time

9.3.1 Managing AD RMS Client Deployments 10:02


7 questions

Total Time

About 20 minutes


Section 9.4: AD RMS Templates

Summary

In this section students will learn about using AD RMS templates. Concepts covered include:

Rights policy templates:o Distributed rights policy templateso Archived rights policy templateso Exclusion policies

Tasks to create a new distributed rights policy template:o Add template identification informationo Add user rightso Specify an expiration policyo Specify extended policy conditionso Specify a revocation policy

Best practice guidelines when deploying rights policy templates with ADRMS client

Certificates or licenses that are used by AD RMS:o Server Licensor Certificate (SLC)o Rights Account Certificate (RAC)o Client Licensor Certificate (CLC)o Machine Certificateo Publishing Licenseo Use License


Create custom templates that can be distributed to users.

Configure a user exclusion policy that will restrict particular users fromobtaining licenses from a specified cluster.


7.0 Digital Rights Management.o Manage AD RMS templates


604 Install and configure Active Directory Rights Management Services.o Manage RMS templateso Configure Exclusion Policies



How can administrators deploy rights policy templates to user computers so the templates are available for offline publishing?

What is the purpose of archiving rights policy templates that are no longer being used for new documents?

What are lockbox exclusion policies?

How does the AD RMS client manage rights policy templates?

What conditions can be used to configure an expiration policy?

What is self-enrollment? How is it used in AD RMS?

Video/Demo Time

9.4.1 AD RMS Templates 1:52 9.4.2 Using AD RMS Templates 15:12

Total 17:04

Lab/Activity

Configure a Distributed Rights Policy Template Configure a User Exclusion


4 questions

Total Time

About 25 minutes


Section 10.1: AD FS Overview

Summary

This section provides an overview of Active Directory Federation Services (AD FS). Concepts covered include:

The role of AD FS

Organizations that AD FS is designed for

AD FS terms: o Account partner o AD FS Web agent o AD FS-enabled Web server o Claim o Claims-aware application o Claim mapping o Federation o Federation servers o Federation trust o Organization claim o Resource partner o Security token o Security Token Service (STS) o Single Sign-On (SSO) o Trust policy o Windows token-based


What are the benefits of Active Directory Federated Services (AD FS)?

You have users in a domain who need to access a Web application in a partner domain. Which domain is the account domain, and which is the resource domain?

What is a claim? What type of information can be included in a claim?

What is the difference between a claims-aware application and a token-based application?

What is claim mapping?

What is a trust policy?

Video/Demo Time

10.1.1 AD FS Overview 4:04


3 questions

Total Time

About 10 minutes


Section 10.2: AD FS Certificates

Summary

This section provides details of using AD FS certificates.

AD FS requires each server have a certificate that is used for SSL communications

Tasks to configure AD FS server relationships: o Issuance an SSL certificate to the root CAs in both forests o Export both root CAs’ certificates o Enroll the SSL certificates on the AD FS servers o Configure each serer to trust its own root CA o Configure each AD FS server to trust the root CAs from the other

forest


Enroll SSL certificates on AD FS servers.

Configure an AD FS server to trust its own root CAs.

Configure an AD FS server to trust the root CA from another forest.


601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Manage AD FS certificates


What trust relationships must be configured for AD FS servers?

How do you configure an AD FS server to trust the root CA from another forest?

Which parameters do you configure when using the Certificate Enrollment wizard to request an SSL certificate?

When exporting root CA certificates, which parameters should you use?

Video/Demo Time

10.2.1 AD FS Certificates 1:33 10.2.2 Managing AD FS Certificates 11:35

Total 13:08


3 questions

Total Time

About 15 minutes


Section 10.3: Resource Partner

Summary

This section provides information about configuring the resource partner. Concepts covered include:

Role services that can be installed during the installation of AD FS: o Federation Service o Federation Service Proxy o Claims-aware Agent o Windows Token-based Agent

Tasks to install AD FS: o Create SSL certificates o Create a group managed service account o Install the AD FS role\Run the AD FS Federation Server

Configuration Wizard

The role of the resource partner

The role of federation servers

The role of the AD FS Management snap-in

Tasks to create a claims provider trust on the resource partner: o Start the Add Claims Provider Trust Wizard o Specify the data source o Configure a display name o Edit claim rules

Windows Server 2012 R2: o AD FS can use multi-factor authentication (MFA) o Default AD FS authentication primary methods to validate users’

identities: Forms Authentication Windows Authentication

o The process to configure MFA o Workplace join o Considerations when applying an authentication policy as a global

scope



Configure the AD FS server on the resource partner.


601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Install AD FS o Configure authentication policies o Configure multi-factor authentication o Configure Workplace Join


What is the role of the resource partner in AD FS?

When adding a claims provider, what are the preferred ways to obtain data about the claims provider?

What is the function of the claims-aware agent?

How does the Windows token-based agent allow Windows token-based applications to work with AD FS?

What is the function of acceptance transform rules? Where are they configured?

Video/Demo Time

10.3.1 Resource Partner 5:08 10.3.2 Configuring the Resource Partner 20:38 10.3.6 Configuring Multi-factor Authentication 5:48 10.3.7 Configuring Workplace Join 19:15

Total 50:49


7 questions

Total Time

About 65 minutes


Section 10.4: Accounts Partner

Summary

This section discusses configuring the accounts partner. Concepts covered include:

The role of account partner

The role of Federation servers

Using the AD FS Management snap-in

Tasks to create a relying party trust on the account partner: o Start the Add Relying Party Trust Wizard o Specify the data source o Configure a display name o Configure issuance authorization rules o Edit claim rules


Create a relying party trust on the account partner.


601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Implement claims-based authentication including Relying Party

Trusts


How do federation servers in the account partner organization enable single sign-on capabilities to users?

What are relying party trusts?

In which locations are relying party trusts usually created?

What functions does the account partner provide?

What is the purpose of delegation authorization rules?

Video/Demo Time

10.4.1 Configuring the Accounts Partner 8:21


6 questions

Total Time

About 15 minutes


Section 10.5: AD FS Proxies

Summary

This section discusses AD FS proxies. Details include:

The role of the AD FS Proxy

Tasks to configure an AD FS Proxy server: o Export the internal AD FS server certificate o Import AD FS server certificate o Configure an SSL certificate on the default IIS web site o Add an entry for the AD FS server to the hosts file o Install the AD FS Proxy role service o Configure the AD FS Proxy o Configure the DNS records


Install an AD FS proxy server.

Configure an AD FS proxy server.


601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Configure AD FS proxy


What are the differences between the Federation Service and Federation Service Proxy?

How can an AD FS Proxy provide protection for your network?

How does DNS perform resolution when an AD FS proxy resides in a DMZ?

What information does the AD FS proxy server store?

For what purposes does AD FS proxy use WE-Federation Passive Requestor Profile (WS-F PRP) protocols?


Video/Demo Time

10.5.1 AD FS Proxies 1:48 10.5.2 Configuring AD FS Proxies 9:00

Total 10:48


5 questions

Total Time

About 20 minutes


Section 10.6: AD FS and Cloud Services

Summary

In this section students will learn the following facts about integrating AD FS and cloud services.

Install prerequisite software

Install Windows Azure Pack for Windows Server

Configure the AD FS server

Configure the Azure management portals to trust the AD FS server

Configure the Azure tenant authentication site to trust the AD FS server

Configure the AD FS server to trust the Azure management portals


601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). o Integrate with Cloud Services


What are the benefits of integrating AD FS with Cloud services?

What Web Platform products must be installed before installing Windows Azure on a Windows Server?

Which management portals must the AD FS host be configured to reach?

Which transformation rules must be applied to the management portal for tenants?

Video/Demo Time

10.6.1 AD FS and Cloud Services 1:25


5 questions

Total Time

About 10 minutes


Section 10.7: AD FS and AD RMS

Summary

In this section students will learn about options to select if the AD RMS system need to support users located in a different forest:

Trusted user domains

Trusted publishing domains

AD RMS federated identity support Students will learn how to:

Configure a trusted user domain.

Configure a trusted publishing domain.

Enable Federated Identity Support on an AD RMS server.


604 Install and configure Active Directory Rights Management Services (AD RMS).

o Manage Federated Identity support


What is a possible ramification of failing to configure trusted email domains?

What options do you have if the AD RMS system needs to support users located in a different forest?

Which option for AD RMS support poses the greatest security risk?

What are the advantages to using AD RMS Federated Identity support?


Video/Demo Time

10.7.1 AD FS and AD RMS 2:49 10.7.2 Configuring Trusted User Domains 2:51 10.7.4 Configuring Trusted Publishing Domains 3:17 10.7.6 Managing Federated Identity Support 4:10

Total 13:07

Lab/Activity

Configure a Trusted User Domain Configure a Trusted Publishing Domain


5 questions

Total Time

About 30 minutes

Server Pro: Advanced Services Practice Exams

Summary

This section provides information to help prepare students to take the Server Pro: Advanced Services certification exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam.

Students will typically take about 5-10 minutes (depending upon the complexity and their level of knowledge) to complete each simulation question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains.

Objective 1: Advanced Active Directory Configuration (10 simulation questions) Objective 2: Advanced Storage Management (4 simulation question) Objective 3: Server Data Protection (4 simulation questions) Objective 4: Advanced DHCP and DNS Configuration (7 simulation questions) Objective 5: High Availability Implementation (10 simulation questions) Objective 6: Certificate Management (8 simulation questions) Objective 7: Digital Rights Management (4 simulation questions)

The Server Pro: Advanced Services Certification Practice Exam consists of 15 simulation questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented.




Summary

This section provides information to help prepare students to take the MS 70-412 exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. Objective 100. Configure and Manage High Availability (62 questions) Objective 200. Configure File and Storage Solutions (37 questions) Objective 300. Implement Business Continuity and Disaster Recovery (39 questions) Objective 400. Configure Network Services (67 questions) Objective 500. Configure the Active Directory Infrastructure (60 questions) Objective 600. Configure Identity and Access Solutions (112 questions) The Microsoft 70-412 Certification Practice Exam consists of 60 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 2 hours. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam.


Appendix A: Approximate Time for the Course

The total time for the LabSim Server Pro: Advanced Services course is approximately 40 hours and 10 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements:

Video/demo times

Approximate time to read the text lesson (the length of each text lesson istaken into consideration)

Simulations (5 minutes assigned per simulation, of course many studentsmay take longer depending upon their knowledge level and experience)

Questions (1 minute per question)

The breakdown for this course is as follows:

Module Sections Time Minute HR:MM

1.0 Active Directory Infrastructure

1.1 Multi-Domain Forests 50

1.2 Cross-Forest Trusts 50

1.3 External, Shortcut and Realm Trusts 20

1.4 Sites Overview 30

1.5 Managing Sites 40

1.6 Managing Replication 60

1.7 Read-Only Domain Controllers (RODCs) 35

1.8 RODC Management 35 320 5:20

2.0 File and Storage Solutions

2.1 Network File System (NFS) 25

2.2 BranchCache 25

2.3 Dynamic Access Control (DAC) 55

2.4 DAC Management 20

2.5 Advanced Storage 35

2.6 Storage Optimization 45 205 3:25

3.0 Disaster Recovery

3.1 Windows Server Backup 35

3.2 Restore from Backup 15

3.3 Volume Shadow Copies 35

3.4 Boot Configuration Data (BCD) Store 20 105 1:45


4.0 Advanced DHCP

4.1 DHCP Overview 10

4.2 DHCP Scopes 45

4.3 DHCP and IPv6 25

4.4 DHCP High Availability 40

4.5 IPAM Overview 35

4.6 IPAM Configuration 30

4.7 IPAM Management 5 190 3:10

5.0 Advanced DNS

5.1 DNS Security 40

5.2 Advanced DNS Settings 20

5.3 GlobalNames Zones 15 75 1:15

6.0 Hyper-V

6.1 Virtual Machine Management 30

6.2 Hyper-V High Availability 30 60 1:00

7.0 High Availability

7.1 Network Load Balancing 20

7.2 Network Load Balancing Management 35

7.3 Failover Clustering 100

7.4 Failover Cluster Management 25

7.5 Failover Clustered Role Management 25

7.6 Failover Cluster with Hyper-V 35 240 4:00

8.0 Active Directory Certificate Services

8.1 Active Directory Certificate Services Overview 40

8.2 Certificate Management 25

8.3 Certificate Revocation 30

8.4 Certificate Templates 35

8.5 Certificate Autoenrollment 30

8.6 Key Archival and Recovery 25

8.7 Certificate Authority (CA) Management 20

8.8 CA Backup and Recovery 15 220 3:40

9.0 Active Directory Rights Management Services (AD RMS)

9.1 AD RMS Overview 10

9.2 AD RMS Installation 40

9.3 AD RMS Client Deployments 20

9.4 AD RMS Templates 25 95 1:35


10.0 Active Directory Federation Services (AD FS)

10.1 AD FS Overview 10

10.2 AD FS Certificates 15

10.3 Resource Partner 65

10.4 Accounts Partner 15

10.5 AD FS Proxies 20

10.6 AD FS and Cloud Services 10

10.7 AD FS and AD RMS 30 165 2:45

Server Pro: Advanced Services Practice Exam

Obj. 1. Advanced Active Directory Configuration (10 simulation questions) 50

Obj. 2. Advanced Storage Management (4 simulation questions) 20

Obj. 3. Server Data Protection (4 simulation questions) 20

Obj. 4. Advanced DHCP and DNS Configuration (7 simulation questions) 35

Obj. 5. High Availability Implementation (10 simulation questions) 50

Obj. 6. Certificate Management (8 simulation questions) 40

Obj. 7. Digital Rights Management (4 simulation questions) 20

Certification Practice Exam (15 questions) 75 310 5:10


Obj. 100. Configure and Manage High Availability (59 questions) 59

Obj. 200. Configure File and Storage Solutions (35 questions) 35

Obj. 300. Implement Business Continuity and Disaster Recovery (39 questions) 39

Obj. 400. Configure Network Services (63 questions) 63

Obj. 500. Configure the Active Directory Infrastructure (60 questions) 60

Obj. 600. Configure Identity and Access Solutions (109 questions) 109

Certification Practice Exam (60 questions) 60 425 7:05

Total Time

2410 40:10


Appendix B: Exam 70-412: Configuring Advanced Windows Server 2012 Services Objectives

The Windows Exam 70-412: Configuring Advanced Windows Server 2012 Services certification exam covers the following objectives. In the spread sheet below, the column to the right lists the sections where the information is located in the course:

# Objective Module.Section

100 Configure and Manage High Availability (17 percent)

101 Configure Network Load Balancing (NLB) This objective may include but is not limited to:

Install NLB nodes Configure NLB prerequisites Configure affinity Configure port rules Configure cluster operation mode Upgrade an NLB cluster

7.1, 7.2

102 Configure failover clustering This objective may include but is not limited to:

Configure Quorum Configure cluster networking Restore single node or cluster configuration Configure cluster storage Implement Cluster Aware Updating Upgrade a cluster Configure and optimize clustered shared

volumes Configure clusters without network names Configure storage spaces

2.6, 7.3, 7.4

103 Manage failover clustering roles This objective may include but is not limited to:

Configure role-specific settings, including continuously available shares

Configure virtual machine (VM) monitoring Configure failover and preference settings Configure guest clustering

7.3, 7.5, 7.6


104 Manage Virtual Machine (VM) movement This objective may include but is not limited to:

Perform live migration Perform quick migration Perform storage migration Import, export, and copy VMs Migrate from other platforms (P2v and V2V) Configure VM network health protection Configure drain on shutdown

6.1, 7.3, 7.6

200 Configure File and Storage Solutions (16 percent)

201 Configure advanced file services This objective may include but is not limited to:

Configure NFS data store Configure BranchCache Configure File Classification Infrastructure

(FCI) using File Server Resource Manager (FSRM)

Configure file access auditing

2.1, 2.2, 2.3, 2.4

202 Implement Dynamic Access Control (DAC) This objective may include but is not limited to:

Configure user and device claim types Implement policy changes and staging Perform access-denied remediation Configure file classification Create and configure Central Access rules and

policies Create and configure resource properties and

lists

2.3, 2.4

203 Configure and optimize storage This objective may include but is not limited to:

Configure iSCSI Target and Initiator Configure Internet Storage Name server

(iSNS) Implement thin provisioning and trim Manage server free space using Features on

Demand Configure tiered storage

2.5, 2.6


300 Implement Business Continuity and Disaster Recovery (16 percent)

301 Configure and manage backups This objective may include but is not limited to:

Configure Windows Server backups Configure Windows Online backups Configure role-specific backups Manage VSS settings using VSSAdmin

3.1, 3.3

302 Recover servers This objective may include but is not limited to:

Restore from backups Perform a Bare Metal Restore (BMR) Recover servers using Windows Recovery

Environment (Win RE) and safe mode Apply System Restore snapshots Configure the Boot Configuration Data (BCD)

store

3.2, 3.4

303 Configure site-level fault tolerance This objective may include but is not limited to:

Configure Hyper-V Replica, including Hyper-V Replica Broker and VMs

Configure multi-site clustering, including network settings, Quorum, and failover settings

Configure Hyper-V Replica extended replication

Configure Global Update Manager Recover a multi-site failover cluster

6.1, 6.2, 7.3, 7.4

400 Configure Network Services (17 percent)

401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution This objective may include but is not limited to:

Create and configure superscopes and multicast scopes

Implement DHCPv6 Configure high availability for DHCP, including

DHCP failover and split scopes Configure DHCP Name Protection

4.1, 4.2, 4.3, 4.4


Configure DNS registration

402 Implement an advanced DNS solution This objective may include but is not limited to:

Configure security for DNS including Domain Name System Security Extensions (DNSSEC), DNS Socket Pool, and cache locking

Configure DNS logging Configure delegated administration Configure recursion Configure netmask ordering Configure a GlobalNames zone Analyze zone level statistics Isolate DNSSEC key management and

storage.

5.1, 5.2, 5.3

403 Deploy and manage IPAM This objective may include but is not limited to:

Provision IPAM manually or by using Group Policy

Configure server discovery Create and manage IP blocks and ranges Monitor utilization of IP address space Migrate to IPAM Delegate IPAM administration Manage IPAM collections Configure IPAM database storage

4.5, 4.6, 4.7

500 Configure the Active Directory Infrastructure (18 percent)

501 Configure a forest or a domain This objective may include but is not limited to:

Implement multi-domain and multi-forest Active Directory environments including interoperability with previous versions of Active Directory

Upgrade existing domains and forests including environment preparation and functional levels

Configure multiple user principal name (UPN) suffixes

1.1


502 Configure trusts This objective may include but is not limited to:

Configure external, forest, shortcut, and realm trusts

Configure trust authentication Configure SID filtering Configure name suffix routing

1.2, 1.3

503 Configure sites This objective may include but is not limited to:

Configure sites and subnets Create and configure site links Manage site coverage Manage registration of SRV records Move domain controllers between sites

1.4, 1.5

504 Manage Active Directory and SYSVOL replication This objective may include but is not limited to:

Configure replication to Read-Only Domain Controllers (RODCs)

Configure Password Replication Policy (PRP) for RODCs

Monitor and manage replication Upgrade SYSVOL replication to Distributed

File System Replication (DFSR)

1.6, 1.7, 1.8

600 Configure Identity and Access Solutions (16 percent)

601 Implement Active Directory Federation Services 2.1 (AD FSv2.1) This objective may include but is not limited to:

Install AD FS Implement claims-based authentication,

including Relying Party Trusts Configure authentication policies Configure Workplace Join Configure multi-factor authentication

10.1, 10.2, 10.3, 10.4,10.5, 10.6


602 Install and configure Active Directory Certificate Services (AD CS) This objective may include but is not limited to:

Install an Enterprise Certificate Authority (CA) Configure CRL distribution points Install and configure Online Responder Implement administrative role separation Configure CA backup and recovery

8.1, 8.3. 8.7, 8.8

603 Manage certificates This objective may include but is not limited to:

Manage certificate templates Implement and manage certificate deployment,

validation, and revocation Manage certificate renewal Manage certificate enrollment and renewal to

computers and users using Group Policies Configure and manage key archival and recovery

8.2, 8.3, 8.4, 8.5, 8.6

604 Install and configure Active Directory Rights Management Services (AD RMS) This objective may include but is not limited to:

Install a licensing or certificate AD RMS server Manage AD RMS Service Connection Point (SCP) Manage RMS templates Configure Exclusion Policies Back up and restore AD RMS

9.1, 9.2, 9.3, 9.4,10.7


Appendix C: Server Pro: Advanced Services Objectives

The Server Pro: Advanced Services certification exam covers the following objectives. In the spread sheet below, the column to the right lists the sections where the information is located in the course:

# Objective Module.Section

1.0 Advanced Active Directory Configuration

Raise the functional level of an Active Directory forest.

Create forest root, cross-forest, external, shortcut, and realm trusts.

Manage sites, subnets, and site links. Configure site replication. Implement read-only domain controllers.

1.1, 1.2, 1.3, 1.5, 1.6, 1.7, 1.8

2.0 Advanced Storage Management

Implement NFS to support UNIX/Linux systems.

Implement Dynamic Access Control (DAC).

Implement an iSCSI SAN. Migrate virtual machine storage.

2.1, 2.3, 2.4, 2.5, 7.6

3.0 Server Data Protection

Configure server backups. Enable shadow copies. Restore server data from backup.

3.1, 3.2, 3.3


4.0 Advanced DHCP and DNS Configuration

Configure DHCP to support IPv6. Configure split DHCP scopes. Configure DHCP failover. Protect zone data with DNSSEC. Configure advanced DNS server

settings. Configure a GlobalNames zone.

4.3, 4.4, 5.1, 5.2, 5.3

5.0 High Availability Implementation

Implement network load balancing. Create a failover cluster. Configure clustered roles. Enable virtual machine replication

6.2, 7.1, 7.3, 7.5

6.0 Certificate Management

Configure a private certification authority. Manage certificate templates. Issue certificates. Revoke certificates. Enable autoenrollment.

8.1, 8.2, 8.3, 8.4, 8.5, 8.6

7.0 Digital Rights Management

Configure AD RMS policies. Manage AD RMS templates. Configure trusted user domains. Configure trusted publishing domains.

9.1, 9.2, 9.4

lesson plan - it certification training courseware · lesson plan . revised 2016/05/17 ... exam and...

Documents