Exam 70-417 Upgrading Your Skills to MCSA Windows Server 2012

Published: September 21, 2012
Languages: English, German, Japanese
Audiences: IT professionals
Technology: Windows Server 2012 R2
Credit toward certification: MCP, MCSA, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

This exam has been updated to cover the recent technology updates in Windows Server 2012 R2 and System Center 2012 R2. For more details, you may review the documents on the exam detail pages for exams 70-410, 70-411, and 70-412.

Install and configure servers (20 - 25%)
Install servers
Plan for a server installation, plan for server roles, plan for a server upgrade, install Server Core, optimize resource utilization by using Features on Demand, migrate roles from previous versions of Windows Server
Configure servers
Configure Server Core, delegate administration, add and remove features in offline images, deploy roles on remote servers, convert Server Core to/from full GUI, configure services, configure NIC teaming, install and configure Windows PowerShell Desired State Configuration (DSC)
Configure local storage
Design storage spaces, configure basic and dynamic disks, configure Master Boot Record (MBR) and GUID Partition Table (GPT) disks, manage volumes, create and mount virtual hard disks (VHDs), configure storage pools and disk pools, create storage pools by using disk enclosures

Preparation resources
Installing Windows Server 2012
Configure Server Core
Windows Server 2012 "Early Experts" challenge – Exam 70-410 – storage spaces

Configure server roles and features (20 - 25%)
Configure servers for remote management
Configure WinRM, configure down-level server management, configure servers for day-to-day management tasks, configure multi-server management, configure Server Core, configure Windows Firewall, manage non-domain joined servers

Preparation resources
NTFS shared folders in Windows Server 2012
Simplified printing with Windows 8 and Windows Server 2012
Using the Windows Server 2012 Server Manager for remote and multi-server management

Configure Hyper-V (20 - 25%)
Create and configure virtual machine (VM) settings
Configure dynamic memory, configure smart paging, configure Resource Metering, configure guest integration services, create and configure Generation 1 and 2 VMs, configure and use enhanced session mode, configure RemoteFX
Create and configure virtual machine storage
Create VHDs and VHDX, configure differencing drives, modify VHDs, configure pass-through disks, manage checkpoints, implement a virtual Fibre Channel adapter, configure storage Quality of Service
Create and configure virtual networks
Configure Hyper-V virtual switches, optimize network performance, configure MAC addresses, configure network isolation, configure synthetic and legacy virtual network adapters, configure NIC teaming in VMs

Preparation resources
Hyper-V Dynamic Memory overview
Configuring pass-through disks in Hyper-V
Hyper-V network virtualization overview

Install and administer Active Directory (25 - 30%)
Install domain controllers
Add or remove a domain controller from a domain, upgrade a domain controller, install Active Directory Domain Services (AD DS) on a Server Core installation, install a domain controller from install from media (IFM), resolve Domain Name System (DNS) SRV record registration issues, configure a global catalog server, deploy Active Directory infrastructure as a service (IaaS) in Microsoft Azure

Preparation resources
What's new in Active Directory Domain Services installation
Overview of Active Directory simplified administration
Using the updated Active Directory Administration Center

---

QUESTION 1
You have a server named DNS1 that runs Windows Server 2012 R2.
You discover that the DNS resolution is slow when users try to access the company intranet home page by using the URL http://companyhome.
You need to provide single-label name resolution for CompanyHome that is not dependent on the suffix search order.
Which three cmdlets should you run? (Each correct
Answer presents part of the solution. Choose three.)

A. Add-DnsServerPrimaryZone
B. Add-DnsServerResourceRecordCName
C. Set-DnsServerDsSetting
D. Set-DnsServerGlobalNameZone
E. Set-DnsServerEDns
F. Add-DnsServerDirectory Partition

Answer: A,B,D

---

QUESTION 2
Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company.
The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website.
However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?

A. Run dnscmd and specify the CacheLockingPercent parameter
B. Run Set-DnsServerGlobalQueryBlockList
C. Run ipconfig and specify the Renew parameter
D. Run Set-DnsServerCache

Answer: D

---

QUESTION 3
Your network contains an Active Directory forest named adatum.com. The forest contains an Active Directory Rights Management Services (AD RMS) cluster.
A partner company has an Active Directory forest named litwareinc.com. The partner company does not have AD RMS deployed.
You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.
Which type of trust policy should you create?

A. At federated trust
B. A trusted user domain
C. A trusted publishing domain
D. Windows Live ID

Answer: A
Explanation:
A. In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure.
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/cc757344(v=ws.10).aspx

---

QUESTION 4
You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients.
Which criteria should you specify when you create the DHCP policy?

A. The user class
B. The vendor class
C. The client identifier
D. The relay agent information

Answer: A

---

QUESTION 5
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct
Answer presents part of the solution. Choose two.)

A. Enable the Device Registration Service in Active Directory.
B. Publish the Device Registration Service by using a Web Application Proxy.
C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D. Install the Work Folders role service on Server2.
E. Create and configure a sync share on Server2.

Answer: A,C
Explanation: *Prepare your Active Directory forest to support devices
This is a one-time operation that you must run to prepare your Active Directory forest to support devices.
To prepare the Active Directory forest
On your federation server, open a Windows PowerShell command window and type: Initialize-ADDeviceRegistration
*Enable Device Registration Service on a federation server farm node To enable Device Registration Service
1.On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration
2.Repeat this step on each federation farm node in your AD FS farm.

Click here to view complete Q&A of 70-417 exam
Certkingdom Review

Best Microsoft MCTS Certification, Microsoft 70-398 Training at certkingdom.com

Exam 70-412 Configuring Advanced Windows Server 2012 Services

Published: September 17, 2012
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Windows Server 2012 R2
Credit toward certification: MCP, MCSA, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

As of January 2014, this exam includes content covering Windows Server 2012 R2.

Configure and manage high availability (15–20%)
Configure Network Load Balancing (NLB)
Install NLB nodes, configure NLB prerequisites, configure affinity, configure port rules, configure cluster operation mode, upgrade an NLB cluster
Configure failover clustering
Configure quorum, configure cluster networking, restore single node or cluster configuration, configure cluster storage, implement Cluster-Aware Updating, upgrade a cluster, configure and optimize clustered shared volumes, configure clusters without network names, configure storage spaces
Manage failover clustering roles
Configure role-specific settings, including continuously available shares; configure virtual machine (VM) monitoring; configure failover and preference settings; configure guest clustering
Manage VM movement
Perform live migration; perform quick migration; perform storage migration; import, export, and copy VMs; configure VM network health protection; configure drain on shutdown

Preparation resources
Managing Network Load Balancing clusters
Setting Network Load Balancing parameters
Failover cluster deployment guide

Configure file and storage solutions (15–20%)
Configure advanced file services
Configure Network File System (NFS) data store, configure BranchCache, configure File Classification Infrastructure (FCI) using File Server Resource Manager (FSRM), configure file access auditing
Implement Dynamic Access Control (DAC)
Configure user and device claim types, implement policy changes and staging, perform access-denied remediation, configure file classification, create and configure Central Access rules and policies, create and configure resource properties and lists
Configure and optimize storage
Configure iSCSI target and initiator, configure Internet Storage Name server (iSNS), implement thin provisioning and trim, manage server free space using Features on Demand, configure tiered storage

Preparation resources
Network File System
File Server Resource Manager
Dynamic Access Control: Scenario overview

Implement business continuity and disaster recovery (15–20%)
Configure and manage backups
Configure Windows Server backups, configure Microsoft Azure backups, configure role-specific backups, manage VSS settings using VSSAdmin
Recover servers
Restore from backups, perform a Bare Metal Restore (BMR), recover servers using Windows Recovery Environment (Win RE) and safe mode, configure the Boot Configuration Data (BCD) store
Configure site-level fault tolerance
Configure Hyper-V Replica, including Hyper-V Replica Broker and VMs; configure multi-site clustering, including network settings, Quorum, and failover settings; configure Hyper-V Replica extended replication; configure Global Update Manager; recover a multi-site failover cluster

Preparation resources
Windows Server backup overview
Windows Recovery Environment (RE) explained
How to configure bare-metal restore/recovery media

Configure Network Services (15–20%)
Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution
Create and configure superscopes and multicast scopes; implement DHCPv6; configure high availability for DHCP, including DHCP failover and split scopes; configure DHCP Name Protection; configure DNS registration
Implement an advanced DNS solution
Configure security for DNS, including Domain Name System Security Extensions (DNSSEC), DNS Socket Pool, and cache locking; configure DNS logging; configure delegated administration; configure recursion; configure netmask ordering; configure a GlobalNames zone; analyze zone level statistics
Deploy and manage IP Address Management (IPAM)
Provision IPAM manually or by using Group Policy, configure server discovery, create and manage IP blocks and ranges, monitor utilization of IP address space, migrate to IPAM, delegate IPAM administration, manage IPAM collections, configure IPAM database storage

Preparation resources
Dynamic Host Configuration Protocol (DHCP) overview
Step-by-step: Demonstrate DNSSEC in a test lab
Holistic administration of IP address space using Windows Server 2012 IP Address Management

Configure the Active Directory infrastructure (15–20%)
Configure a forest or a domain
Implement multi-domain and multi-forest Active Directory environments, including interoperability with previous versions of Active Directory; upgrade existing domains and forests, including environment preparation and functional levels; configure multiple user principal name (UPN) suffixes
Configure trusts
Configure external, forest, shortcut, and realm trusts; configure trust authentication; configure SID filtering; configure name suffix routing
Configure sites
Configure sites and subnets, create and configure site links, manage site coverage, manage registration of SRV records, move domain controllers between sites
Manage Active Directory and SYSVOL replication
Configure replication to Read-Only Domain Controllers (RODCs), configure Password Replication Policy (PRP) for RODC, monitor and manage replication, upgrade SYSVOL replication to Distributed File System Replication (DFSR)

Preparation resources
Deploy Active Directory Domain Services (AD DS) in your enterprise
Active Directory domains and trusts
Introduction to Active Directory replication and topology management using Windows PowerShell (Level 100)

Configure Identity and Access Solutions (15–20%)
Implement Active Directory Federation Services (AD FS)
Install AD FS; implement claims-based authentication, including Relying Party Trusts; configure authentication policies; configure Workplace Join; configure multi-factor authentication
Install and configure Active Directory Certificate Services (AD CS)
Install an Enterprise Certificate Authority (CA), configure certificate revocation lists (CRL) distribution points, install and configure Online Responder, implement administrative role separation, configure CA backup and recovery
Manage certificates
Manage certificate templates; implement and manage certificate deployment, validation, and revocation; manage certificate renewal; manage certificate enrollment and renewal to computers and users using Group Policies; configure and manage key archival and recovery
Install and configure Active Directory Rights Management Services (AD RMS)
Install a licensing or certificate AD RMS server, manage AD RMS Service Connection Point (SCP), manage RMS templates, configure Exclusion Policies, back up and restore AD RMS

Preparation resources
AD FS deployment guide
Active Directory Certificate Services overview
Deploy a private CA with Windows Server 2012

---

QUESTION 1
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a cluster disk resource.
A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 runs as a service. App1 stores date on the cluster disk resource.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?

A. Add-ClusterGenericServiceRole
B. Add-ClusterGenericApplicationRole
C. Add-ClusterScaleOutFileServerRole
D. Add-ClusterServerRole

Answer: B
Explanation:
Add-ClusterGenericApplicationRole
Configure high availability for an application that was not originally designed to run in a failover cluster.
If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.
EXAMPLE 1.
Command Prompt: C:\PS>
Add-ClusterGenericApplicationRole -CommandLine NewApplication.exe
Name OwnerNode State
---- --------- -----
cluster1GenApp node2 Online Description
-----------
This command configures NewApplication.exe as a generic clustered application. A default name will be used for client access and this application requires no storage.
Reference: Add-ClusterGenericApplicationRole
http://technet.microsoft.com/en-us/library/ee460976.aspx

---

QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8.
You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1.
What should you configure?

A. A classification property
B. The File Server Resource Manager Options
C. A file management task
D. A file screen template

Answer: B
Explanation:
Access-denied assistance can be configured by using the File Server Resource Manager console on the file server.
Note: Access-denied assistance is a new feature in Windows Server 2012, which provides the following ways to troubleshoot issues that are related to access to files and folders:
* Self-assistance. If a user can determine the issue and remediate the problem so that they can get the requested access, the impact to the business is low, and no special exceptions are needed in the central access policy. Access-denied assistance provides an access-denied message that file server administrators can customize with information specific to their organizations. For example, an administrator could set the message so that users can request access from a data owner without involving the file server administrator.
Reference: Scenario: Access-Denied Assistance

---

QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct Answer presents part of the solution. Choose two.)

A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.

Answer: C,E
Explanation:
C. To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm.
E. Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a ‘known’ device and administrators can use this information to drive conditional access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices.
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.
Reference: Configure a federation server with Device Registration Service.

---

QUESTION 3
You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard. You discover that the new virtual disk has a write-back cache of 1 GB.
You need to ensure that the virtual disk has a write-back cache of 5 GB.
What should you do?

A. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.
B. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.
C. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.
D. Delete the virtual disk, and then run the New-VirtualDisk cmdlet.

Answer: D
Explanation:
So what about changing the cache size? Well, you can't modify the cache size, but you can specify it at the time that you create a new virtual hard disk. In order to do so, you have to use Windows PowerShell.
New-VirtualDisk –StoragePoolFriendlyName "<storage pool name>" –FriendlyName "<v
Reference: Using Windows Server 2012's SSD Write-Back Cache

---

QUESTION 4
Your company has offices in Montreal, New York, and Amsterdam.
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office.
The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?

A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAULTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITELINK. Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link.

Answer: C
Explanation:
We create a new site link between Montreal and Amsterdam and schedule it only between 20:00 and 08:00. To ensure that traffic between Montreal and Amsterdam only occurs at this time we also remove Amsterdam from the DEFAULTIPSITELINK.
Reference: How Active Directory Replication Topology Works
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx

---

QUESTION 5
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?

A. 2001:123:4567:890A::
B. FE80:123:4567::
C. FF00:123:4567:890A::
D. FD00:123:4567::

Answer: D
Explanation:
Explanation/Reference:
* A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC 4193. It is the approximate IPv6 counterpart of the IPv4 private address.
The address block fc00::/7 is divided into two /8 groups: / The block fc00::/8 has not been defined yet.
/ The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to a randomly generated bit string.
* Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges:
/ They are not allocated by an address registry and may be used in networks by anyone without outside involvement.
/ They are not guaranteed to be globally unique.
/ Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in the global DNS.
Reference: RFC 4193

---

QUESTION 6
Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?

A. Run dnscmd and specify the CacheLockingPercent parameter.
B. Run Set-DnsServerGlobalQueryBlockList.
C. Run ipconfig and specify the Renew parameter.
D. Run Set-DnsServerCache.

Answer: D
Explanation:
The Set-DnsServerCache cmdlet modifies cache settings for a Domain Name System (DNS) server.
Run Set-DnsServerCache with the -LockingPercent switch.
/ -LockingPercent<UInt32>
Specifies a percentage of the original Time to Live (TTL) value that caching can consume. Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, the DNS server does not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This value means that the DNS server will not overwrite cached entries for the entire duration of the TTL.
Note. A better way would be clear the DNS cache on the DNS server with either Dnscmd /ClearCache (from command prompt), or Clear-DnsServerCache (from Windows PowerShell).
Reference: Set-DnsServerCache
http://technet.microsoft.com/en-us/library/jj649852.aspx
Incorrect:
Not A. You need to use the /config parameter as well:
You can change this value if you like by using the dnscmd command:
dnscmd /Config /CacheLockingPercent<percent>

Click here to view complete Q&A of 70-412 exam
Certkingdom Review

Best Microsoft MCTS Certification, Microsoft 70-412 Training at certkingdom.com

Exam 70-411 Administering Windows Server 2012

Published: September 17, 2012
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Windows Server 2012 R2
Credit toward certification: MCP, MCSA, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

As of January 2014, this exam includes content covering Windows Server 2012 R2.

Deploy, manage, and maintain servers (15–20%)
Deploy and manage server images
Install the Windows Deployment Services (WDS) role; configure and manage boot, install, and discover images; update images with patches, hotfixes, and drivers; install features for offline images; configure driver groups and packages
Implement patch management
Install and configure the Windows Server Update Services (WSUS) role, configure group policies for updates, configure client-side targeting, configure WSUS synchronization, configure WSUS groups, manage patch management in mixed environments
Monitor servers
Configure Data Collector Sets (DCS), configure alerts, monitor real-time performance, monitor virtual machines (VMs), monitor events, configure event subscriptions, configure network monitoring, schedule performance monitoring

Preparation resources
Windows Deployment Services overview
Windows Server Update Services overview
Update management in Windows Server 2012: Revealing cluster-aware updating and the new generation of WSUS

Configure File and Print Services (15–20%)
Configure Distributed File System (DFS)
Install and configure DFS namespaces, configure DFS Replication Targets, configure Replication Scheduling, configure Remote Differential Compression settings, configure staging, configure fault tolerance, clone a DFS database, recover DFS databases, optimize DFS replication
Configure File Server Resource Manager (FSRM)
Install the FSRM role service, configure quotas, configure file screens, configure reports, configure file management tasks
Configure file and disk encryption
Configure BitLocker encryption; configure the Network Unlock feature; configure BitLocker policies; configure the EFS recovery agent; manage EFS and BitLocker certificates, including backup and restore
Configure advanced audit policies
Implement auditing using Group Policy and AuditPol.exe, create expression-based audit policies, create removable device audit policies

Preparation resources
DFS namespaces and DFS replication overview
DFS replication improvements in Windows Server 2012
File Server Resource Manager overview

Configure network services and access (15–20%)
Configure DNS zones
Configure primary and secondary zones, configure stub zones, configure conditional forwards, configure zone and conditional forward storage in Active Directory, configure zone delegation, configure zone transfer settings, configure notify settings
Configure DNS records
Create and configure DNS Resource Records (RR), including A, AAAA, PTR, SOA, NS, SRV, CNAME, and MX records; configure zone scavenging; configure record options, including Time To Live (TTL) and weight; configure round robin; configure secure dynamic updates
Configure virtual private network (VPN) and routing
Install and configure the Remote Access role, implement Network Address Translation (NAT), configure VPN settings, configure remote dial-in settings for users, configure routing, configure Web Application proxy in passthrough mode
Configure DirectAccess
Implement server requirements, implement client configuration, configure DNS for Direct Access, configure certificates for Direct Access

Preparation resources
How the Domain Name System (DNS) works
DNS overview
DNS server operations guide

Configure a Network Policy Server (NPS) infrastructure (10–15%)
Configure Network Policy Server
Configure a RADIUS server, including RADIUS proxy; configure RADIUS clients; configure NPS templates; configure RADIUS accounting; configure certificates
Configure NPS policies
Configure connection request policies, configure network policies for VPN clients (multilink and bandwidth allocation, IP filters, encryption, IP addressing), import and export NPS policies
Configure Network Access Protection (NAP)
Configure System Health Validators (SHVs), configure health policies, configure NAP enforcement using DHCP and VPN, configure isolation and remediation of non-compliant computers using DHCP and VPN, configure NAP client settings

Preparation resources
Network Policy and Access Services overview
Network Policy Server operations guide
Policies in NPS

Configure and manage Active Directory (10–15%)
Configure service authentication
Create and configure Service Accounts, create and configure Group Managed Service Accounts, configure Kerberos delegation, manage Service Principal Names (SPNs), configure virtual accounts
Configure domain controllers
Transfer and seize operations master roles, install and configure a read-only domain controller (RODC), configure domain controller cloning
Maintain Active Directory
Back up Active Directory and SYSVOL, manage Active Directory offline, optimize an Active Directory database, clean up metadata, configure Active Directory snapshots, perform object- and container-level recovery, perform Active Directory restore, configure and restore objects by using the Active Directory Recycle Bin
Configure account policies
Configure domain and local user password policy settings, configure and apply Password Settings Objects (PSOs), delegate password settings management, configure account lockout policy settings, configure Kerberos policy settings

Preparation resources
Group managed service accounts overview
Step-by-step: Safely cloning an Active Directory domain controller with Windows Server 2012
Administering Active Directory backup and recovery

Configure and manage Group Policy (15–20%)
Configure Group Policy processing
Configure processing order and precedence, configure blocking of inheritance, configure enforced policies, configure security filtering and Windows Management Instrumentation (WMI) filtering, configure loopback processing, configure and manage slow-link processing and Group Policy caching, configure client-side extension (CSE) behavior, force Group Policy Update
Configure Group Policy settings
Configure settings, including software installation, folder redirection, scripts, and administrative template settings; import security templates; import custom administrative template file; configure property filters for administrative templates
Manage Group Policy objects (GPOs)
Back up, import, copy, and restore GPOs; create and configure Migration Table; reset default GPOs; delegate Group Policy management
Configure Group Policy preferences (GPP)
Configure GPP settings, including printers, network drive mappings, power options, custom registry settings, Control Panel settings, Internet Explorer settings, file and folder deployment, and shortcut deployment; configure item-level targeting

Preparation resources
Group Policy in Windows Server 2012: Overview
Work with WMI filters
Back up, restore, import, and copy Group Policy objects

QUESTION 1
You have a server named Server1 that runs Windows Server 2012 R2.
On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is configured to store performance log data in C:\Logs.
You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches 100 MB in size.
What should you configure?

A. A File Server Resource Manager (FSRM) file screen on the C:\Logs folder
B. The Data Manager settings of DCS1
C. A schedule for DCS1
D. A File Server Resource Manager (FSRM) quota on the C:\Logs folder

Answer: B

Explanation:
To configure data management for a Data Collector Set
1. In Windows Performance Monitor, expand Data Collector Sets and click User Defined.
2. In the console pane, right-click the name of the Data Collector Set that you want to configure and click Data Manager.
3. On the Data Manager tab, you can accept the default values or make changes according to your data retention policy. See the table below for details on each option.
When Minimum free disk or Maximum folders is selected, previous data will be deleted according to the Resource policy you choose (Delete largest or Delete oldest) when the limit is reached. When Apply policy before the data collector set starts is selected, previous data will be deleted according to your selections before the data collector set creates its next log file.
When Maximum root path size is selected, previous data will be deleted according to your selections when the root log folder size limit is reached.
4. Click the Actions tab. You can accept the default values or make changes. See the table below for details on each option.
5. When you have finished making your changes, click OK.

---

QUESTION 2
You have a server named Server 1.
You enable BitLocker Drive Encryption (BitLocker) on Server 1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?

A. Manage-bde.exe
B. Set-TpmOwnerAuth
C. bdehdcfg.exe
D. tpmvscmgr.exe

Answer: B

Explanation:
The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry.
Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value.

---

QUESTION 3
Your network contains an Active Directory domain named adatum.com.
A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?

A. Add your user account to the Group Policy Creator Owners group.
B. Configure all domain controllers as global catalog servers.
C. Copy files from %Windir%\Policydefinitions to the central store.
D. Modify the Delegation settings of the new GPOs.

Answer: C

Explanation:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain
controllers in the domain.

---

QUESTION 4
You have Windows Server 2012 R2 installation media that contains a file named Install.wim.
You need to identify which images are present in Install.wim.
What should you do?

A. Run imagex.exe and specify the /ref parameter.
B. Run dism.exe and specify the /get-mountedwiminfo parameter.
C. Run dism.exe and specify the /get-imageinfo parameter.
D. Run imagex.exe and specify the /verify parameter.

Answer: C

Explanation:
Option: /Get-ImageInfo
Arguments:
/ImageFile: <path_to_image.wim>
[{/Index: <Image_index> | /Name: <Image_name>}]
Displays information about the images that are contained in the .wim, vhd or .vhdx file. When used with the Index or /Name argument, information about the specified image is displayed, which includes if an image is a WIMBoot image, if the image is Windows 8.1 Update, see Take Inventory of an Image or Component Using DISM. The /Name argument does not apply to VHD files. You must specify /Index: 1 for VHD files.
References:
http: //technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/hh825224.aspx

---

QUESTION 5
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server.
You need to configure Server1 to perform network address translation (NAT).
What should you do?

A. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each network adapter.
B. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each network adapter.
C. From Routing and Remote Access, add an IPv6 routing protocol.
D. From Routing and Remote Access, add an IPv4 routing protocol.

Answer: D

Explanation:
To configure an existing RRAS server to support both VPN remote access and NAT
routing:
1. Open Server Manager.
2. Expand Roles, and then expand Network Policy and Access Services.
3. Right-click Routing and Remote Access, and then click Properties.
4. Select IPv4 Remote access Server or IPv6 Remote access server, or both.

QUESTION 6
You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim.
What should you do?

A. Run dism.exe and specify the /get-mountedwiminfo parameter.
B. Run imagex.exe and specify the /verify parameter.
C. Run imagex.exe and specify the /ref parameter.
D. Run dism.exe and specify the/get-imageinfo parameter.

Answer: A

Explanation:
/Get-MountedWimInfo Lists the images that are currently mounted and information about the mounted image such as read/write permissions, mount location, mounted file path, and mounted image index.
References:
http: //technet. microsoft. com/en-us/library/cc749447(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/dd744382(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/hh825224. aspx

---

QUESTION 7
You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to log data to D:\logs.
What should you do?

A. Right-click DCS1 and click Properties.
B. Right-click DCS1 and click Export list.
C. Right-click DCS1 and click Data Manager.
D. Right-click DCS1 and click Save template.

Answer: A

Explanation:
The Root Directory will contain data collected by the Data Collector Set. Change this setting if you want to store your Data Collector Set data in a different location than the default. Browse to and select the directory, or type the directory name.
To view or modify the properties of a Data Collector Set after it has been created, you can:
* Select the Open properties for this data collector set check box at the end of the Data Collector Set Creation Wizard.
* Right-click the name of a Data Collector Set, either in the MMC scope tree or in the console window, and click Properties in the context menu.
Directory tab:
In addition to defining a root directory for storing Data Collector Set data, you can specify a single Subdirectory or create a Subdirectory name format by clicking the arrow to the right of the text entry field.

Click here to view complete Q&A of 70-411 exam
Certkingdom Review

Best Microsoft MCTS Certification, Microsoft 70-411 Training at certkingdom.com

Exam 70-385 Recertification for MCSE: Messaging

Published: January 7, 2016
Languages: English, German, Japanese
Audiences: IT professionals
Technology: Exchange Server 2013
Credit toward certification: MCP, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

Install, configure, and manage the mailbox role
Plan the mailbox role
Plan for database size and storage performance requirements; plan for virtualization requirements and scenarios; plan mailbox role capacity and placement; design public folder placement strategy; validate storage by running JetStress
Configure and manage the mailbox role
Create and configure Offline Address Book (OAB); create and configure public folders; deploy mailbox server roles; design and create hierarchical address lists
Deploy and manage high availability solutions for the mailbox role
Create and configure a Database Availability Group (DAG); identify failure domains; manage DAG networks; configure proper placement of a file share witness; manage mailbox database copies
Monitor and troubleshoot the mailbox role
Troubleshoot database replication and replay; troubleshoot database copy activation; troubleshoot mailbox role performance; troubleshoot database failures; monitor database replication and content indexing

Plan, install, configure, and manage client access
Plan, deploy, and manage a Client Access Server (CAS)
Design to account for differences between legacy CAS and Exchange CAS; configure Office web application; plan for Outlook Anywhere; configure address book policies; plan to implement Kerberos authentication; plan for Outlook MAPI over HTTP
Plan and configure namespaces and client services
Design namespaces for client connectivity; configure URLs; plan for certificates; configure authentication methods; implement auto-discover for a given namespace
Implement load balancing
Configure namespace load balancing; configure Session Initiation Protocol (SIP) load balancing; plan for differences between layer seven and layer four load balancing methods; configure Windows Network Load Balancing (WNLB)

Plan, install, configure, and manage transport
Plan a high availability solution for common scenarios
Set up redundancy for intra-site scenarios; plan for SafetyNet; plan for shadow redundancy; plan for redundant MX records
Design a transport solution
Design inter-site mail flow; design inter-org mail flow; plan for Domain Secure/TLS; design Edge transport; design message hygiene solutions; design shared namespace scenarios
Troubleshoot and monitor transport
Interpret message tracking logs and protocol logs; troubleshoot a shared namespace environment; troubleshoot SMTP mail flow; given a failure scenario, predict mail flow and identify how to recover; troubleshoot Domain Secure/TLS; troubleshoot the new transport architecture

Design and manage an Exchange infrastructure
Plan for impact of Exchange on Active Directory services
Plan the number of domain controllers; plan placement of Global Catalog (GC); determine DNS changes required for Exchange; prepare domains for Exchange; evaluate impact of schema changes required for Exchange; plan around Active Directory site topology
Plan and manage Role Based Access Control (RBAC)
Determine appropriate RBAC roles and cmdlets; limit administration using existing role groups; evaluate differences between RBAC and Active Directory split permissions; configure a custom-scoped role group; configure delegated setup

Design, configure, and manage site resiliency
Manage a site-resilient Database Availability Group (DAG)
Plan and implement Datacenter Activation Coordination (DAC); given customer node requirements, recommend quorum options; plan cross-site DAG configuration; configure DAG networks
Design, deploy, and manage a site-resilient CAS solution
Plan site-resilient namespaces; configure site-resilient namespace URLs; perform steps for site *over; plan certificate requirements for site failovers; predict client behavior during a *over
Design, deploy, and manage site resilience for transport
Configure MX records for failover scenarios; manage resubmission and reroute queues; plan and configure Send/Receive connectors for site resiliency; perform steps for transport *over

Design, configure, and manage advanced security
Select an appropriate security strategy
Evaluate role-based access control (RBAC); evaluate BitLocker; evaluate smart cards; evaluate Information Rights Management (IRM); evaluate S/MIME; evaluate Domain Secure/TLS
Configure and interpret mailbox and administrative auditing
Configure mailbox audit logging; configure administrative audit logging; configure mailbox access logging; interpret all audit logs
Troubleshoot security-related issues
Determine certificate validity; ensure proper Certificate Revocation List (CRL) access and placement; ensure private key availability; troubleshoot failed IRM protection; troubleshoot RBAC

Configure and manage compliance, archiving, and discovery solutions
Perform eDiscovery
Plan and delegate RBAC roles for eDiscovery; enable a legal/litigation hold; perform a query-based InPlace hold; design and configure journaling; perform multi-mailbox searches in Exchange Administration Center (EAC); evaluate how to integrate InPlace federated searches with Microsoft SharePoint
Implement a compliance solution
Design and configure transport rules for ethical walls; configure MailTips; create, configure, and deploy message classifications; design and configure transport rules to meet specified compliance requirements

Implement and manage coexistence, hybrid scenarios, migration, and federation
Establish coexistence with Exchange Online
Deploy and manage hybrid configuration; evaluate limitations of the Hybrid Configuration Wizard; configure requirements for single sign-on (SSO); design and configure Active Directory Federation Services (ADFS)
Deploy and manage Exchange federation
Manage federation trusts with Microsoft federation gateways; manage hybrid deployment OAuth-based authentication; manage sharing policies; design certificate and firewall requirements; manage organization relationships
Implement on-premises coexistence with legacy systems
Plan namespaces for coexistence; configure proxy redirect; plan firewall configuration for coexistence; plan for mail flow requirements
Migrate legacy systems
Determine transition paths to Exchange; migrate public folders; migrate mailboxes; upgrade policies; plan to account for discontinued features; transition and decommission server roles
QUESTION 1
An administrator recommends removing EDGE1 from the implementation plan and adding a new Client Access server named CAS-8 instead.
You need to identify which anti-spam feature will NOT be available on CAS-8.
Which anti-spam feature should you identify?
A. Connection Filtering
B. Sender Filtering
C. Content Filtering
D. Recipient Filtering

Answer: A

---

QUESTION 2
You need to recommend which tasks must be performed to meet the technical requirements of the research and development (R&D) department.
Which two tasks should you recommend? (Each correct answer presents part of the solution. Choose two.)
A. Create a new global address list (GAL) and a new address book policy.
B. Modify the permissions of the default global address list (GAL), and then create a new GAL.
C. Run the Update AddressList cmdlet.
D. Run the Set-Mailbox cmdlet.
E. Create an OAB virtual directory.

Answer: A,D

---

QUESTION 3
You need to recommend a design that meets the technical requirements for communication between Fabrikam and A. Datum.
Which three actions should you perform in fabrikam.com? (Each correct answer presents part of the solution. Choose three.)
A. Create a remote domain for adatum.com.
B. Exchange certificates with the administrators of adatum.com.
C. From EDGE1, create a Send connector that has an address space for adatum.com
D. Run the Set-TransportConfigcmdlet.
E. Run the Set-TransportServercmdlet.
F. From a Mailbox server, create a Send connector that has an address space for adatum.com.

Answer: B,D,F

---

QUESTION 4
You need to recommend which task is required to prepare Active Directory for the planned Exchange Server 2013 implementation.
What should you recommend?
A. On any domain controller in the Paris office, run setup.exe /preparead.
B. On any domain controller in the Amsterdam office, run setup.exe /preparead.
C. On any domain controller in the Paris office, run setup.exe /preparealldomains.
D. On any domain controller in the Amsterdam office, run setup.exe /preparedomain.

Answer: B

Click here to view complete Q&A of 70-385 exam
Certkingdom Review

Best Microsoft MCTS Certification, Microsoft 70-385 Training at certkingdom.com