Table of Contents



-9334509523095Revised 2016/05/1700Revised 2016/05/17-1143000-91440000-11245852492779TestOut Server Pro:Advanced Services – English 3.1.x020000TestOut Server Pro:Advanced Services – English 3.1.x-11430003667125LESSON PLAN00LESSON PLANTable of Contents TOC \o "1-1" \h \z Course Overview PAGEREF _Toc444675825 \h 4Course Introduction for Instructors PAGEREF _Toc444675826 \h 6Section 1.1: Multi-Domain Forests PAGEREF _Toc444675827 \h 8Section 1.2: Cross-Forest Trusts PAGEREF _Toc444675828 \h 10Section 1.3: External, Shortcut and Realm Trusts PAGEREF _Toc444675829 \h 12Section 1.4: Sites Overview PAGEREF _Toc444675830 \h 14Section 1.5: Managing Sites PAGEREF _Toc444675831 \h 16Section 1.6: Managing Replication PAGEREF _Toc444675832 \h 18Section 1.7: Read-Only Domain Controllers (RODCs) PAGEREF _Toc444675833 \h 20Section 1.8: RODC Management PAGEREF _Toc444675834 \h 22Section 2.1: Network File System (NFS) PAGEREF _Toc444675835 \h 24Section 2.2: BranchCache PAGEREF _Toc444675836 \h 26Section 2.3: Dynamic Access Control (DAC) PAGEREF _Toc444675837 \h 28Section 2.4: DAC Management PAGEREF _Toc444675838 \h 30Section 2.5: Advanced Storage PAGEREF _Toc444675839 \h 32Section 2.6: Storage Optimization PAGEREF _Toc444675840 \h 34Section 3.1: Windows Server Backup PAGEREF _Toc444675841 \h 36Section 3.2: Restore from Backup PAGEREF _Toc444675842 \h 38Section 3.3: Volume Shadow Copies PAGEREF _Toc444675843 \h 40Section 3.4: Boot Configuration Data (BCD) Store PAGEREF _Toc444675844 \h 42Section 4.1: DHCP Overview PAGEREF _Toc444675845 \h 44Section 4.2: DHCP Scopes PAGEREF _Toc444675846 \h 46Section 4.3: DHCP and IPv6 PAGEREF _Toc444675847 \h 48Section 4.4: DHCP High Availability PAGEREF _Toc444675848 \h 50Section 4.5: IPAM Overview PAGEREF _Toc444675849 \h 52Section 4.6: IPAM Configuration PAGEREF _Toc444675850 \h 54Section 4.7: IPAM Management PAGEREF _Toc444675851 \h 56Section 5.1: DNS Security PAGEREF _Toc444675852 \h 57Section 5.2: Advanced DNS Settings PAGEREF _Toc444675853 \h 59Section 5.3: GlobalNames Zones PAGEREF _Toc444675854 \h 61Section 6.1: Virtual Machine Management PAGEREF _Toc444675855 \h 63Section 6.2: Hyper-V High Availability PAGEREF _Toc444675856 \h 65Section 7.1: Network Load Balancing PAGEREF _Toc444675857 \h 67Section 7.2: Network Load Balancing Management PAGEREF _Toc444675858 \h 69Section 7.3: Failover Clustering PAGEREF _Toc444675859 \h 71Section 7.4: Failover Cluster Management PAGEREF _Toc444675860 \h 74Section 7.5: Failover Clustered Role Management PAGEREF _Toc444675861 \h 76Section 7.6: Failover Cluster with Hyper-V PAGEREF _Toc444675862 \h 78Section 8.1: Active Directory Certificate Services Overview PAGEREF _Toc444675863 \h 80Section 8.2: Certificate Management PAGEREF _Toc444675864 \h 82Section 8.3: Certificate Revocation PAGEREF _Toc444675865 \h 84Section 8.4: Certificate Templates PAGEREF _Toc444675866 \h 86Section 8.5: Certificate Autoenrollment PAGEREF _Toc444675867 \h 88Section 8.6: Key Archival and Recovery PAGEREF _Toc444675868 \h 90Section 8.7: Certificate Authority (CA) Management PAGEREF _Toc444675869 \h 92Section 8.8: CA Backup and Recovery PAGEREF _Toc444675870 \h 94Section 9.1: AD RMS Overview PAGEREF _Toc444675871 \h 95Section 9.2: AD RMS Installation PAGEREF _Toc444675872 \h 97Section 9.3: AD RMS Client Deployments PAGEREF _Toc444675873 \h 99Section 9.4: AD RMS Templates PAGEREF _Toc444675874 \h 100Section 10.1: AD FS Overview PAGEREF _Toc444675875 \h 102Section 10.2: AD FS Certificates PAGEREF _Toc444675876 \h 103Section 10.3: Resource Partner PAGEREF _Toc444675877 \h 104Section 10.4: Accounts Partner PAGEREF _Toc444675878 \h 106Section 10.5: AD FS Proxies PAGEREF _Toc444675879 \h 107Section 10.6: AD FS and Cloud Services PAGEREF _Toc444675880 \h 109Section 10.7: AD FS and AD RMS PAGEREF _Toc444675881 \h 110Server Pro: Advanced Services Practice Exams PAGEREF _Toc444675882 \h 112Microsoft 70-412 Practice Exams PAGEREF _Toc444675883 \h 113Appendix A: Approximate Time for the Course PAGEREF _Toc444675884 \h 114Appendix B: Exam 70-412: Configuring Advanced Windows Server 2012 Services Objectives PAGEREF _Toc444675885 \h 117Appendix C: Server Pro: Advanced Services Objectives PAGEREF _Toc444675886 \h 123Course OverviewThis course prepares students for TestOut’s Server Pro: Advanced Services exam and Microsoft’s 70-412 certification exam. Module 1 – Active Directory InfrastructureThis module teaches the students details about the infrastructure of Active Directory and how to manage the elements involved.Module 2 – File and Storage SolutionsIn this module students will learn about file and storage solutions, such as file sharing, using BranchCache, implementing and managing Dynamic Access Control, configuring iSCSI, and storage spaces. Module 3 – Disaster Recovery This module teaches students about backing up and restoring data, implementing shadow copies, and finding tools to assist in system recovery. Module 4 – Advanced DHCPThis module examines using Dynamic Host Configuration Protocol (DHCP) and IPAM to centralize and streamline management of IP address assignments.Module 5 – Advanced DNSIn this module students will learn concepts about configuring DNS security: DNSSEC, DNS Socket Pooling, Cache Locking, Advanced DNS settings, and GlobalNames zones.Module 6 – Hyper-VThis module discusses management of virtual machines and Hyper-V replicas.Module 7 – High Availability This module teaches students about the components that create high availability: Network load balancing, Failover Clustering, Active Directory Certificate Service, AD RMS, and AD FS. Module 8 – Active Directory Certificate ServicesThis module examines encryption and certificate solutions using Active Directory Certificate Services. This includes managing and revoking certificates, using certificate templates, configuring Certificate Autoenrollment, archiving and recovering keys, and managing the Certificate Authority.Module 9 – Active Directory Rights Management Services (AD RMS)In this module students will learn concepts about installing and deploying AD RMS.Module 10 – Active Directory Federation Services 2.1 (AD FS)This module discusses using AD FS to provide access to resources that are offered by trusted partners across the Internet.Practice ExamsIn Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. The practice exams contain examples of the types of questions that a student will find on the actual exam:Server Pro: Advanced Services Practice ExamsMicrosoft 70-412 Practice Exams Course Introduction for Instructors This course provides students with the knowledge to become industry certified as a Windows professional. It prepares the student for the following exams:Microsoft’s 70-412: Configuring Advanced Windows Server 2012 ServicesTestOut’s Server Pro: Advanced ServicesMicrosoft’s 70-412: Configuring Advanced Windows Server 2012 Services certification measures the students’ ability to administer, configure, and manage Windows Server 2012 advanced services. The following knowledge domains are addressed:Configure and manage high availabilityConfigure file and storage solutionsImplement business continuity and disaster recoveryConfigure network servicesConfigure the Active Directory infrastructureConfigure identity and access solutionsNote: MS 70-412 objectives are listed in Appendix B: 70-412: Configuring Advanced Windows Server 2012 Services ObjectivesTestOut’s Server Pro: Advanced Services certification measures the students’ ability to perform real-world job skills using the Windows Server 2012 operating system. The following knowledge domains are addressed:Advanced Active Directory ConfigurationAdvanced Storage ManagementServer Data ProtectionAdvanced DHCP and DNS ConfigurationHigh Availability ImplementationCertificate ManagementDigital Rights ManagementNote: TestOut’s Server Pro: Advanced Services objectives are listed in Appendix C: Server Pro: Advanced Services ObjectivesThe section introductions in LabSim and the lesson plans list the objectives that are met for each of the exams in that section.The following icons are placed in front of lesson items in LabSim to help students quickly recognize the items in each section:= Demonstration= Exam= Lab/Simulation= Text lesson or fact sheet= VideoThe video and demonstration icons are used throughout the lesson plans to help instructors differentiate between the timing for the videos and demonstrations.In the lesson plans the Total Time for each section is calculated by adding the approximate time for each section which is calculated using the following elements:Video/demo timesApproximate time to read the text lesson (the length of each text lesson is taken into consideration)Simulations (5 minutes is assigned per simulation. This is the amount of time it would take for a knowledgeable student to complete the lab activity. Plan that the new students will take much longer than this depending upon their knowledge level and computer experience.)Questions (1 minute per question)Note: Appendix A: Approximate Time for the Course contains the approximate time for each section, which are totaled for the entire course.Section 1.1: Multi-Domain Forests SummaryThis section provides the basics of managing multi-domain forests. Concepts covered include:Prerequisites required before adding the first domain controller running Windows Server 2012 to an existing Active Directory environment:Server disk spaceSupported Windows Server 2012 editionsForest and domain functional levelsTools to prepare forest and domain to support Windows Server 2012:Adprep /forestprepAdprep /domainprepAdprep /rodcprepInstallation scenarios for AD DS for Windows 2012:Installing a new Windows Server 2012 forestInstalling a new Windows Server 2012 domain controller to create a new domain in an existing Windows Server 2003, 2008, or 2008 R2 forestTools to promote the Windows Server 2012 system as a domain controller in the domain:Server ManagerPowerShell (using ADDSDeployment cmdlets)DCPromo (only for Server Core deployments using an answer file)The role of a functional levelFeatures available at each domain functional levelFeatures available at each forest functional levelManagement of functional levelsGuidelines that apply to raising the domain or forest functional levelsStudents will learn how to:Raise the functional level of a domain.Raise the functional level of a forest.Add a new child domain to a multi-domain forest.Server Pro: Advanced Services Exam Objectives:1.0 Advanced Active Directory Configuration.Raise the functional level of an Active Directory forest70-412 Exam Objectives:501. Configure a forest or a domain.Implement multi-domain and multi-forest Active Directory environments including interoperability with previous versions of Active DirectoryUpgrade existing domains and forest including environment preparation and functional levelsConfigure multiple user principal name (UPN) suffixesLecture Focus Questions: When do you use the adprep /domainprep /gpprep command instead of the adprep /domainprep command?What are the prerequisites for adding the first domain controller running Windows Server 2012 to an existing Active Directory environment?How does the functional level of a domain impact the capabilities available on domain controllers in the domain or forest?How does the functional level of a domain affect which operating systems you can run on workstations and servers in the domain?What circumstances might prevent you from raising the functional level of a domain?In which two circumstances can you revert to a lower functional level without rebuilding the domain or forest?Video/DemoTime1.1.1 Multi-Domain Forests 10:371.1.2 Upgrading Multi-Domain Forests10:011.1.3 Adding a New Child Domain 7:35Total 28:13Lab/ActivityRaise Functional LevelsRaise the Domain and/or Forest LevelsNumber of Exam Questions5 questionsTotal TimeAbout 50 minutes Section 1.2: Cross-Forest Trusts SummaryThis section provides information about preparing and creating cross-forest trusts. Details include:The role of trustsProperties of trusts:Direction of Trust:One-way TrustTwo-way TrustDirection of Resource AccessTransitivityHow trusts are created for:Domains within a forestTrusts between forestsConsiderations when creating forest trustsAuthentication security settings that can be applied to trusts:Selective authenticationDomain-wide authenticationForest-wide authenticationStudents will learn how to:Create and configure a forest root trust between two domains. Create trust relationships with a specified domain. Server Pro: Advanced Services Exam Objectives:1.0 Advanced Active Directory Configuration.Create forest root, cross-forest, external, shortcut, and realm trusts70-412 Exam Objectives:502 Configure trusts.Configure trust authenticationLecture Focus Questions: Which types of trusts are created automatically for domains within a forest?What are the characteristics of automatically-created domain trusts?What are the characteristics of trusts between forests?When can forest trusts be used?When must you create an external trust?What advantages does selective authentication provide to system administrators for securing resources in a forest?Video/DemoTime1.2.1 Cross-Forest Trusts 6:261.2.2 Preparation for a Cross-Forest Trust 1:291.2.3 Preparing for a Cross-Forest Trust 7:401.2.4 Creating a Cross-Forest Trust11:56Total27:31Lab/ActivityCreate a Forest Root TrustDesign TrustsNumber of Exam Questions9 questionsTotal TimeAbout 50 minutes Section 1.3: External, Shortcut and Realm Trusts SummaryThis section provides details about creating external, shortcut, and realm trusts.Students will learn how to:Manually create an external trust to allow users on one domain to access resources in a domain of another forest. Create a shortcut trust to speed up authentication between domains in the same forest. Server Pro: Advanced Services Objectives:1.0 Advanced Active Directory Configuration.Create forest root, cross-forest, external, shortcut, and realm trusts70-412 Exam Objectives:502 Configure trusts.Configure external, forest, shortcut, and realm trustsConfigure trust authenticationConfigure SID filteringConfigure name suffix routingLecture Focus Questions: How do shortcut trusts improve user logon times between two domains within a forest?What are the characteristics of an external trust?When should you use a realm trust?What features does Active Directory Federated Services (AD FS) offer?Video/DemoTime1.3.1 External, Shortcut and Realm Trusts 5:001.3.2 Creating a Shortcut Trust 2:23Total7:23Lab/ActivityCreate a Shortcut TrustNumber of Exam Questions4 questionsTotal TimeAbout 20 minutesSection 1.4: Sites Overview SummaryThis section provides an overview of sites and subnets. Details covered include:The role of a siteThe role of a subnetConsiderations about sites and subnetsSites and subnets allow an administrator to monitor:Active Directory replication between locations Workstation logon trafficObjects in Active DirectoryDistributed File System (DFS) resource accessFile Replication Service (FRS) characteristicsProperties for any site-aware applicationStudents will learn how to:Create and manage sites, subnets, and site links. 70-412 Exam Objectives:503. Configure sites.Configure sites and subnetsCreate and configure site linksMove domain controllers between sitesLecture Focus Questions: How does a subnet differ from a site?What is the purpose of sites and subnets?What criteria are used to assign computers to sites?How are clients assigned to sites?What criteria determine the site that a domain controller is assigned?Video/DemoTime1.4.1 Overview of Sites 7:541.4.2 Creating Sites, Subnets, and Site Links 12:47Total20:41Lab/ActivityManage Sites and SubnetsNumber of Exam Questions3 questionsTotal TimeAbout 30 minutes Section 1.5: Managing Sites SummaryThis section discusses the following issues when managing sites:Logon requestsSite link costSite link schedulesSite link intervalGlobal Catalog serversUniversal Group Membership CachingStudents will learn how to:Determine the domain controller that will process logon requests at a site.Set up a Global Catalog.Enable Universal Group Membership Caching.Server Pro: Advanced Services Objectives:1.0 Advanced Active Directory Configuration.Manage sites, subnets, and site links70-412 Exam Objectives:503. Configure sites.Manage site coverageManage registration of SRV recordsLecture Focus Questions: How can you determine which domain controller will authenticate a client when more than one domain controller exists at a site?How are site link costs determined?What steps can you take to ensure that a particular domain controller does not authenticate clients from another site?How does a Global Catalog server facilitate faster searches and logon?What are the benefits of Universal Group Membership Caching? When should it be used?What two things should you consider when defining site link schedules?Video/DemoTime1.5.1 Site Management17:101.5.2 Managing Sites10:01Total27:11Number of Exam Questions10 questionsTotal TimeAbout 40 minutes Section 1.6: Managing Replication SummaryThis section examines managing replication. Concepts covered include:Terms to be familiar with:Site link bridgeBridgehead serverConnectionSites and Services distinguishes between two types of replication:IntrasiteIntersiteTransport protocols used by replication:Directory Services Remote Procedure Call (DS-RPC)Inter-Site Messaging Simple Mail Transfer Protocol (ISM-SMTP)Facts about intrasite replication:Occurs between domain controllers within a siteBy default, occurs once every hourModifying the replication frequencyConnections are created automatically as necessaryIntersite replication configuration steps:Preferred bridgehead serverReplication scheduleReplication frequencySite link costBridged site replicationForced replicationExample of site link bridgingThe role of SYSVOL folderFile Replication Service (FRS) vs. Distributed File System (DFS)Benefits of DFS replicationMigrating from FRS replication to DFS replicationStates that indicate stable stages in the migration process:Not initiatedStartPreparedRedirectedEliminatedConsiderations when managing migrationStudents will learn how to:Create a site link bridge.Manage replication of AD and SYSVOL.Monitor replication of AD and SYSVOL.Server Pro: Advanced Services Objectives:1.0 Advanced Active Directory Configuration.Manage sites, subnets, and site links.Configure site replication.70-412 Exam Objectives:504. Manage Active Directory and SYSVOL replication.Monitor and manage replicationUpgrade SYSVOL replication to Distributed File System Replication (DFSR)Lecture Focus Questions: What types of trusts are enabled by default for site link bridges?How do you establish bidirectional communications between domain controllers?How does intrasite replication differ from intersite replication?What are three ways that you can force replication?How can you force a certain path between sites for replication?What is the process for migrating from FRS replication to DFS replication when the domain is at Windows Server 2003 functional level?During which migration stages are you able to roll back the migration?Video/DemoTime1.6.1 Active Directory Replication 12:461.6.2 Monitoring and Managing Replication12:51Total25:37Lab/ActivityConfigure Intrasite ReplicationConfigure Intersite ReplicationNumber of Exam Questions15 questionsTotal TimeAbout 60 minutes Section 1.7: Read-Only Domain Controllers (RODCs)SummaryIn this section students will learn details about creating RODCs. Concepts covered include:Features of RODCs:Administrator role separationUnidirectional replicationRead-only dataPassword replicationDNS Server serviceRequirements to be met before RODCs are installed in a domainPerforming a staged installation of an RODC in which the installation is performed by two different individuals in separated stagesGenerals steps to install a read-only domain controller (RODC)Considerations when installing RODC Students will learn how to:Create and configure an RODC account.Server Pro: Advanced Services Exam Objectives:1.0 Advanced Active Directory Configuration.Implement read-only domain controllers70-412 Exam Objectives:504. Manage Active Directory and SYSVOL replication.Configure replication to Read-Only Domain Controllers (RODCs)Lecture Focus Questions: In which environments is an RODC typically deployed?What are the benefits and the drawbacks of unilateral replication?What are the requirements for installing an RODC in a domain?How does the administrative role separation (ARS) feature protect domain controller security?Video/DemoTime1.7.1 Read-Only Domain Controllers 9:111.7.2 Pre-Staging RODC Accounts 6:531.7.3 Joining an RODC to the Domain 4:57Total 21:01Lab/ActivityCreate RODC AccountsNumber of Exam Questions5 questionsTotal TimeAbout 35 minutesSection 1.8: RODC ManagementSummaryThis section discusses the following considerations managing an RODC:Administrator role separationReplication traffic managementSecurity management Students will learn how to:Configure the password replication policy on the RODC to cache only passwords for specified users. Prepopulate passwords before users even attempt to log on. Server Pro: Advanced Services Exam Objectives:1.0 Active Directory Configuration.Implement read-only domain controllers70-412 Exam Objectives:504. Manage Active Directory and SYSVOL replication.Configure Password Replication Policy (PRP) for RODCsLecture Focus Questions: How does the password replication policy control password replication?What preventative measures can you implement to protect the data on an RODC in the event it is lost or stolen?How can you prevent certain data from being replicated to an RODC?What steps should you take if an RODC has been compromised?When does an RODC attempt inbound replication?Which two built-in groups can be used for password replication on RODCs?Video/DemoTime1.8.1 RODC Management 9:521.8.2 Managing RODCs 6:01Total15:53Lab/ActivityEdit the Password Replication PolicyNumber of Exam Questions6 questionsTotal TimeAbout 35 minutesSection 2.1: Network File System (NFS) SummaryThis section discusses using Network File System (NFS) to transfer files between computers running Windows and UNIX/Linux operating systems. Details include: Considerations when deploying NFS file sharing on Windows Server 2012:System requirementsNFS service installationNFS service configurationNFS share configurationStudents will learn how to:Create and configure an NFS share.Server Pro: Advanced Services Exam Objectives:2.0 Advanced Storage Management.Implement NFS to support UNIX/Linux systems70-412 Exam Objectives:201. Configure advanced file services.Configure NFS data storeLecture Focus Questions: Which PowerShell cmdlets install NFS sharing components on a Windows Server 2012 system?What configuration tasks must be completed before using the NFS Server or Client on a Windows Server 2012 system?What are two ways you can create shares in the server's NTFS file system and export them to NFS clients?In which two ways can you map a UNIX/Linux user or group to a Windows user or group?Video/DemoTime2.1.1 NFS Overview 1:532.1.2 Configuring an NFS Data Store 12:10Total14:03Lab/ActivityConfigure an NFS ShareNumber of Exam Questions4 questionsTotal TimeAbout 25 minutes Section 2.2: BranchCache SummaryThis section discusses using BranchCache to allow users in branch offices to access information more quickly. Concepts covered include:The role of BranchCacheBranchCache modes:Hosted CacheDistributed CacheStudents will learn how to:Configure a BranchCache content server. Configure a hosted BranchCache server. Use PowerShell cmdlets to configure BranchCache clients. Verify BranchCache client settings. 70-412 Exam Objectives:201. Configure advanced file services.Configure BranchCacheLecture Focus Questions: What method do you use to configure a file server as a BranchCache content server?How does hosted cache mode differ from distributed cache mode in systems using BranchCache?What are the advantages of using Group Policy to configure BranchCache on multiple computers?How do you use Group Policy to configure firewall rules for BranchCache clients?Which settings should you verify when inspecting the current BranchCache operation mode using the Get-BCStatus cmdlet?What should you be aware of if you use both PowerShell cmdlets and Group Policy to configure BranchCache on client systems?Video/DemoTime2.2.1 BranchCache Overview 5:342.2.2 Configure BranchCache 6:11Total11:45Number of Exam Questions10 questionsTotal TimeAbout 25 minutesSection 2.3: Dynamic Access Control (DAC) SummaryIn this section students will learn about using Dynamic Access control (DAC) to enable granular control over data access. Details include:The role of Dynamic Access Control (AC)Factors that can be used to change the level of access of a userComponents of DAC implementation:Resource propertiesClassification rulesClaims-based access control:User claimsDevices claimsCentral access rulesCentral access policiesConsiderations when setting up the permission for DAC and NTFS file permissionsTasks to implement Dynamic Access Control (DAC):Install FSRMDefine resource propertiesCreate classification rulesConfigure claim typesDefine central access rulesDefine central access policiesConfigure Group Policy settingsApply central access policiesStudents will learn how to:Use FSRM to configure File Classification Infrastructure.Create and configure classification rules.Configure a classification schedule.Server Pro: Advanced Services Exam Objectives:2.0 Advanced Storage Management.Implement Dynamic Access Control (DAC)70-412 Exam Objectives:201. Configure advanced file services.Configure File Classification Infrastructure (FCI) using File Server Resource Manager (FSRM)202. Implement Dynamic Access Control (DAC).Configure user and device claim typesConfigure file classificationCreate and configure Central Access rules and policiesCreate and configure resource properties and listsLecture Focus Questions: By implementing DAC, what criteria can you use to dynamically change the level of access a user has to file server data?How can you use NTFS file system permissions and DAC to control resource access?To which types of data can classification rules be applied?How does the Content Classifier method of assigning a property to a file differ from the Windows PowerShell Classifier method?What are the components of a central access rule?Which Kerberos Group Policy settings must be enabled to support DAC?Video/DemoTime 2.3.1 DAC Overview 10:222.3.2 Configuring File Classification Infrastructure (FCI) using FSRM11:302.3.3 Implementing DAC Policies19:59Total 41:51Lab/ActivityConfigure File Classification InfrastructureNumber of Exam Questions4 questionsTotal TimeAbout 55 minutes Section 2.4: DAC Management SummaryIn this section students will learn about options to manage Dynamic Access Control (DAC). Details in this section include:StagingAccess-denied remediationStudents will learn how to:Staging policy changes for central access policies for DAC.Use Group Policy to configure file access auditing.Server Pro: Advanced Services Exam Objectives:2.0 Advanced Storage Management.Implement Dynamic Access Control (DAC)70-412 Exam Objectives:201. Configure advanced file services.Configure file access auditing202. Implement Dynamic Access Control (DAC).Implement policy changes and stagingPerform access-denied remediationLecture Focus Questions: How can you test the effect of DAC rules without enforcing them?What is the purpose of access-denied remediation?What are two requirements for using access-denied remediation?What should you be aware of if you use both File Server Resource Manager and Group Policy to configure DAC?Video/DemoTime 2.4.1 DAC Management 5.012.4.2 Implementing Policy Changes and Staging 6:402.4.3 Performing Access-denied Remediation 5:09Total 16:50Number of Exam Questions3 questionsTotal TimeAbout 20 minutes Section 2.5: Advanced Storage SummaryThis section examines using iSCSI and iSNS to provide advanced storage capabilities. Details include:Hardware required to create an iSCSI SAN:Ethernet cablingEthernet switchesEthernet NICsThe role of iSCSI targetsThe role of iSCSI initiatoriSCSI terminology to be familiar with:network entitynetwork portalProtocol Data Unit (PDU)iSCSI nameiSCSI Qualified Name (IQN)iSCSI targetiSCSI initiatorLUNConsiderations when choosing between iSCSI and other SAN technologiesSteps to configure iSCSI initiatorsThe role of Internet Storage Name Service (iSNS)Students will learn how to:Create an iSCSI virtual disk and configure an iSCSI target on it.Configure an iSCSI initiator with access to the virtual disk.Install the iSNS Server Service feature and configure iSNS.Server Pro: Advanced Services Exam Objectives:2.0 Advanced Storage Management.Implement an iSCSI SAN70-412 Exam Objectives:203?Configure and optimize storage. Configure iSCSI Target and InitiatorConfigure Internet Storage Name server (iSNS)Lecture Focus Questions: What are the hardware components of a SAN?What is the advantage of using Ethernet hardware for a SAN implementation?What is the benefit from implementing a second, parallel network infrastructure dedicated only to the iSCSI SAN?In an iSCSI SAN, what purpose does the network portal serve?What are the steps to configure iSCSI initiators?What functions does Storage Name Service (iSNS) provide?Video/DemoTime2.5.1 iSCSI and Internet Storage Name Server (iSNS) 2:352.5.2 Configuring an iSCSI Target 2:232.5.3 Configuring the iSCSI Initiator 4:192.5.4 Configuring iSNS 3:11Total 12:28Lab/ActivityConfigure an iSCSI TargetConfigure the iSCSI InitiatorNumber of Exam Questions8 questionsTotal TimeAbout 35 minutes Section 2.6: Storage Optimization SummaryThis section covers optimizing storage by using storage spaces and storage pools. Concepts covered include:Components of storage spaces:DevicesPoolsStorage spacesSteps to follow when more disk space is neededConfiguration options in storage pool creation:AllocationStorage layout:SimpleTwo-way mirrorThree-way mirrorParityProvisioning:Fixed provisioningThin provisioningConsiderations about storage spacesStorage pool limitationsPowerShell commands to manage storage spaces:New-StoragePoolAdd-PhysicalDiskNew-VirtualDiskGet-StoragePoolOptions to optimized storage on a Windows Server 2012 system:Data deduplicationFeatures on DemandStudents will learn how to:Configure storage pools.Reduce disk space used by Windows Server 2012 using Features on Demand.Enable data deduplication to optimize data storage.70-412 Exam Objectives:102 Configure failover clustering.Configure and optimize clustered shared volumesConfigure storage spaces203?Configure and optimize storage.Implement thin provisioning and trimManage server free space using Features on DemandLecture Focus Questions: How does fixed provisioning differ from thin provisioning?What are the limitations of the storage pool?Which PowerShell cmdlets can you use to manage storage spaces and what is the function of each?How does data deduplication differ from Features on Demand?How can you use Features on Demand to manage free space of a Windows Server 2012 server?Video/DemoTime2.6.1 Storage Optimization 4:332.6.2 Optimizing Storage 12:332.6.3 Storage Tiers 12:51Total 29:57Number of Exam Questions8 questionsTotal TimeAbout 45 minutes Section 3.1: Windows Server Backup SummaryThis section provides details of using Windows Server Backup. Concepts covered include:The role of the Online Backup feature in Windows 2012Steps to perform online backupsThe role of the Windows Server Local BackupConsiderations about using Windows Server BackupMethods Windows Server Backup provides to run backups:Windows Server Backup MMC snap-inWbadmin from the command promptPowerShell cmdlets for Windows Server BackupOptions available with Windows Server Backup:Full ServerBare metal recoverySystem stateIndividual volumesFolders or filesStorage types that Windows Server Backup can save backups to:Internal diskExternal diskShared folderDVD, other optical or removable mediaWhen using Windows Server Backup you cannot back to:TapeUSB flash drivesPen drivesStudents will learn how to:Install Windows Server Backup.Configure a regular backup schedule for a server.Back up a server.Server Pro: Advanced Services Exam Objectives:3.0 Server Data Protection.Configure server backups70-412 Exam Objectives:301 Configure and manage backups.Configure Windows Server backupsConfigure Windows Online backupsConfigure role-specific backupsLecture Focus Questions: When using the Online Backup feature in Windows Server 2012, what options do you have for obtaining the certificate file?Which types of backups are not supported by Online Backup and must be done using a local backup?What is the best practice for securing the Online Backup passphrase?What happens if the online backup destination does not have sufficient space available to store the backup?When using Windows Server Backup, which backup option would you use if you want to be able to recover all volumes including system state and bare metal recoveries?Which media types are not supported by Windows Server Backup? Video/DemoTime3.1.1 Windows Server Backup 3:163.1.2 Configuring Windows Server Backup for Local Backup 2:333.1.4 Configuring Windows Server Backup for Online Backup 6:27Total12:16Lab/ActivityBack Up a ServerNumber of Exam Questions13 questionsTotal TimeAbout 35 minutes Section 3.2: Restore from Backup SummaryThis section discusses restoring from backup. Concepts covered include:Considerations when restoring from backupsRecovery types and the tools to perform them:OnlineFiles and foldersHyper-VVolumesApplicationsBare metal or full serverSystem stateStudents will learn how to:Restore a server from backup.Restore user data from backup.Perform a Bare Metal Recovery.Server Pro: Advanced Services Exam Objectives:3.0 Server Data Protection.Restore server data from backup70-412 Exam Objectives:302 Recover servers.Restore from backupsPerform a Bare Metal Restore (BMR)Lecture Focus Questions: Which are the only types of files that can be recovered from an online backup?Which are the only media supported for recovering files and folders using Windows Server Backup?Who is authorized to perform recoveries using Windows Server Backup?What tool allows you to recover Hyper-V virtual machines?When recovering volumes, how is the existing data on the destination volume handled?Video/DemoTime3.2.1 Restore from Backup 1:383.2.2 Recovering User Data 3:423.2.3 Performing a Bare Metal Recovery (BMR)3:30Total8:50Number of Exam Questions3 questionsTotal TimeAbout 15 minutesSection 3.3: Volume Shadow Copies SummaryThis section discusses using Volume Shadow Copies to make copies of user files at regular intervals. Concepts covered include:The role of Volume Shadow Copy Service (VSS)Considerations when using VSSVSS areas when implementing shadow copies:SchedulingStoringRecoveringNTFS PermissionsVSSAdminStudents will learn how to:Enable and configure shadow copies for shared folders.Restore a previous version of a file.Use VSSAdmin to manage VSS settings from the command line.Server Pro: Advanced Services Exam Objectives:3.0 Server Data Protection.Enable shadow copies70-412 Exam Objectives:301 Configure and manage backups.Manage VSS settings using VSSAdminLecture Focus Questions: How do you view and manage previous versions of volumes, folders and files?What criteria should you use for scheduling shadow copies of volume data?How are NTFS permissions on previous versions of a file affected during recovery?How does restoring folders affect new files that have been added since the shadow copy was made?What steps should you take to allow defragmentation on volumes with VSS enabled?What happens if you delete a volume before disabling VSS?Video/DemoTime 3.3.1 Volume Shadow Copies2:253.3.2 Configuring VSS 3:213.3.2 Managing VSS Settings with VSSAdmin2:07Total7:53Lab/ActivityEnable Shadow CopiesRestore Previous Version 1Restore Previous Version 2Number of Exam Questions11 questionsTotal TimeAbout 35 minutesSection 3.4: Boot Configuration Data (BCD) StoreSummaryIn this section students will learn about Boot Configuration Data (BCD) Store. Concepts covered include:Tools to assist in system recovery:System Recovery OptionsBoot Configuration Data (BCD)Windows Memory Diagnostic Tool (WMDT)Startup and Recovery optionsSystem Configuration utility (Msconfig.exe)The role of boot optionsWindows Server 2012 startup modes:Repair Your ComputerSafe ModeSafe Mode with NetworkingSafe Mode with Command PromptEnable Boot loggingEnable low-resolution videoLast Known Good ConfigurationDebugging ModeDisable automatic restart on a system failureDisable Driver Signature EnforcementDisable Early Launch Anti-Malware ProtectionRecommendations to troubleshoot startup errors with the advanced boot optionsStudents will learn how to:Configure the BCD store.Use Advanced Boot options to boot a computer.70-412 Exam Objectives:302 Recover servers.Recover servers using Windows Recovery Environment (Win RE) and safe modeConfigure the Boot Configuration Data (BCD) storeLecture Focus Questions: When would you need to use the System Image Recovery tool?In which situations would the System Configuration utility (bcd) be useful?What actions can you take to boot your system if it is not running and will not boot normally?When should you access the Repair Your Computer option?When should you boot your computer into safe mode?In which situations will the Last Known Good Configuration option be useful?Why would it be useful to enable the Disable automatic restart on system failure option?Video/DemoTime3.4.1 BCD Store Overview 1:273.4.2 Configuring the BCD Store 7:55Total9:22Number of Exam Questions4 questionsTotal TimeAbout 20 minutes Section 4.1: DHCP Overview SummaryThis section provides an overview of DHCP. Concepts covered include:Methods that clients use to obtain an address from a DHCP server:DHCP Discover (D)DHCP Offer (O)DHCP Request (R)DHCP ACK (A)DHCP Authorization requirementsDHCP Server authorization verificationConsiderations when installing and configuring a DHCP ServerDHCP console context-sensitive icons:Check mark in a green circleRed down arrowHorizontal white line inside a red circleExclamation sign inside a yellow triangleExclamation sign inside a blue circleStudents will learn how to:Install a DHCP server.Authorize a DHCP server.70-412 Exam Objectives:401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution.Implement DHCPv6Lecture Focus Questions: What are the steps a DHCP client uses to obtain an IP address from a DHCP server?What permissions do you need to authorize a DHCP server?When is authorization not required for a DHCP server?What happens when a DHCP server's IP address is not found in Active Directory?How would you set up a DHCP Administrator so that the administrator has rights on all DHCP servers in the domain?In the DHCP console, you notice that the DHCP server icon has a red down arrow beside it. What is the status of the DHCP server?Video/DemoTime4.1.1 DHCP Overview1:424.1.2 Installing and Authorizing DHCP Server1:49Total3:31Number of Exam Questions5 questionsTotal TimeAbout 10 minutesSection 4.2: DHCP Scopes SummaryThis section provides details of using DHCP scopes. Concepts covered include:Working with DHCP scopesDHCP options:Server optionsScope optionsClass optionsClient optionsCommon options include:003 Router006 DNS Servers015 DNS Domain NameConsiderations when working with DHCP optionsKey components of DHCP policies:ConditionsSettingsThe role of a superscopeOptions for a DHCP server to service a subnet separated with a router:1542 compliant routerDHCP relay agentStudents will learn how to:Create and activate DHCP scopes.Create a multicast scope.Create and configure a superscope.70-412 Exam Objectives:401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution.Create and configure superscopes and multicast scopesConfigure DNS registrationLecture Focus Questions: What are the four levels of DHCP IP configuration options and what is the purpose of each?In what order are DHCP options applied?Which option values take precedence: those delivered through DHCP or those configured manually on the client?How can you change the subnet mask in an existing scope?When should you use reservations for a DHCP client?When would you use a DHCP policy?When might you use a superscope?Video/DemoTime4.2.1 DHCP Scopes 7:334.2.2 Creating IPv4 Scopes14:22Total21:55Lab/ActivityCreate a SuperscopeNumber of Exam Questions11 questionsTotal TimeAbout 45 minutesSection 4.3: DHCP and IPv6SummaryThis section provides the basic information about the structure of IPv6 and using DHCP in an IPv6 ponents of a IPv6 address:FormatLeading zerosPrefix and interface IDConsiderations when using Ipv6Comparison of IPv4 address types with IPv4 address typesThe process to configure the IPv6 Address assignmentAddress types of an autoconfigured IPv6 address:TentativeValid:PreferredDeprecatedInvalidThe role of DHCP in an IPv6 environmentDHCPv6 broadcasts:Solicit Packet (S)Advertise Packet (A)Request Packet (R)Reply Packet (R)Configuring a DHCP server for IPv6Students will learn how to:Create an IPv6 scope. Configure DHCPv6 scope options. Server Pro: Advanced Services Exam Objectives:4.0 Advanced DHCP and DNS Configuration. Configure DHCP to support IPv6 70-412 Exam Objectives:401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution. Implement DHCPv6 Lecture Focus Questions: How does IPv6 differ from IPv4?What is the purpose of a neighbor solicitation?If the M and O flags in the router advertisement (RA) message are set to 1, what type of configuration method should you use?What options do you have for dealing with zeros (0s) in an IPv6 address?How is autoconfiguration in IPv6 improved over autoconfiguration in IPv4?What does a multicast address indicate?Video/DemoTime4.3.1 IPv6 Overview3:594.3.2 Implementing IPv61:39Total5:38Lab/ActivityConfigure an IPv6 ScopeNumber of Exam Questions9 questionsTotal TimeAbout 25 minutesSection 4.4: DHCP High AvailabilitySummaryThis section discusses the following DHCP high availability features available on Windows Server 2012.Split scopesFailoverName ProtectionStudents will learn how to:Create and configure a split scope Configure a DHCP failover Server Pro: Advanced Services Exam Objectives:4.0 Advanced DHCP and DNS Configuration. Configure split DHCP scopes Configure DHCP failover 70-412 Exam Objectives:401 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution. Configure high availability for DHCP including DHCP failover and split scopes Configure DHCP Name Protection Lecture Focus Questions: What is a split scope? How do you create a split scope? When configuring a split scope, how can you help to ensure that the preferred server is accepted by the client computer? How does DHCP implement name protection? In which two ways can you implement DHCP failover? Video/DemoTime 4.4.1 DHCP High Availability 4:594.4.2 DHCP Split Scopes 4:114.4.4 DHCP Failover 6:184.4.7 DHCP Name Protection 1:35Total17:03Lab/ActivityConfigure a Split ScopeConfigure DHCP Failover 1Configure DHCP Failover 2Number of Exam Questions3 questionsTotal TimeAbout 40 minutesSection 4.5: IPAM Overview SummaryThis section provides an overview of IP Address Management (IPAM). Details include:The role of IPAMKey IPAM specificationsPhases for the process of installing IPAM:Install the IPAM roleConnect to the IPAM serverProvision the IPAM serverConfigure server discoveryDiscover serversDefine managed serversGather data from managed serversFeatures that Windows Server 2012 R2 supportsStudents will learn how to:Manually configure IPAM.Configure IPAM using the IPAM Provisioning Wizard, a Group Policy based provisioning method.Configure server discovery to discover domain controllers, DHCP servers, DNS servers, and NPS servers, and automatically add them to the IPAM console.70-412 Exam Objectives:403 Deploy and manage IPAM.Configure IPAM manually or by using Group PolicyConfigure server discoveryMigrate to IPAMConfigure IPAM database storageLecture Focus Questions: What functions does the IP Address Management (IPAM) server perform?What is the IPAM server scope discovery range in Active Directory?Why should you not install IPAM on a DHCP server?What is IPAM provisioning?What are the steps for provisioning an IPAM server?What tasks must be performed before the Server Discovery task can work properly?How do you configure discovered servers as managed servers?Video/DemoTime4.5.1 IPAM Basics 4:384.5.2 Configuring IPAM Manually or Using GPO 9:564.5.3 IPAM on Server 2012 R2 11:01Total25:35Number of Exam Questions7 questionsTotal TimeAbout 35 minutesSection 4.6: IPAM Configuration SummaryIn this section students will learn about configuring IPAM. Concepts covered in this section include:IP Address information managed by IPAM is organized into the following hierarchy:IP address spaceIP address blocksIP address rangesIP address inventoryIPAM console provide the following options:DNS and DHCP serversDHCP scopesDNS zonesServer groupsStudents will learn how to:Manage IP block and ranges from the IPAM console.Use the IPAM console to manage DHCP and DNS servers.70-412 Exam Objectives:403 Deploy and manage IPAM.Create and manage IP blocks and rangesMonitor utilization of IP address spaceManage IPAM collectionsLecture Focus Questions: What is the hierarchical organization of IP address information managed by IPAM?How does the IP address inventory organize IP addresses?What information about DNS and DHCP servers does IPAM store?How do you view IP address ranges using the IPAM console?What DNS zone information can you view in IPAM?Video/DemoTime 4.6.1 IPAM Configuration 3:594.6.2 Managing IP Blocks and Ranges 15:01Total19:00Number of Exam Questions7 questionsTotal TimeAbout 30 minutes Section 4.7: IPAM Management SummaryThis section discusses the following key tasks of managing an IPAM server.Assign the appropriate right to the user.Allow the user to access the server remotely.Add the remote IPAM server to the server pool in Server Manager.Students will learn how to:Assign a user the rights to remotely act as an IPAM administrator. 70-412 Exam Objectives:403 Deploy and manage IPAM. Delegate IPAM administration Lecture Focus Questions: Which local group on the IPAM server should you assign a user to so that they will have the appropriate rights to manage an IPAM server? Which tasks must be completed to delegate to a user the ability to manage an IPAM server? If Group Policy provisioning was used to set up the IPAM server, what domain administrator privileges should a user have in order to indicate that servers in inventory are managed or not managed? Which group must a user be a member of in order to access the IPM server from a remote IPAM client? How can you allow a user to manage an IPAM server from a remote location? Video/DemoTime4.7.1 IPAM Management 0:504.7.2 Delegating IPAM Administration 2:41Total3:31Number of Exam Questions2 questionsTotal TimeAbout 5 minutes Section 5.1: DNS Security SummaryThis section discusses strategies for DNS security. The following details are covered:Goals for designing security for a DNS solutionStrategies to improve DNS security:Provide redundancy and automatic backup of DNS dataPrevent zone transfer except to specific serversPrevent unauthorized modification of zone data on secondary serversPrevent zone transfers except to domain controllersSecure zone transfer data while in transitPrevent unauthorized modification of dynamic DNS recordsSecure DNS data on the serversCryptographically sign DNS zone recordsLock records in the DNS cacheRandomize the port used for DNS queriesAudit DNS activitySecurity considerations for DNS servers available to Internet usersStudents will learn how to:Configure DNSSEC on a zone to secure data by signing DNS zones and records.Configure DNS socket pooling and cache locking to increase security for the DNS cache.Server Pro: Advanced Services Exam Objectives:4.0 Advanced DHCP and DNS Configuration.Protect zone data with DNSSEC70-412 Exam Objectives:402 Implement an advanced DNS solution.Configure security for DNS including DNSSEC, DNS Socket Pool, and cache lockingIsolate DNSSEC key management and storageLecture Focus Questions: What security goals should you set for your DNS solution?How can you limit zone transfer to specific servers?How can you limit zone transfer to specific domain controllers?What security issue is addressed by converting all zones to Active Directory-integrated and allowing only secure dynamic update?How does DNSSec make DNS zone records more secure?How do you randomize the port used for DNS queries?Video/DemoTime5.1.1 DNS Security 12:505.1.2 Configuring DNSSEC 10:215.1.3 Configuring DNS Socket Pooling 2:205.1.4 Configuring Cache Locking 1:19Total26:50Number of Exam Questions10 questionsTotal TimeAbout 40 minutes Section 5.2: Advanced DNS Settings SummaryThis section discusses using the DNS Manager to configure advanced DNS settings. DNS Manager tabs to configure DNS server properties:InterfacesForwardersRoot HintsDebug LoggingEvent LoggingMonitoringSecurityAdvancedWindows Server 2012 R2 enhanced zone level statistics:All StatisticsQuery StatisticsTransfer statisticsUpdate statisticsStudents will learn how to:Configure a server with DNS advanced settings.Server Pro: Advanced Services Exam Objectives:4.0 Advanced DHCP and DNS Configuration.Configure advanced DNS server settings70-412 Exam Objectives:402. Implement an advanced DNS solution.Configure DNS loggingConfigure delegated administrationConfigure recursionConfigure netmask orderingAnalyze zone level statisticsLecture Focus Questions: What information do you enter on the Forwarders tab of DNS Manager?When are root name servers used to resolve DNS queries?Which DNS Manager feature would you use to gather data about the type of traffic being sent to your system?What advanced DNS Manager feature prevents corrupted zone data from being loaded into DNS?How does the Secure cache against pollution feature keep the DNS cache accurate and streamlined?Video/DemoTime5.2.1 Configuring Advanced DNS Settings 4:335.2.2 Using DNS Zone Statistics 2:46Total 7:19Lab/ActivityConfigure DNS Advanced SettingsNumber of Exam Questions8 questionsTotal TimeAbout 20 minutes Section 5.3: GlobalNames Zones SummaryThis section covers using GlobalNames zone on the DNS server that is used for single-label name resolution.The role of GlobalNames zoneConsiderations for managing the GlobalNames zoneStudents will learn how to:Create a GlobalNames zone. Server Pro: Advanced Services Exam Objectives:4.0 Advanced DHCP and DNS Configuration. Configure a GlobalNames zone 70-412 Exam Objectives:402. Implement an advanced DNS solution. Configure a GlobalNames zone Lecture Focus Questions: In addition to supporting single-label name resolution, what are other features of a GlobalNames zone? What are the steps for configuring a GlobalNames zone? How can you extend the GlobalNames zone to multiple forests? What is the server operating system requirement for authoritative DNS servers when you implement the GlobalName zone? What changes are required for client machines when you implement the GlobalNames zone? Video/DemoTime5.3.1 GlobalNames Zones 2:035.3.2 Creating a GlobalNames Zones 2:38Total4:41Lab/ActivityConfigure a GlobalNames ZoneNumber of Exam Questions5 questionsTotal TimeAbout 15 minutes Section 6.1: Virtual Machine Management SummaryThis section examines managing virtual machines. Concepts covered include:Methods to move an entire virtual machine along with the virtual hard disks:Export/ImportManualCloning an existing virtual domain controllerSystem prerequisites before cloning a virtual domain controller:Supported HypervisorsSupported Guest Operating SystemsPDC EmulatorThe process for cloning a virtual domain controllerStudents will learn how to:Export and import virtual machines.Clone domain controllers to quickly provide new domain controllers.70-412 Exam Objectives:104 Manage Virtual Machine (VM) movement.Import, export, and copy VMsMigrate from other platforms (P2V and V2V)303 Configure site-level fault tolerance.Configure Hyper-V Replica including Hyper-V Replica Broker and VMsLecture Focus Questions: What options do you have for moving an entire virtual machine, including virtual disks?How can an exported snapshot of a virtual machine be used?Why is it useful to use the Copy on Import feature of Hyper-V?What are the steps for manually moving a virtual machine?How are domain controllers cloned?What system prerequisites must be met before cloning a virtual domain controller?What should you do if the New-ADDCCLoneConfigFile cmdlet found incompatible applications on the source domain controller?Video/DemoTime6.1.1 Migrate Virtual Machines from Other Platforms 1:156.1.2 Virtual Machine Management 2:306.1.3 Managing Virtual Machines 7:10Total10:55Number of Exam Questions12 questionsTotal TimeAbout 30 minutes Section 6.2: Hyper-V High AvailabilitySummaryThis section examines Hyper-V high availability. Concepts covered include:The role of Hyper-V ReplicationInitial replicationReplication frequencyPlanned failoverReverse replicationUnplanned failoverPrerequisites for deploying Hyper-V Replica:Physical locationNetworkStorage hardwareServerDomain membershipEncryptionTasks to implement Hyper-V Replica:Configure the replica server to accept replicationEnable virtual machine replicationMonitor replicationFailover options available once a virtual machine has been protected with Hyper-V Replica:Test failoverPlanned failoverUnplanned failoverStudents will learn how to:Configure Hyper-V replicas for failover.Server Pro: Advanced Services Exam Objectives:5.0 High Availability Implementation. Enable virtual machine replication70-412 Exam Objectives:303 Configure site-level fault tolerance.Configure Hyper-V Replica including Hyper-V Replica Broker and VMsLecture Focus Questions: What prerequisites must be met before deploying a Hyper-V Replica?In which two ways can you complete the initial replication process?What steps do you take to perform a planned failover?When you perform a planned failover, how can you make sure that changes made to the replica virtual machine are copied back to the primary virtual machine when it is brought back online?How can you monitor replication?What steps do you take to perform an unplanned failover?Video/DemoTime6.2.1 Hyper-V Replicas 1:386.2.2 Configuring Hyper-V Replicas and VMs12:30Total14:08Lab/ActivityConfigure Hyper-V ReplicasNumber of Exam Questions6 questionsTotal TimeAbout 30 minutes Section 7.1: Network Load Balancing SummaryThis section discusses using Network Load Balancing to achieve optimal resource utilization. Concepts covered include:The role of Load BalancingHow servers operate using NLBCluster operating modes:UnicastMulticastPrerequisites prior to installing and configuring Network Load Balancing (NLB):Install servicesConfigure networkingTasks to create an NLB cluster:Configure cluster DNS recordsInstall the NLB featureSynchronize contentConfigure cluster membersNLB configuration factsStudents will learn how to:Prepare a system for Network Load Balancing.Install Network Load Balancing nodes.Server Pro: Advanced Services Exam Objectives:5.0 High Availability Implementation. Implement network load balancing70-412 Exam Objectives:101 Configure Network Load Balancing (NLB).Install NLB nodesConfigure NLB prerequisitesConfigure cluster operation modeLecture Focus Questions: What are the characteristics of NLB cluster members?What mechanism do cluster members use to communicate consistent information about cluster membership?In unicast mode, how are MAC addresses used by cluster members?How does communication between cluster members take place when multicast mode is implemented?What are the prerequisites for installing and configuring a Network Load Balancing cluster?What are the steps for creating an NLB cluster?If you add a new host to a cluster, when does the new host to come online?Video/DemoTime7.1.1 Network Load Balancing Overview 3:537.1.2 Configuring NLB Prerequisites and Installing NLB Nodes 7:30Total11:23Number of Exam Questions4 questionsTotal TimeAbout 20 minutes Section 7.2: Network Load Balancing Management SummaryThis section discusses management of Network Load Balancing. Details covered include:Port rulesConsiderations when configuring port rulesCluster status options for the Network Load Balancing Manger console or Nlb.exe to manage the status of the NLB cluster:SuspendResumeStartStopDrainstopStudents will learn how to:Create and configure an Network Load Balancing cluster.Define the port rules and cluster parameters for a NLB cluster.70-412 Exam Objectives:101 Configure Network Load Balancing (NLB).Configure affinityConfigure port rulesUpgrade an NLB clusterLecture Focus Questions: How do port rules control how an NLB cluster functions?What is the client affinity setting?How can you ensure that requests from clients on a specific subnet always connect to a specific cluster host?What happens when you add a host to a cluster that has different port rules?What tasks do you perform to implement a load balancing cluster?What happens to traffic processing after you use the drainstop option?Video/DemoTime7.2.1 Network Load Balancing Management 5:197.2.2 Managing Network Load Balancing 4:45Total 10:04Lab/ActivityConfigure an NLB Cluster 1Configure an NLB Cluster 2Number of Exam Questions12 questionsTotal TimeAbout 35 minutes Section 7.3: Failover Clustering SummaryThis section examines using Failover Clustering to increase the availability and fault tolerance of network servers. Details covered include:The role of Failover ClusteringQuorum modes:Node MajorityNode and Disk MajorityNode and File Share MajorityNo Majority: Disk OnlyDynamic quorum managementCluster Shared VolumesNew key Failover Clustering features in Windows Server 2012:Cluster managementScale-out file server supportCluster-aware updatesVirtual machine monitoring and managementNew Failover Clustering features in Windows Server 2012 R2:CSV enhancementsGuest clusteringActive Directory-detached cluster supportPrerequisites before implementing Failover Clustering:HardwareSoftwareTasks to configure Failover Clustering:Configure shared storageAdd the Failover Clustering feature to the cluster membersValidate the cluster configurationCreate the failover clusterConfigure the quorumConfigure cluster storageImplementing a guest clusterStudents will learn how to:Install the Failover Cluster role on specified servers and create a failover cluster.Configure cluster storage.Validate the cluster storage using the Validate Cluster Wizard.Configure a cluster quorum.Configure a file share witness.Add cluster storage to a cluster and make the storage available to two servers.Server Pro: Advanced Services Exam Objectives:5.0 High Availability Implementation. Create a failover cluster70-412 Exam Objectives:102 Configure failover clustering. Configure QuorumConfigure cluster networkingConfigure cluster storageConfigure and optimize clustered shared volumesConfigure clusters without network names103 Manage failover clustering rolesConfigure role-specific settings including continuously available sharesConfigure guest clustering104. Manage virtual machine (VM) movement.Configure virtual machine network health protectionConfigure drain on shutdown303. Configure site-level fault tolerance.Configure Hyper-V Replica extended replicationConfigure Global Update ManagerLecture Focus Questions: How does Failover Clustering differ from Network Load Balancing?How does a single-instance application differ from a multiple-instance application?What are the four quorum modes and what method does each mode use to reach a consensus?Which quorum mode should be used if you have an even number of cluster hosts and why?Which quorum mode allows the cluster to continue operating even if only one cluster host is still available?How does dynamic quorum management for clusters in Windows Server 2012 differ from previous versions of Windows Server?What considerations must you keep in mind when deploying serial attached SCSI clustered storage configured with Storage Spaces?Why is it important to run the validation wizard before creating a failover cluster?Video/DemoTime7.3.1 Failover Clustering Overview 10:517.3.2 Creating a Failover Cluster 4:447.3.3 Configuring Cluster Storage 2:257.3.4 Failover Clusters on Server 2012 R2 19:597.3.5 Configuring Failover Clusters on Server 2012 R2 4:307.3.6 Configuring Guest Clusters 17:027.3.7 Deploying a No Name Cluster 5:47Total65:18Lab/ActivityCreate a Failover ClusterConfigure Cluster Quorum SettingsAdd Storage to a ClusterNumber of Exam Questions15 questionsTotal TimeAbout 100 minutes Section 7.4: Failover Cluster Management SummaryThis section discusses management of Failover Cluster. Details covered include:Types of networks a cluster can use:Cluster storageCluster node communicationClient connectionsHow to simulate a failure and test failover proceduresConsiderations when implementing a multi-site clusterCluster-Aware Updating (CAU)CAU terminology:Updating runUpdate coordinatorUpdating run profilesTasks to implement CAU:Install CAUVerify CAU requirements(Optional) Configure hosts for remote updatingDisable other automatic update mechanismsLaunch the CAU consoleRun the CAU Best Practices AnalyzerUsing the CAU consoleStudents will learn how to:Manage failover clusters.Manage a multi-site failover cluster.Implement cluster-aware updating.Rebuild a failed cluster.70-412 Exam Objectives:102 Configure failover clustering.Restore single node or cluster configurationImplement Cluster Aware UpdatingUpgrade a cluster303 Configure site-level fault tolerance.Configure multi-site clustering including network settings, Quorum, and failover settings.Recover a multi-site failover cluster402. Implement an advanced DNS solution.Isolate DNSSEC key management and storageLecture Focus Questions: What are some ways you can simulate a failure in order to test failover procedures?What are the three types of networking available with clusters?What is the advantage of locating the file share witness at a different location than a cluster node?In what two ways can you configure multi-site clustering? Which configuration would be more likely to experience failover latency?What are the steps to restore a failed cluster database from backup?How can you tune the heartbeat settings to optimize a multi-site cluster?Why can't you use DFS to replicate data in a multi-site cluster?What is Cluster-Aware Updating?Video/DemoTime7.4.1 Failover Cluster Configuration 9:007.4.2 Implementing Cluster-Aware Updating 2:527.4.3 Restoring Single-node or Cluster Configuration 1:19Total13:11Number of Exam Questions4 questionsTotal TimeAbout 25 minutes Section 7.5: Failover Clustered Role Management SummaryThis section discusses management of the Failover Clustered role. Details covered include:Task to install and configure cluster roles:Select clustered applicationsInstall clustered rolesConfigure clustered rolesStudents will learn how to:Manage failover cluster roles.Configure preferred owners to identify the preferred host.Configure policies to define what to do if a failure occurs.Server Pro: Advanced Services Exam Objectives:5.0 High Availability Implementation. Configure clustered roles70-412 Exam Objectives:103 Manage failover clustering roles.Configure role-specific settings including continuously available shares.Configure failover and preference settings.Lecture Focus Questions: What is a potential problem when running non-cluster-aware applications on a cluster?How do stateful applications differ from stateless applications?What is a scale-out file server? What type of storage does a scale-out file server require?What is the purpose of the preferred owners setting?What is failback? What types of failback are available for a clustered role?Video/DemoTime7.5.1 Configuring Failover and Preference Settings 6:10Lab/ActivityAdd a Failover Cluster RoleConfigure Failover and Preference SettingsNumber of Exam Questions8 questionsTotal TimeAbout 25 minutes Section 7.6: Failover Cluster with Hyper-V SummaryThis section discusses using Failover Clustering to increase the availability of Hyper-V virtual machines. Details include: Tasks to implement a virtual machine within a cluster:Install the clusterImplement CSVCreate the virtual machine and install the guest operating systemWindows Server 2012 features to manage the availability of clustered Hyper-V virtual machines:ReplicationStorage migrationQuick migrationLive migrationVirtual machine monitoringStudents will learn how to:Migrate a virtual machine and all of its storage to a Hyper-V host server.Server Pro: Advanced Services Exam Objectives:2.0 Advanced Storage Management. Migrate virtual machine storage.70-412 Exam Objectives:103. Manage failover clustering roles.Configure VM monitoring104 Manage Virtual Machine (VM) movement. Perform live migration Perform quick migration Perform storage migration Lecture Focus Questions: How does Storage Migration differ from Quick Migration? What condition could cause an unplanned Live Migration to occur? What is the main difference between a Quick Migration and a Live Migration? Video/DemoTime7.6.1 Virtual Machine Monitoring and Migrations 4:377.6.2 Configuring Virtual Machine Monitoring 3:067.6.3 Migrating Virtual Machines11:35Total19:18Lab/ActivityMigrate Virtual Machine StorageMigrate a Virtual MachineNumber of Exam Questions6 questionsTotal TimeAbout 35 minutes Section 8.1: Active Directory Certificate Services Overview SummaryThis section provides an overview of Active Directory Certificate Services. Details covered include:Terms with encryption and certificates:Cipher or algorithmKeyCertificateEncryption methods:Symmetric encryptionAsymmetric Encryption (PKI)Certification Authorities (CA)Certification hierarchyRole services to choose from when installing Active Directory Certificate Services (AD CS):Certification AuthorityCertification Authority Web EnrollmentOnline ResponderNetwork Device Enrollment Service (NDES)Certificate Enrollment Web ServiceCertificate Enrollment Policy Web ServiceFeatures available through Active Directory Certificate Services:Certificate templatesAutoenrollmentWeb enrollmentCredential roamingCertificate enrollment across forests (cross-certification)High-volume CA supportFacts about CA installationStudents will learn how to:Install an Enterprise Certificate Authority (CA).Server Pro: Advanced Services Exam Objectives:6.0 File Certificate Management. Configure a private certification authority70-412 Exam Objectives:602?Install and configure Active Directory Certificate Services (AD CS). Install an Enterprise Certificate Authority (CA)Lecture Focus Questions: What is the difference between symmetric and asymmetric encryption?How do certificates prove identity?What kinds of information do certificates hold?What is the relationship of a CA to a PKI?How can you ensure that users outside your organization trust your certificate?What are the advantages of using an enterprise CA over a standalone CA?How does an enterprise root differ from an enterprise subordinate?Which server role should you add to make a server a CA that can issue certificates to other CAs, users, and computers?What features does the Online Responder service provide?What is credential roaming?Video/DemoTime8.1.1 Overview of Certificates11:218.1.2 Overview of Certificate Services 9:178.1.3 Installing an Enterprise AD CS 5:42Total26:20Number of Exam Questions7 questionsTotal TimeAbout 40 minutes Section 8.2: Certificate Management SummaryThis section discusses the following concepts of management of certificates: Using certutil command options:-Verify-VerifyStore-VerifyKeys-RecoverKey-oidMethods for requesting a certificate:Web Enrollment PagesCertificate Request Wizard through the Certificates snap-inAutoenrollmentCommand lineFacts about certificate requestsStudents will learn how to:Manage certificates such as requesting a user certificate and approving pending certificates.Revoke a certificate.Server Pro: Advanced Services Exam Objectives:6.0 File Certificate Management.Issue certificates70-412 Exam Objectives:603 Install and configure Active Directory Certificate Services (AD CS).Manage certificate renewalImplement and manage certificate deployment, validation, and revocationManage certificate enrollment and renewal to computers and users using Group PoliciesLecture Focus Questions: Which certutil command option would you use to verify a key set?What functions does the Certification Authority Web Enrollment role service provide?How does an Enterprise CA process a certificate request differently from a stand-alone CA?What command would you enter at the command line to accept and install a certificate?What is the process for requesting a certificate from an offline CA?Video/DemoTime8.2.1 Managing Certificates3:22Lab/ActivityManage CertificatesNumber of Exam Questions12 questionsTotal TimeAbout 25 minutes Section 8.3: Certificate Revocation SummaryThis section discusses certificate revocation. Details covered include:Situations in which a digital certificate would be revokedFacts about certificate revocation:The process used by a client to retrieve the certificate status informationThe process to configure the online responder:Install the Online Responder role serviceConfigure the OCSP Response Signing certificateConfigure each CA to issue the OCSP Response Signing templateConfigure each CA to include the online responderConfigure revocation configurations on the online responderConsiderations when configuring the online responderAdditional features that can be configured for the Revocation Configuration on an online responder:Nonce/no-nonce request supportAdvanced cryptographyKerberos protocol integrationConsiderations when configuring a single CA with multiple online respondersStudents will learn how to:Configure a CRL Distribution Point.Configure an Online Responder.Manage certificate revocation.Server Pro: Advanced Services Exam Objectives:6.0 File Certificate Management. Revoke certificates70-412 Exam Objectives:602 Install and configure Active Directory Certificate Services (AD CS). Configure CRL distribution pointsInstall and configure Online Responder603 Manage certificates.Implement and manage certificate deployment, validation, and revocationLecture Focus Questions: In what situations would a certificate be revoked?If a revoked certificate might be reinstated, what reason for revocation should you use?How do you specify CRL Distribution Points?When would you publish a delta CRL?What are the advantages to using an Online Responder to verify certificate status?What two options do you have for obtaining the OCSP Response Signing Certificate?Why is it necessary to configure CRLs and CDPs when you use an Online Responder?Video/DemoTime8.3.1 Certificate Revocation 5:078.3.2 Configuring a CRL Distribution Point 2:298.3.3 Configuring an Online Responder 3:36Total11:12Lab/ActivityManage Certificate RevocationNumber of Exam Questions6 questionsTotal TimeAbout 30 minutes Section 8.4: Certificate Templates SummaryThis section discusses using certificate templates. Details include: The role of certificate templatesConsiderations when managing certificate templatesCertificate template permissions:Full ControlReadWriteEnrollAutoenrollConsiderations when managing certificate template permissionsSchema version 1, 2, and 3 templatesSettings that can be modified for schema version 2 and 3 templates:Validity PeriodPublish in Active DirectoryKey PurposeCryptographic Service Provider (CSP)Subject NameIssuance RequirementExtensionsStudents will learn how to:Manage and modify certificate templates.Create and issue a certificate template.Server Pro: Advanced Services Exam Objectives:6.0 File Certificate Management.Manage certificate templates70-412 Exam Objectives:603 Install and configure Active Directory Certificate Services (AD CS).Manage certificate templatesImplement and manage certificate deployment, validation, and revocationLecture Focus Questions: What are the purpose and the benefits of a certificate template?What is best practice for maintaining the integrity of default templates?How do you control which templates a CA can issue?How are certificate templates replicated?Which permissions does an administrator need to set and modify certificate template contents and permissions?Video/DemoTime8.4.1 Certificate Templates 4:248.4.2 Using Certificate Templates 9:40Total14:04Lab/ActivityModify Certificate Templates 1Modify Certificate Templates 2Number of Exam Questions6 questionsTotal TimeAbout 35 minutes Section 8.5: Certificate Autoenrollment SummaryIn this section students will learn about certificate autoenrollment. Details include:The role of autoenrollmentSteps to configure autoenrollmentStudents will learn how to:Configure the templates for autoenrollment.Enable certificate autoenrollment for users and computers.Create certificates for smart cards and require smart cards for logon.Server Pro: Advanced Services Exam Objectives:6.0 File Certificate Management.Enable autoenrollment70-412 Exam Objectives:603 Manage certificates. Manage certificate renewalManage certificate enrollment and renewal to computers and users using Group PoliciesLecture Focus Questions: Which three autoenroll settings require user intervention when selected?In addition to allowing certificates to be requested, issued, or renewed, which other management tasks does autoenrollment perform?Which template version(s) is required for autoenrollment?When automatic renewal is enabled, how can you force users to re-enroll for a certificate template?When configuring autoenrollment, which permissions should you grant to users or computers to allow autoenrollment?Video/DemoTime8.5.1 Certificate Autoenrollment 0:498.5.2 Configuring Certificate Autoenrollment 2:49Total 3:38Lab/ActivityConfigure Templates for AutoenrollmentEnable Autoenrollment for the DomainCreate Certificates for Smart CardsRequire Smart Cards for LogonNumber of Exam Questions5 questionsTotal TimeAbout 30 minutes Section 8.6: Key Archival and Recovery SummaryThis section examines key archival and recovery. Details in this section include:Methods to back up private keysKey archivalSteps to configure key archivalRecovering a lost keyStudents will learn how to:Create and publish the key recovery agent to the CA.Configure a CA for key archival.Recover a key.Server Pro: Advanced Services Exam Objectives:6.0 File Certificate Management. Issue certificates70-412 Exam Objectives:603 Manage certificates. Configure and manage key archival and recoveryLecture Focus Questions: In order for a user's private key to be backed up, what action must the user take? Which permission does this action require?What is key archival? What steps are involved in key archival?What function does a Key Recovery Agent perform?What are the template requirements for key archival?What are the steps for recovering a lost key?Video/DemoTime8.6.1 Key Archival and Recovery 3:038.6.2 Creating and Managing Key Recovery Agents 3:498.6.3 Configuring a CA for Key Archival 4:478.6.4 Recovering a Key 3:49Total 15:28Number of Exam Questions7 questionsTotal TimeAbout 25 minutes Section 8.7: Certificate Authority (CA) Management SummaryThis section examines the following about managing the Certificate Authority:Permissions that control the ability to manage the CA:ReadIssue and Manage CertificatesManage CARequest CertificatesEnabling administrative role separationTasks that can be performed through Certification Authority snap-in or the certutil.exe command line utility:Certificate Management DelegationEnrollment Agent DelegationKey ArchivalCertificate Request HandlingAuditingStudents will learn how to:Configure security roles on the CA; the enrollment agent, certificate manager, and the CA manager.Restrict the security role of an enrollment agent or a certificate manager to a particular template.Configure administrative role separation to not allow a user to have multiple roles assigned.70-412 Exam Objectives:602 Manage certificates. Implement administrative role separationLecture Focus Questions: Which permission(s) do you need to access and modify CA properties?What is administrative role separation? What implication does it have for assigning permissions for certificate management?How do you control the certificates that a manager can manage?How can you monitor changes to the CA configuration? Which Group Policy setting must you enable to do this?What are the steps in key archival?Video/DemoTime8.7.1 Managing the CA 3:508.7.2 Configuring Security Roles on the CA 2:028.7.3 Limiting Security Roles on the CA 3:288.7.2 Configuring Administrative Role Separation 1:36Total 10:56Number of Exam Questions6 questionsTotal TimeAbout 20 minutes Section 8.8: CA Backup and Recovery SummaryThis section covers methods to back up and restore a CA. Details include:System State BackupCertification Authority Console backupBackup and restore using certutil.exeSteps to move a CA from one server to anotherStudents will learn how to:Use the certutil command to backup and recover CA files.70-412 Exam Objectives:602 Install and configure Active Directory Certificate Services (AD CS). Configure CA backup and recoveryLecture Focus Questions: Which components of a CA does a system state backup back up?How does a Certification Authority Console backup differ from a system state backup?When you move a CA from one server to another, which items might need to be reconfigured?Which options would you use with the certutil command to back up only the CA database and the keys and certificates?Video/DemoTime8.8.1 CA Backup and Recovery 0:518.8.2 CA Backup and Recovery 2:26Total3:17Number of Exam Questions8 questionsTotal TimeAbout 15 minutes Section 9.1: AD RMS Overview SummaryThis section provides an overview of AD RMS. Concepts covered include:Usage policiesTemplatesLicenses:Client licensePublishing licenseUse licenseComponents of an AD RMS system:AD RMS serverDatabase serverAD DSAD RMS-enabled applicationAD RMS clientAD RMS Add-on for IEActive Directory Federation Services (AD FS)AD RMS trust policiesAD RMS supports the following trust hierarchies:ISV hierarchyProduction hierarchyAdd AD RMS domains to a list of trusted user domains in an AD RMS clusterAD RMS consists of the following services:Logging servicesWeb servicesServer Pro: Advanced Services Exam Objectives:7.0 Digital Rights Management.Configure AD RMS policiesConfigure trusted user domains70-412 Exam Objectives:604 Install and configure Active Directory Rights Management Services (AD RMS).Manage trusted user domainsLecture Focus Questions: How do usage policies help safeguard digital information from intentional or unintentional misuse?How are usage policy templates used by administrators in implementing AD RMS?How does a client license differ from a use license?How are protected documents created?What RMS related functions do RMS-enabled applications perform?Video/DemoTime9.1.1 AD RMS Overview 5:49Number of Exam Questions3 questionsTotal TimeAbout 10 minutes Section 9.2: AD RMS Installation SummaryThis section discusses installing and configuring AD RMS. Concepts covered include:AD RMS hardware and software requirementsConfiguration choices to make during AD RMS installation:ClusterDatabase locationService accountCluster keyCluster addressService connection point (SCP)Considerations about AD RMS installationWindows PowerShell cmdlets modules for:AD RMS deploymentAD RMS administrationKey tasks for AD RMS backup and recovery:Secure the cluster key passwordExport the trusted publishing domainBack up the AD RMS databaseRestore the AD RMS databaseStudents will learn how to:Install and configure AD RMS.Configure the AD RMS Service Connection Point (SCP).Server Pro: Advanced Services Exam Objectives:7.0 Digital Rights Management.Configure trusted publishing domains70-412 Exam Objectives:604 Install and configure Active Directory Rights Management Services (AD RMS).Install a licensing or certificate AD RMS serverManage AD RMS Service Connection Point (SCP)Backup and restore AD RMSLecture Focus Questions: In addition to the AD RMS role, which Web services are required to install AD RMS?How does a root cluster differ from a licensing-only cluster?What advantages does a licensing-only cluster have in implementing AD RMS?What are the requirements for setting up the service account for AD RMS?Which tasks use the AD RMS administrator password?What should you consider when defining a cluster address?Video/DemoTime 9.2.1 AD RMS Installation 4:069.2.2 Installing AD RMS 10:599.2.3 Configuring AD RMS Backup and Recovery 6:409.2.4 Configuring the AD RMS Service Connection Point (SCP) 2:27Total24:12Number of Exam Questions9 questionsTotal TimeAbout 40 minutesSection 9.3: AD RMS Client Deployments SummaryThis section discusses considerations when working with AD RMS client deployments.Students will learn how to:Configure the client workstation to manage AD RMS client deployments.70-412 Exam Objectives:604 Install and configure Active Directory Rights Management Services.Manage AD RMS client deploymentLecture Focus Questions: Why it is necessary to add the URL of the AD RMS server to the Local Intranet zone of each AD RMS client workstation?In addition to Read and Change permissions, what options can be configured on a document or a message?How are restrictions within a document or message assigned?What are the software requirements for opening AD RMS protected documents?How can users determine the level of access they have to a document or message?Video/DemoTime 9.3.1 Managing AD RMS Client Deployments 10:02Number of Exam Questions7 questionsTotal TimeAbout 20 minutesSection 9.4: AD RMS TemplatesSummaryIn this section students will learn about using AD RMS templates. Concepts covered include:Rights policy templates:Distributed rights policy templatesArchived rights policy templatesExclusion policiesTasks to create a new distributed rights policy template:Add template identification informationAdd user rightsSpecify an expiration policySpecify extended policy conditionsSpecify a revocation policyBest practice guidelines when deploying rights policy templates with AD RMS clientCertificates or licenses that are used by AD RMS:Server Licensor Certificate (SLC)Rights Account Certificate (RAC)Client Licensor Certificate (CLC)Machine CertificatePublishing LicenseUse LicenseStudents will learn how to:Create custom templates that can be distributed to users.Configure a user exclusion policy that will restrict particular users from obtaining licenses from a specified cluster.Server Pro: Advanced Services Exam Objectives:7.0 Digital Rights Management.Manage AD RMS templates70-412 Exam Objectives:604 Install and configure Active Directory Rights Management Services.Manage RMS templatesConfigure Exclusion PoliciesLecture Focus Questions: How can administrators deploy rights policy templates to user computers so the templates are available for offline publishing?What is the purpose of archiving rights policy templates that are no longer being used for new documents?What are lockbox exclusion policies?How does the AD RMS client manage rights policy templates?What conditions can be used to configure an expiration policy?What is self-enrollment? How is it used in AD RMS?Video/DemoTime9.4.1 AD RMS Templates 1:529.4.2 Using AD RMS Templates 15:12Total17:04Lab/ActivityConfigure a Distributed Rights Policy TemplateConfigure a User ExclusionNumber of Exam Questions4 questionsTotal TimeAbout 25 minutes Section 10.1: AD FS Overview SummaryThis section provides an overview of Active Directory Federation Services (AD FS). Concepts covered include:The role of AD FSOrganizations that AD FS is designed forAD FS terms:Account partnerAD FS Web agentAD FS-enabled Web serverClaimClaims-aware applicationClaim mappingFederationFederation serversFederation trustOrganization claimResource partnerSecurity tokenSecurity Token Service (STS)Single Sign-On (SSO)Trust policyWindows token-basedLecture Focus Questions: What are the benefits of Active Directory Federated Services (AD FS)?You have users in a domain who need to access a Web application in a partner domain. Which domain is the account domain, and which is the resource domain?What is a claim? What type of information can be included in a claim?What is the difference between a claims-aware application and a token-based application?What is claim mapping?What is a trust policy?Video/DemoTime 10.1.1 AD FS Overview 4:04Number of Exam Questions3 questionsTotal TimeAbout 10 minutesSection 10.2: AD FS Certificates SummaryThis section provides details of using AD FS certificates. AD FS requires each server have a certificate that is used for SSL communicationsTasks to configure AD FS server relationships:Issuance an SSL certificate to the root CAs in both forestsExport both root CAs’ certificatesEnroll the SSL certificates on the AD FS serversConfigure each serer to trust its own root CAConfigure each AD FS server to trust the root CAs from the other forestStudents will learn how to:Enroll SSL certificates on AD FS servers.Configure an AD FS server to trust its own root CAs.Configure an AD FS server to trust the root CA from another forest.70-412 Exam Objectives:601 Implement Active Directory Federation Services 2.1 (AD FSv2.1).Manage AD FS certificatesLecture Focus Questions: What trust relationships must be configured for AD FS servers?How do you configure an AD FS server to trust the root CA from another forest?Which parameters do you configure when using the Certificate Enrollment wizard to request an SSL certificate?When exporting root CA certificates, which parameters should you use?Video/DemoTime10.2.1 AD FS Certificates 1:3310.2.2 Managing AD FS Certificates11:35Total13:08Number of Exam Questions3 questionsTotal TimeAbout 15 minutesSection 10.3: Resource PartnerSummaryThis section provides information about configuring the resource partner. Concepts covered include:Role services that can be installed during the installation of AD FS:Federation ServiceFederation Service ProxyClaims-aware AgentWindows Token-based AgentTasks to install AD FS:Create SSL certificatesCreate a group managed service accountInstall the AD FS role\Run the AD FS Federation Server Configuration WizardThe role of the resource partnerThe role of federation serversThe role of the AD FS Management snap-inTasks to create a claims provider trust on the resource partner:Start the Add Claims Provider Trust WizardSpecify the data sourceConfigure a display nameEdit claim rulesWindows Server 2012 R2: AD FS can use multi-factor authentication (MFA)Default AD FS authentication primary methods to validate users’ identities:Forms AuthenticationWindows AuthenticationThe process to configure MFAWorkplace joinConsiderations when applying an authentication policy as a global scopeStudents will learn how to:Configure the AD FS server on the resource partner.70-412 Exam Objectives:601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). Install AD FSConfigure authentication policiesConfigure multi-factor authenticationConfigure Workplace JoinLecture Focus Questions: What is the role of the resource partner in AD FS?When adding a claims provider, what are the preferred ways to obtain data about the claims provider?What is the function of the claims-aware agent?How does the Windows token-based agent allow Windows token-based applications to work with AD FS?What is the function of acceptance transform rules? Where are they configured?Video/DemoTime 10.3.1 Resource Partner 5:0810.3.2 Configuring the Resource Partner20:3810.3.6 Configuring Multi-factor Authentication 5:4810.3.7 Configuring Workplace Join19:15Total50:49Number of Exam Questions7 questionsTotal TimeAbout 65 minutesSection 10.4: Accounts PartnerSummaryThis section discusses configuring the accounts partner. Concepts covered include:The role of account partnerThe role of Federation serversUsing the AD FS Management snap-inTasks to create a relying party trust on the account partner:Start the Add Relying Party Trust WizardSpecify the data sourceConfigure a display nameConfigure issuance authorization rulesEdit claim rulesStudents will learn how to:Create a relying party trust on the account partner.70-412 Exam Objectives:601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). Implement claims-based authentication including Relying Party TrustsLecture Focus Questions: How do federation servers in the account partner organization enable single sign-on capabilities to users?What are relying party trusts?In which locations are relying party trusts usually created?What functions does the account partner provide?What is the purpose of delegation authorization rules?Video/DemoTime10.4.1 Configuring the Accounts Partner8:21Number of Exam Questions6 questionsTotal TimeAbout 15 minutesSection 10.5: AD FS Proxies SummaryThis section discusses AD FS proxies. Details include:The role of the AD FS ProxyTasks to configure an AD FS Proxy server:Export the internal AD FS server certificateImport AD FS server certificateConfigure an SSL certificate on the default IIS web siteAdd an entry for the AD FS server to the hosts fileInstall the AD FS Proxy role serviceConfigure the AD FS ProxyConfigure the DNS recordsStudents will learn how to:Install an AD FS proxy server.Configure an AD FS proxy server.70-412 Exam Objectives:601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). Configure AD FS proxyLecture Focus Questions: What are the differences between the Federation Service and Federation Service Proxy?How can an AD FS Proxy provide protection for your network?How does DNS perform resolution when an AD FS proxy resides in a DMZ?What information does the AD FS proxy server store?For what purposes does AD FS proxy use WE-Federation Passive Requestor Profile (WS-F PRP) protocols?Video/DemoTime10.5.1 AD FS Proxies 1:4810.5.2 Configuring AD FS Proxies 9:00Total10:48Number of Exam Questions5 questionsTotal TimeAbout 20 minutesSection 10.6: AD FS and Cloud Services SummaryIn this section students will learn the following facts about integrating AD FS and cloud services.Install prerequisite softwareInstall Windows Azure Pack for Windows ServerConfigure the AD FS serverConfigure the Azure management portals to trust the AD FS serverConfigure the Azure tenant authentication site to trust the AD FS serverConfigure the AD FS server to trust the Azure management portals70-412 Exam Objectives:601 Implement Active Directory Federation Services 2.1 (AD FSv2.1). Integrate with Cloud ServicesLecture Focus Questions: What are the benefits of integrating AD FS with Cloud services?What Web Platform products must be installed before installing Windows Azure on a Windows Server?Which management portals must the AD FS host be configured to reach?Which transformation rules must be applied to the management portal for tenants?Video/DemoTime 10.6.1 AD FS and Cloud Services 1:25Number of Exam Questions5 questionsTotal TimeAbout 10 minutes Section 10.7: AD FS and AD RMS SummaryIn this section students will learn about options to select if the AD RMS system need to support users located in a different forest:Trusted user domainsTrusted publishing domainsAD RMS federated identity supportStudents will learn how to:Configure a trusted user domain.Configure a trusted publishing domain.Enable Federated Identity Support on an AD RMS server.70-412 Exam Objectives:604 Install and configure Active Directory Rights Management Services (AD RMS).Manage Federated Identity supportLecture Focus Questions: What is a possible ramification of failing to configure trusted email domains?What options do you have if the AD RMS system needs to support users located in a different forest?Which option for AD RMS support poses the greatest security risk?What are the advantages to using AD RMS Federated Identity support?Video/DemoTime10.7.1 AD FS and AD RMS 2:4910.7.2 Configuring Trusted User Domains 2:5110.7.4 Configuring Trusted Publishing Domains 3:1710.7.6 Managing Federated Identity Support 4:10Total13:07Lab/ActivityConfigure a Trusted User DomainConfigure a Trusted Publishing DomainNumber of Exam Questions5 questionsTotal TimeAbout 30 minutes Server Pro: Advanced Services Practice ExamsSummary This section provides information to help prepare students to take the Server Pro: Advanced Services certification exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 5-10 minutes (depending upon the complexity and their level of knowledge) to complete each simulation question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. Objective 1: Advanced Active Directory Configuration (10 simulation questions)Objective 2: Advanced Storage Management (4 simulation question)Objective 3: Server Data Protection (4 simulation questions)Objective 4: Advanced DHCP and DNS Configuration (7 simulation questions)Objective 5: High Availability Implementation (10 simulation questions)Objective 6: Certificate Management (8 simulation questions)Objective 7: Digital Rights Management (4 simulation questions)The Server Pro: Advanced Services Certification Practice Exam consists of 15 simulation questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. Microsoft 70-412 Practice ExamsSummary This section provides information to help prepare students to take the MS 70-412 exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. Objective 100. Configure and Manage High Availability (62 questions)Objective 200. Configure File and Storage Solutions (37 questions)Objective 300. Implement Business Continuity and Disaster Recovery (39 questions)Objective 400. Configure Network Services (67 questions)Objective 500. Configure the Active Directory Infrastructure (60 questions)Objective 600. Configure Identity and Access Solutions (112 questions)The Microsoft 70-412 Certification Practice Exam consists of 60 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 2 hours. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. Appendix A: Approximate Time for the CourseThe total time for the LabSim Server Pro: Advanced Services course is approximately 40 hours and 10 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements:Video/demo timesApproximate time to read the text lesson (the length of each text lesson is taken into consideration)Simulations (5 minutes assigned per simulation, of course many students may take longer depending upon their knowledge level and experience) Questions (1 minute per question)The breakdown for this course is as follows:ModuleSectionsTimeMinuteHR:MM?????1.0 Active Directory Infrastructure????1.1 Multi-Domain Forests50??1.2 Cross-Forest Trusts50?1.3 External, Shortcut and Realm Trusts20??1.4 Sites Overview30?1.5 Managing Sites40??1.6 Managing Replication60?1.7 Read-Only Domain Controllers (RODCs)35??1.8 RODC Management353205:20?????2.0 File and Storage Solutions????2.1 Network File System (NFS)25??2.2 BranchCache25?2.3 Dynamic Access Control (DAC)55??2.4 DAC Management20?2.5 Advanced Storage35??2.6 Storage Optimization452053:25?????3.0 Disaster Recovery????3.1 Windows Server Backup35??3.2 Restore from Backup15?3.3 Volume Shadow Copies35??3.4 Boot Configuration Data (BCD) Store201051:45?????4.0 Advanced DHCP????4.1 DHCP Overview10??4.2 DHCP Scopes45?4.3 DHCP and IPv625??4.4 DHCP High Availability40?4.5 IPAM Overview35??4.6 IPAM Configuration30?4.7 IPAM Management51903:105.0 Advanced DNS????5.1 DNS Security40??5.2 Advanced DNS Settings20?5.3 GlobalNames Zones15751:156.0 Hyper-V????6.1 Virtual Machine Management30??6.2 Hyper-V High Availability30601:00?????7.0 High Availability????7.1 Network Load Balancing20??7.2 Network Load Balancing Management35?7.3 Failover Clustering100??7.4 Failover Cluster Management25?7.5 Failover Clustered Role Management25??7.6 Failover Cluster with Hyper-V352404:00?????8.0 Active Directory Certificate Services????8.1 Active Directory Certificate Services Overview40??8.2 Certificate Management25?8.3 Certificate Revocation30??8.4 Certificate Templates35?8.5 Certificate Autoenrollment30??8.6 Key Archival and Recovery25?8.7 Certificate Authority (CA) Management20??8.8 CA Backup and Recovery152203:40?????9.0 Active Directory Rights Management Services (AD RMS)???9.1 AD RMS Overview10??9.2 AD RMS Installation40?9.3 AD RMS Client Deployments20??9.4 AD RMS Templates25951:35?????10.0 Active Directory Federation Services (AD FS)????10.1 AD FS Overview10??10.2 AD FS Certificates15?10.3 Resource Partner65??10.4 Accounts Partner15?10.5 AD FS Proxies20??10.6 AD FS and Cloud Services10?10.7 AD FS and AD RMS301652:45Server Pro: Advanced Services Practice Exam????Obj. 1. Advanced Active Directory Configuration (10 simulation questions)50??Obj. 2. Advanced Storage Management (4 simulation questions)20?Obj. 3. Server Data Protection (4 simulation questions) 20??Obj. 4. Advanced DHCP and DNS Configuration (7 simulation questions)35?Obj. 5. High Availability Implementation (10 simulation questions)50??Obj. 6. Certificate Management (8 simulation questions)40?Obj. 7. Digital Rights Management (4 simulation questions)20??Certification Practice Exam (15 questions)753105:10?????Microsoft 70-412 Practice Exams????Obj. 100. Configure and Manage High Availability (59 questions)59??Obj. 200. Configure File and Storage Solutions (35 questions)35?Obj. 300. Implement Business Continuity and Disaster Recovery (39 questions) 39??Obj. 400. Configure Network Services (63 questions)63?Obj. 500. Configure the Active Directory Infrastructure (60 questions)60??Obj. 600. Configure Identity and Access Solutions (109 questions)109?Certification Practice Exam (60 questions)604257:05??Total Time241040:10Appendix B: Exam 70-412: Configuring Advanced Windows Server 2012 Services ObjectivesThe Windows Exam 70-412: Configuring Advanced Windows Server 2012 Services certification exam covers the following objectives. In the spread sheet below, the column to the right lists the sections where the information is located in the course:#ObjectiveModule.Section100Configure and Manage High Availability (17 percent)101Configure Network Load Balancing (NLB)This objective may include but is not limited to: Install NLB nodesConfigure NLB prerequisitesConfigure affinityConfigure port rulesConfigure cluster operation modeUpgrade an NLB cluster7.1, 7.2102Configure failover clusteringThis objective may include but is not limited to: Configure QuorumConfigure cluster networkingRestore single node or cluster configurationConfigure cluster storageImplement Cluster Aware UpdatingUpgrade a clusterConfigure and optimize clustered shared volumesConfigure clusters without network namesConfigure storage spaces2.6, 7.3, 7.4103Manage failover clustering rolesThis objective may include but is not limited to: Configure role-specific settings, including continuously available sharesConfigure virtual machine (VM) monitoringConfigure failover and preference settingsConfigure guest clustering7.3, 7.5, 7.6104Manage Virtual Machine (VM) movementThis objective may include but is not limited to: Perform live migrationPerform quick migrationPerform storage migrationImport, export, and copy VMsMigrate from other platforms (P2v and V2V)Configure VM network health protectionConfigure drain on shutdown6.1, 7.3, 7.6200Configure File and Storage Solutions (16 percent)201Configure advanced file servicesThis objective may include but is not limited to: Configure NFS data storeConfigure BranchCacheConfigure File Classification Infrastructure (FCI) using File Server Resource Manager (FSRM)Configure file access auditing2.1, 2.2, 2.3, 2.4202Implement Dynamic Access Control (DAC)This objective may include but is not limited to: Configure user and device claim typesImplement policy changes and stagingPerform access-denied remediationConfigure file classificationCreate and configure Central Access rules and policiesCreate and configure resource properties and lists2.3, 2.4203Configure and optimize storageThis objective may include but is not limited to: Configure iSCSI Target and InitiatorConfigure Internet Storage Name server (iSNS)Implement thin provisioning and trimManage server free space using Features on DemandConfigure tiered storage2.5, 2.6300Implement Business Continuity and Disaster Recovery (16 percent)301Configure and manage backupsThis objective may include but is not limited to: Configure Windows Server backupsConfigure Windows Online backupsConfigure role-specific backupsManage VSS settings using VSSAdmin3.1, 3.3302Recover serversThis objective may include but is not limited to: Restore from backupsPerform a Bare Metal Restore (BMR)Recover servers using Windows Recovery Environment (Win RE) and safe modeApply System Restore snapshotsConfigure the Boot Configuration Data (BCD) store3.2, 3.4303Configure site-level fault toleranceThis objective may include but is not limited to: Configure Hyper-V Replica, including Hyper-V Replica Broker and VMsConfigure multi-site clustering, including network settings, Quorum, and failover settingsConfigure Hyper-V Replica extended replicationConfigure Global Update ManagerRecover a multi-site failover cluster6.1, 6.2, 7.3, 7.4400Configure Network Services (17 percent)401Implement an advanced Dynamic Host Configuration Protocol (DHCP) solutionThis objective may include but is not limited to: Create and configure superscopes and multicast scopesImplement DHCPv6Configure high availability for DHCP, including DHCP failover and split scopesConfigure DHCP Name ProtectionConfigure DNS registration4.1, 4.2, 4.3, 4.4402Implement an advanced DNS solutionThis objective may include but is not limited to: Configure security for DNS including Domain Name System Security Extensions (DNSSEC), DNS Socket Pool, and cache lockingConfigure DNS loggingConfigure delegated administrationConfigure recursionConfigure netmask orderingConfigure a GlobalNames zoneAnalyze zone level statisticsIsolate DNSSEC key management and storage.5.1, 5.2, 5.3403Deploy and manage IPAMThis objective may include but is not limited to: Provision IPAM manually or by using Group PolicyConfigure server discoveryCreate and manage IP blocks and rangesMonitor utilization of IP address spaceMigrate to IPAMDelegate IPAM administrationManage IPAM collectionsConfigure IPAM database storage4.5, 4.6, 4.7500Configure the Active Directory Infrastructure (18 percent)501Configure a forest or a domainThis objective may include but is not limited to: Implement multi-domain and multi-forest Active Directory environments including interoperability with previous versions of Active DirectoryUpgrade existing domains and forests including environment preparation and functional levelsConfigure multiple user principal name (UPN) suffixes1.1502Configure trustsThis objective may include but is not limited to: Configure external, forest, shortcut, and realm trustsConfigure trust authenticationConfigure SID filteringConfigure name suffix routing1.2, 1.3503Configure sitesThis objective may include but is not limited to: Configure sites and subnetsCreate and configure site linksManage site coverageManage registration of SRV recordsMove domain controllers between sites1.4, 1.5504Manage Active Directory and SYSVOL replicationThis objective may include but is not limited to: Configure replication to Read-Only Domain Controllers (RODCs)Configure Password Replication Policy (PRP) for RODCsMonitor and manage replicationUpgrade SYSVOL replication to Distributed File System Replication (DFSR)1.6, 1.7, 1.8600Configure Identity and Access Solutions (16 percent)601Implement Active Directory Federation Services 2.1 (AD FSv2.1)This objective may include but is not limited to: Install AD FSImplement claims-based authentication, including Relying Party TrustsConfigure authentication policiesConfigure Workplace JoinConfigure multi-factor authentication10.1, 10.2, 10.3, 10.4,10.5, 10.6602Install and configure Active Directory Certificate Services (AD CS)This objective may include but is not limited to: Install an Enterprise Certificate Authority (CA)Configure CRL distribution pointsInstall and configure Online ResponderImplement administrative role separationConfigure CA backup and recovery8.1, 8.3. 8.7, 8.8603Manage certificatesThis objective may include but is not limited to: Manage certificate templatesImplement and manage certificate deployment, validation, and revocationManage certificate renewalManage certificate enrollment and renewal to computers and users using Group PoliciesConfigure and manage key archival and recovery8.2, 8.3, 8.4, 8.5, 8.6604Install and configure Active Directory Rights Management Services (AD RMS)This objective may include but is not limited to: Install a licensing or certificate AD RMS serverManage AD RMS Service Connection Point (SCP)Manage RMS templatesConfigure Exclusion PoliciesBack up and restore AD RMS9.1, 9.2, 9.3, 9.4,10.7Appendix C: Server Pro: Advanced Services ObjectivesThe Server Pro: Advanced Services certification exam covers the following objectives. In the spread sheet below, the column to the right lists the sections where the information is located in the course:?# Objective Module.Section 1.0Advanced Active Directory ConfigurationRaise the functional level of an Active Directory forest.Create forest root, cross-forest, external, shortcut, and realm trusts.Manage sites, subnets, and site links.Configure site replication.Implement read-only domain controllers.??1.1, 1.2, 1.3, 1.5, 1.6, 1.7, 1.82.0Advanced Storage ManagementImplement NFS to support UNIX/Linux systems.Implement Dynamic Access Control (DAC).Implement an iSCSI SAN.Migrate virtual machine storage.?2.1, 2.3, 2.4, 2.5, 7.63.0Server Data ProtectionConfigure server backups.Enable shadow copies.Restore server data from backup.?3.1, 3.2, 3.34.0Advanced DHCP and DNS ConfigurationConfigure DHCP to support IPv6.Configure split DHCP scopes.Configure DHCP failover.Protect zone data with DNSSEC.Configure advanced DNS server settings.Configure a GlobalNames zone.?4.3, 4.4, 5.1, 5.2, 5.35.0High Availability ImplementationImplement network load balancing.Create a failover cluster.Configure clustered roles.Enable virtual machine replication?6.2, 7.1, 7.3, 7.56.0 Certificate ManagementConfigure a private certification authority.Manage certificate templates.Issue certificates.Revoke certificates.Enable autoenrollment.?8.1, 8.2, 8.3, 8.4, 8.5, 8.67.0Digital Rights ManagementConfigure AD RMS policies.Manage AD RMS templates.Configure trusted user domains.Configure trusted publishing domains.9.1, 9.2, 9.4 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download