MCITP

Microsoft Certified Technology Specialist (MCTS)

 

MCITP: Server Administrator on Windows Server 2008 (Three Modules)

Exam 70-640

Exam 70-642

Exam 70-646

Exam 70-640:

TS: Windows Server 2008 Active Directory, Configuring

Configuring Domain Name System (DNS) for Active Directory (17%)

  • Configure zones.
    • May include but is not limited to: Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL); GlobalNames; Primary, Secondary, Active Directory Integrated, Stub; SOA; zone scavenging; forward lookup; reverse lookup
  • Configure DNS server settings.
    • May include but is not limited to: forwarding; root hints; configure zone delegation; round robin; disable recursion; debug logging; server scavenging
  • Configure zone transfers and replication.
    • May include but is not limited to: configure replication scope (forestDNSzone; domainDNSzone); incremental zone transfers; DNS Notify; secure zone transfers; configure name servers; application directory partitions

Configuring the Active Directory infrastructure (17 percent)

  • Configure a forest or a domain.
    • May include but is not limited to: remove a domain; perform an unattended installation; Active Directory Migration Tool (ADMT) ; change forest and domain functional levels; interoperability with previous versions of Active Directory; multiple user principal name (UPN) suffixes; forestprep; domainprep
  • Configure trusts.
    • May include but is not limited to: forest trust; selective authentication vs. forest-wide authentication; transitive trust; external trust; shortcut trust; SID filtering
  • Configure sites.
    • May include but is not limited to: create Active Directory subnets; configure site links; configure site link costing; configure sites infrastructure
  • Configure Active Directory replication.
    • May include but is not limited to: DFSR; one-way replication; Bridgehead server; replication scheduling; configure replication protocols; force intersite replication
  • Configure the global catalog.
    • May include but is not limited to: Universal Group Membership Caching (UGMC); partial attribute set; promote to global catalog
  • Configure operations masters.
    • May include but is not limited to: seize and transfer; backup operations master; operations master placement; Schema Master; extending the schema; time service

Configuring Active Directory Roles and Services (14 percent)

  • Configure Active Directory Lightweight Directory Service (AD LDS).
    • May include but is not limited to: migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core Installation
  • Configure Active Directory Rights Management Service (AD RMS).
    • May include but is not limited to: certificate request and installation; self-enrollments; delegation; create RMS templates; RMS administrative roles; RM Add-on for IE
  • Configure the read-only domain controller (RODC).
    • May include but is not limited to: replication; Administrator role separation; read-only DNS; BitLocker; credential caching; password replication; syskey; read-only SYSVOL; staged install
  • Configure Active Directory Federation Services (AD FSv2).
    • May include but is not limited to: install AD FS server role; exchange certificate with AD FS agents; configure trust policies; configure user and group claim mapping; import and export trust policies

Creating and maintaining Active Directory objects (18 percent)

  • Automate creation of Active Directory accounts.
    • May include but is not limited to: bulk import; configure the UPN; create computer, user, and group accounts (scripts, import, migration); template accounts; contacts; distribution lists; offline domain join
  • Maintain Active Directory accounts.
    • May include but is not limited to: manage computer accounts; configure group membership; account resets; delegation; AGDLP/AGGUDLP; deny domain local group; local vs. domain; Protected Admin; disabling accounts vs. deleting accounts; deprovisioning; contacts; creating organizational units (OUs); delegation of control; protecting AD objects from deletion; managed service accounts
  • Create and apply Group Policy objects (GPOs).
    • May include but is not limited to: enforce, OU hierarchy, block inheritance, and enabling user objects; group policy processing priority; WMI; group policy filtering; group policy loopback; Group Policy Preferences (GPP)
  • Configure GPO templates.
    • May include but is not limited to: user rights; ADMX Central Store; administrative templates; security templates; restricted groups; security options; starter GPOs; shell access policies
  • Deploy and manage software by using GPOs.
    • May include but is not limited to: publishing to users; assigning software to users; assigning to computers; software removal; software restriction policies; AppLocker
  • Configure account policies.
    • May include but is not limited to: domain password policy; account lockout policy; fine-grain password policies
  • Configure audit policy by using GPOs.
    • May include but is not limited to: audit logon events; audit account logon events; audit policy change; audit access privilege use; audit directory service access; audit object access; advanced audit policies; global object access auditing; “Reason for Access” reporting

Maintaining the Active Directory environment (18 percent)

  • Configure backup and recovery.
    • May include but is not limited to: using Windows Server Backup; back up files and system state data to media; backup and restore by using removable media; perform an authoritative or non-authoritative restores; linked value replication; Directory Services Recovery Mode (DSRM); backup and restore GPOs; configure AD recycle bin
  • Perform offline maintenance.
    • May include but is not limited to: offline defragmentation and compaction; Restartable Active Directory; Active Directory database mounting tool
  • Monitor Active Directory.
    • May include but is not limited to: event viewer subscriptions; data collector sets; real-time monitoring; analyzing logs; WMI queries; PowerShell

Configuring Active Directory Certificate Services (15 percent)

  • Install Active Directory Certificate Services.
    • May include but is not limited to: certificate authority (CA) types, including standalone, enterprise, root, and subordinate; role services; prepare for multiple-forest deployments
  • Configure CA server settings.
    • May include but is not limited to: key archival; certificate database backup and restore; assigning administration roles; high-volume CAs; auditing
  • Manage certificate templates.
    • May include but is not limited to: certificate template types; securing template permissions; managing different certificate template versions; key recovery agent
  • Manage enrollments.
    • May include but is not limited to: network device enrollment service (NDES); auto enrollment; Web enrollment; extranet enrollment; smart card enrollment; authentication mechanism assurance; creating enrollment agents; deploying multiple-forest certificates; x.509 certificate mapping
  • Manage certificate revocations.
    • May include but is not limited to: configure Online Responders; Certificate Revocation List (CRL); CRL Distribution Point (CDP); Authority Information Access (AIA)

     

     

Exam 70-642:

TS: Windows Server 2008 Network Infrastructure, Configuring

Configuring Addressing and Services (24 percent)

  • Configure IPv4 and IPv6 addressing.
    • May include but is not limited to: configure IP address options; subnetting; supernetting; multi-homed; interoperability between IPv4 and IPv6
  • Configure Dynamic Host Configuration Protocol (DHCP).
    • May include but is not limited to: DHCP options; creating new options; PXE boot; default user profiles; DHCP relay agents; exclusions; authorize server in Active Directory; scopes; DHCPv6
  • Configure routing.
    • May include but is not limited to: static routing; persistent routing; Routing Internet Protocol (RIP); metrics; choosing a default gateway; maintaining a routing table; demand-dial routing; IGMP proxy
  • Configure Windows Firewall with Advanced Security.
    • May include but is not limited to: inbound and outbound rules; custom rules; authorized users; authorized computers; configure firewall by using Group Policy; network location profiles; service groups; import/export policies; isolation policy; IPsec group policies; Connection Security Rules

Configuring Names Resolution (27 percent)

  • Configure a Domain Name System (DNS) server.
    • May include but is not limited to: conditional forwarding; external forwarders; root hints; cache-only; socket pooling; cache locking
  • Configure DNS zones.
    • May include but is not limited to: zone scavenging; zone types; Active Directory integration; Dynamic Domain Name System (DDNS); Secure DDNS; GlobalNames; zone delegation; DNS Security Extensions (DNSSEC); reverse lookup zones
  • Configure DNS records.
    • May include but is not limited to: record types; Time to live (TTL); weighting records; registering records; netmask ordering; DnsUpdateProxy group; round robin; DNS record security; auditing
  • Configure DNS replication.
    • May include but is not limited to: DNS secondary zones; DNS stub zones; Active Directory Integrated replication scopes; securing zone transfer; SOA refresh; auditing
  • Configure name resolution for client computers.
    • May include but is not limited to: configuring HOSTS file; Link-Local Multicast Name Resolution (LLMNR); broadcasting; resolver cache; DNS server list; Suffix Search order; DNS devolution

Configuring Network Access (22 percent)

  • Configure remote access.
    • May include but is not limited to: dial-up; Remote Access Policy; Network Address Translation (NAT); VPN protocols, such as Secure Socket Tunneling Protocol (SSTP) and IKEv2; Routing and Remote Access Services (RRAS); packet filters; Connection Manager; VPN reconnect; RAS authentication by using MS-CHAP, MS-CHAP v2, and EAP
  • Configure Network Access Protection (NAP).
    • May include but is not limited to: network layer protection; DHCP enforcement; VPN enforcement; RDS enforcement; configure NAP health policies; IPsec enforcement; 802.1x enforcement; flexible host isolation; multi-configuration System Health Validator (SHV)
  • Configure DirectAccess.
    • May include but is not limited to: IPv6; IPsec; server requirements; client requirements; perimeter network; name resolution policy table
  • Configure Network Policy Server (NPS).
    • May include but is not limited to: IEEE 802.11 wireless; IEEE 802.3 wired; group policy for wireless; RADIUS accounting; Connection Request policies; RADIUS proxy; NPS templates

Configuring File and Print Services (13 percent)

  • Configure a file server.
    • May include but is not limited to: file share publishing; Offline Files; share permissions; NTFS permissions; encrypting file system (EFS); BitLocker; Access-Based Enumeration (ABE); branch cache; Share and Storage Management console
  • Configure Distributed File System (DFS).
    • May include but is not limited to: DFS namespace; DFS configuration and application; creating and configuring targets; DFS replication; read-only replicated folder; failover cluster support; health reporting
  • Configure backup and restore.
    • May include but is not limited to: backup types; backup schedules; managing remotely; restoring data; shadow copy services; volume snapshot services (VSS); bare metal restore; backup to remote file share
  • Manage file server resources.
    • May include but is not limited to: FSRM; quota by volume or quota by user; quota entries; quota templates; file classification; Storage Manager for SANs; file management tasks; file screening
  • Configure and monitor print services.
    • May include but is not limited to: printer share; publish printers to Active Directory; printer permissions; deploy printer connections; install printer drivers; export and import print queues and printer settings; add counters to Performance Monitor to monitor print servers; print pooling; print priority; print driver isolation; location-aware printing; print management delegation

Monitoring and Managing a Network Infrastructure (14 percent)

  • Configure Windows Server Update Services (WSUS) server settings.
    • May include but is not limited to: update type selection; client settings; Group Policy object (GPO); client targeting; software updates; test and approval; disconnected networks
  • Configure performance monitoring.
    • May include but is not limited to: Data Collector Sets; Performance Monitor; Reliability Monitor; monitoring System Stability Index; page files; analyze performance data
  • Configure event logs.
    • May include but is not limited to: custom views; application and services logs; subscriptions; attaching tasks to events find and filter
  • Gather network data.
    • May include but is not limited to: Simple Network Management Protocol (SNMP); Network Monitor; Connection Security Rules monitoring

 

 

Exam 70-646:

TS: Windows Server 2008, Server Administrator


Planning for Server Deployment (19 percent)

  • Plan server installations and upgrades. May include but is not limited to: Windows Server 2008 edition selection, rollback planning, Bitlocker implementation requirements
  • Plan for automated server deployment. May include but is not limited to: standard server image, automation and scheduling of server deployments
  • Plan infrastructure services server roles. May include but is not limited to: address assignment, name resolution, network access control, directory services, application services, certificate services
  • Plan application servers and services. May include but is not limited to: virtualization server planning, availability, resilience, and accessibility
  • Plan file and print server roles. May include but is not limited to: access permissions, storage quotas, replication, indexing, file storage policy, availability, printer publishing

Planning for Server Management (23 percent)

  • Plan server management strategies. May include but is not limited to: remote administration, remote desktop, server management technologies, Server Manager and ServerManagerCMD, delegation policies and procedures
  • Plan for delegated administration. May include but is not limited to: delegate authority, delegate Active Directory objects, application management
  • Plan and implement group policy strategy. May include but is not limited to: GPO management, GPO backup and recovery, group policy troubleshooting, group policy planning

Monitoring and Maintaining Servers (20 percent)

  • Implement patch management strategy. May include but is not limited to: operating system patch level maintenance, Windows Server Update Services (WSUS), application patch level maintenance
  • Monitor servers for performance evaluation and optimization. May include but is not limited to: server and service monitoring, optimization, event management, trending and baseline analysis
  • Monitor and maintain security and policies. May include but is not limited to: remote access, monitor and maintain NPAS, network access, server security, firewall rules and policies, authentication and authorization, data security, auditing

Planning Application and Data Provisioning (19 percent)

  • Provision applications. May include but is not limited to: presentation virtualization, terminal server infrastructure, resource allocation, application virtualization alternatives, application deployment, System Center Configuration Manager
  • Provision data. May include but is not limited to: shared resources, offline data access

Planning for Business Continuity and High Availability (19 percent)

  • Plan storage. May include but is not limited to: storage solutions, storage management
  • Plan high availability. May include but is not limited to: service redundancy, service availability
Plan for backup and recovery. May include but is not limited to: data recovery strategy, server recovery strategy, directory service recovery strategy, object level recovery

 

 

MCITP: Enterprise Administrator on Windows Server 2008 (Five Modules)

 

Exam 70-640

Exam 70-642

Exam 70-643

Exam 70-647

Exam 70-680

 

 

 

 

 
     

 

 

 

 

 

 

Back to top

 
   
 
:: Training
:: Contact
:: Site Map
:: Terms of Use

IP Tech Training and Consultancy.
Registered in Srilanka.
No 542, Kasthuriyar Road, Jaffna.
Telephone :- 0217539925
Email :- info@iptech.lk
Copyright © IP Tech Training and Consultancy.

@2013