Exam 70-411 Administering Windows Server 2012

Published: 17 September 2012
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Windows Server 2012 R2
Credit towards certification: MCP, MCSA, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area in the exam. The higher the percentage, the more questions you are likely to see on that content area in the exam.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

As of January 2014, this exam includes content covering Windows Server 2012 R2.

Deploy, manage and maintain servers (15–20%)

Deploy and manage server images
Install the Windows Deployment Services (WDS) role; configure and manage boot, install and discover images; update images with patches, hotfixes and drivers; install features for offline images; configure driver groups and packages

Implement patch management
Install and configure the Windows Server Update Services (WSUS) role, configure group policies for updates, configure client-side targeting, configure WSUS synchronisation, configure WSUS groups, manage patch management in mixed environments

Monitor servers
Configure Data Collector Sets (DCS), configure alerts, monitor real-time performance, monitor virtual machines (VMs), monitor events, configure event subscriptions, configure network monitoring, schedule performance monitoring

Preparation resources
Windows Deployment Services overview
Windows Server Update Services overview
Update management in Windows Server 2012: Revealing cluster-aware updating and the new generation of WSUS

Configure File and Print Services (15–20%)

Configure Distributed File System (DFS)
Install and configure DFS namespaces, configure DFS Replication Targets, configure Replication Scheduling, configure Remote Differential Compression settings, configure staging, configure fault tolerance, clone a DFS database, recover DFS databases, optimise DFS replication

Configure File Server Resource Manager (FSRM)
Install the FSRM role service, configure quotas, configure file screens, configure reports, configure file management tasks

Configure file and disk encryption
Configure BitLocker encryption; configure the Network Unlock feature; configure BitLocker policies; configure the EFS recovery agent; manage EFS and BitLocker certificates, including backup and restore

Configure advanced audit policies
Implement auditing using Group Policy and AuditPol.exe, create expression-based audit policies, create removable device audit policies

Preparation resources
DFS namespaces and DFS replication overview
DFS replication improvements in Windows Server 2012
File Server Resource Manager overview

Configure network services and access (15–20%)

Configure DNS zones
Configure primary and secondary zones, configure stub zones, configure conditional forwards, configure zone and conditional forward storage in Active Directory, configure zone delegation, configure zone transfer settings, configure notify settings

Configure DNS records
Create and configure DNS Resource Records (RR), including A, AAAA, PTR, SOA, NS, SRV, CNAME and MX records; configure zone scavenging; configure record options, including Time To Live (TTL) and weight; configure round robin; configure secure dynamic updates

Configure virtual private networks (VPN) and routing
Install and configure the Remote Access role, implement Network Address Translation (NAT), configure VPN settings, configure remote dial-in settings for users, configure routing, configure Web Application proxy in passthrough mode

Configure DirectAccess
Implement server requirements, implement client configuration, configure DNS for Direct Access, configure certificates for Direct Access

Preparation resources
How the Domain Name System (DNS) works
DNS overview
DNS server operations guide

Configure a Network Policy Server (NPS) infrastructure (10–15%)

Configure Network Policy Server
Configure a RADIUS server, including RADIUS proxy; configure RADIUS clients; configure NPS templates; configure RADIUS accounting; configure certificates

Configure NPS policies
Configure connection request policies, configure network policies for VPN clients (multilink and bandwidth allocation, IP filters, encryption, IP addressing), import and export NPS policies

Configure Network Access Protection (NAP)
Configure System Health Validators (SHVs), configure health policies, configure NAP enforcement using DHCP and VPN, configure isolation and remediation of non-compliant computers using DHCP and VPN, configure NAP client settings

Preparation resources
Network Policy and Access Services overview
Network Policy Server operations guide
Policies in NPS

Configure and manage Active Directory (10–15%)

Configure service authentication
Create and configure Service Accounts, create and configure Group Managed Service Accounts, configure Kerberos delegation, manage Service Principal Names (SPNs), configure virtual accounts

Configure domain controllers
Transfer and seize operations master roles, install and configure a read-only domain controller (RODC), configure domain controller cloning

Maintain Active Directory
Back up Active Directory and SYSVOL, manage Active Directory offline, optimise an Active Directory database, clean up metadata, configure Active Directory snapshots, perform object- and container-level recovery, perform Active Directory restore, configure and restore objects by using the Active
Directory Recycle Bin

Configure account policies
Configure domain and local user password policy settings, configure and apply Password Settings Objects (PSOs), delegate password settings management, configure account lockout policy settings, configure Kerberos policy settings

Preparation resources
Group managed service accounts overview
Step-by-step: Safely cloning an Active Directory domain controller with Windows Server 2012
Administering Active Directory backup and recovery

Configure and manage Group Policy (15–20%)

Configure Group Policy processing
Configure processing order and precedence, configure blocking of inheritance, configure enforced policies, configure security filtering and Windows Management Instrumentation (WMI) filtering, configure loopback processing, configure and manage slow-link processing and Group Policy caching, configure client-side extension (CSE) behaviour, force Group Policy Update

Configure Group Policy settings
Configure settings, including software installation, folder redirection, scripts, and administrative template settings; import security templates; import custom administrative template file; configure property filters for administrative templates

Manage Group Policy objects (GPOs)
Back up, import, copy and restore GPOs; create and configure Migration Table; reset default GPOs; delegate Group Policy management

Configure Group Policy preferences (GPP)
Configure GPP settings, including printers, network drive mappings, power options, custom registry settings, Control Panel settings, Internet Explorer settings, file and folder deployment and shortcut deployment; configure item-level targeting

Preparation resources
Group Policy in Windows Server 2012: Overview
Work with WMI filters
Back up, restore, import and copy Group Policy objects

MCTS Training, MCITP Trainnig

Best Microsoft MCP Certification, Microsoft 70-411 Training at certkingdom.com


You work as the network administrator for a Microsoft Windows Server 2008 domain named
Certkingdom.com. Certkingdom.com has a Development division which utilizes two organizational units
(OU) named DevelopUsers and DevelopComputers for user and computer account storage. The
Development division user and computer accounts are configured as members of global security
groups named DevUsers and DevComputers.

During the course of the week you configure two Password Settings objects for Development
division members named CredSettings01 and CredSettings02. You additionally configure a
minimum password length of 10 for CredSettings01 and 9 for CredSettings02. CertKingdom.com
wants you to determine the required password length minimum for Development division users.
What minimum password length should be configured for CredSettings01 applied to DevUsers?

A. You should configure the minimum password length to 9.
B. You should configure the minimum password length to 10.
C. You should configure the minimum password length to 5.
D. You should configure the minimum password length to 4.

Answer: B


You administrate an Active Directory domain named CertKingdom.com. The domain has a Microsoft
Windows Server 2012 R2 server named CertKingdom-SR01 that hosts the File Server Resource
Manager role service.
You are configuring quota threshold and want to receive an email alert when 80% of the quota has
been reached.
Where would you enable the email alert?

A. You should consider creating a Data Collector Set (DCS).
B. You should use Windows Resource Monitor.
C. You should use the File Server Resource Manager.
D. You should use Disk Quota Tools.
E. You should use Performance Logs and Alerts.

Answer: C

To make use of email alerts, you need to configure the SMTP Server address details in the File
Server Resource Manager options.

You work as a network administrator at CertKingdom.com. CertKingdom.com has an Active Directory
Domain Services (AD DS) domain name CertKingdom.com. All servers in the CertKingdom.com domain
have Microsoft Windows Server 2012 R2 installed.
The computer accounts for all file servers are located in an organizational unit (OU) named
You are required to track user access to shared folders on the file servers.
Which of the following actions should you consider?

A. You should configure auditing of Account Logon events for the DataOU.
B. You should configure auditing of Object Access events for the DataOU.
C. You should configure auditing of Global Object Access Auditing events for the DataOU.
D. You should configure auditing of Directory Service Access events for the DataOU.
E. You should configure auditing of Privilege Use events for the DataOU.

Answer: B


You are the administrator of an Active Directory Domain Services (AD DS) domain named
CertKingdom.com. The domain has a Microsoft Windows Server 2012 R2 server named CertKingdomSR05
that hosts the File and Storage Services server role.
CertKingdom-SR05 hosts a shared folder named userData. You want to receive an email alert when
a multimedia file is saved to the userData folder.
Which tool should you use?

A. You should use File Management Tasks in File Server Resource Manager.
B. You should use File Screen Management in File Server Resource Manager.
C. You should use Quota Management in File Server Resource Manager.
D. You should use File Management Tasks in File Server Resource Manager.
E. You should use Storage Reports in File Server Resource Manager.

Answer: B


You work as a Network Administrator at CertKingdom.com. CertKingdom.com has an Active Directory
Domain Services (AD DS) domain named CertKingdom.com. All servers in the CertKingdom.com domain
have Microsoft Windows Server 2012 R2 installed and all client computers have Windows 8 Pro
BitLocker Drive Encryption (Bitlocker) is enabled on all client computers. CertKingdom.com wants you
to implement BitLocker Network Unlock.
Which of the following servers would you required to implement BitLocker Network Unlock?

A. A Domain Controller.
B. A DHCP server.
C. A DNS Server.
D. A Windows Deployment Server.
E. An Application Server.
F. A Web Server.
G. A File and Print Server.
H. A Windows Server Update Services server.

Answer: D

BitLocker Network Unlock requires a Windows Server 2012 R2 server running the Windows
Deployment Services (WDS) role in the environment.