Administering Windows Server 2012

Exam 70-411: Administering Windows Server 2012

The Administering Windows Server 2012 exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area in the exam. The higher the percentage, the more questions you are likely to see on that content area in the exam.

Deploy, manage and maintain servers (15–20%)
  • Deploy and manage server images
    • Install the Windows Deployment Services (WDS) role; configure and manage boot, install and discover images; update images with patches, hotfixes and drivers; install features for offline images; configure driver groups and also packages
  • Implement patch management
    • Install and configure the Windows Server Update Services (WSUS) role, configure group policies for updates, configure client-side targeting, configure WSUS synchronisation, configure WSUS groups and also manage patch management in mixed environments
  • Monitor servers
    • Configure Data Collector Sets (DCS), alerts, monitor real-time performance, monitor virtual machines (VMs), monitor events, configure event subscriptions, configure network monitoring and also schedule performance monitoring
Configure File and Print Services (15–20%)
  • Distributed File System (DFS)
    • Install and configure DFS namespaces, configure DFS Replication Targets, configure Replication Scheduling, configure Remote Differential Compression settings, configure staging, configure fault tolerance, clone a DFS database, recover DFS databases and also optimise DFS replication
  • Configure File Server Resource Manager (FSRM)
    • Install the FSRM role service, configure quotas, configure file screens, configure reports and also configure file management tasks
  • Configure file and disk encryption
    • Configure BitLocker encryption; Network Unlock feature; configure BitLocker policies; configure the EFS recovery agent; manage EFS and BitLocker certificates, including backup and also restore
  • Configure advanced audit policies
    • Implement auditing using Group Policy and AuditPol.exe, create expression-based audit policies and also create removable device audit policies
Configure network services and access (15–20%)
  • DNS zones
    • Configure primary and secondary zones, configure stub zones, configure conditional forwards, configure zone and conditional forward storage in Active Directory, configure zone delegation, zone transfer settings and also configure notify settings
  • DNS records
    • Create and configure DNS Resource Records (RR), including A, AAAA, PTR, SOA, NS, SRV, CNAME and MX records; configure zone scavenging; record options, including Time To Live (TTL) and weight; configure round robin and also configure secure dynamic updates
  • Configure virtual private networks (VPN) and routing
    • Install and configure the Remote Access role, implement Network Address Translation (NAT), configure VPN settings, configure remote dial-in settings for users, configure routing and also configure Web Application proxy in passthrough mode
  • DirectAccess
    • Implement server requirements, implement client configuration, configure DNS for Direct Access and also configure certificates for Direct Access
Configure a Network Policy Server (NPS) infrastructure (10–15%)
  • Network Policy Server
    • Configure a RADIUS server, including RADIUS proxy; RADIUS clients; NPS templates; configure RADIUS accounting and also configure certificates
  • NPS policies
    • Configure connection request policies, configure network policies for VPN clients (multilink and bandwidth allocation, IP filters, encryption, IP addressing) and also import and export NPS policies
  • Network Access Protection (NAP)
    • System Health Validators (SHVs), configure health policies, configure NAP enforcement using DHCP and VPN, configure isolation and remediation of non-compliant computers using DHCP and VPN and also configure NAP client settings
Configure and manage Active Directory (10–15%)
  • Configure service authentication
    • Create and configure Service Accounts, create and configure Group Managed Service Accounts, configure Kerberos delegation, manage Service Principal Names (SPNs) and also configure virtual accounts
  • Configure domain controllers
    • Transfer and seize operations master roles, install and configure a read-only domain controller (RODC) and also configure domain controller cloning
  • Maintain Active Directory
    • Back up Active Directory and SYSVOL, manage Active Directory offline, optimise an Active Directory database, clean up metadata, configure Active Directory snapshots, perform object- and container-level recovery, perform Active Directory restore, configure and also restore objects by using the Active Directory Recycle Bin
  • Configure account policies
    • Configure domain and local user password policy settings, configure and apply Password Settings Objects (PSOs), delegate password settings management, configure account lockout policy settings and also configure Kerberos policy settings