Exam 70-411 Administering Windows Server 2012
Exam 70-411 Administering Windows Server 2012
Published: 17 September 2012
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Windows Server 2012 R2
Credit towards certification: MCP, MCSA, MCSE
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area in the exam. The higher the percentage, the more questions you are likely to see on that content area in the exam.
Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.
As of January 2014, this exam includes content covering Windows Server 2012 R2.
Deploy, manage and maintain servers (15–20%)
Deploy and manage server images
Install the Windows Deployment Services (WDS) role; configure and manage boot, install and discover images; update images with patches, hotfixes and drivers; install features for offline images; configure driver groups and packages
Implement patch management
Install and configure the Windows Server Update Services (WSUS) role, configure group policies for updates, configure client-side targeting, configure WSUS synchronisation, configure WSUS groups, manage patch management in mixed environments
Configure Data Collector Sets (DCS), configure alerts, monitor real-time performance, monitor virtual machines (VMs), monitor events, configure event subscriptions, configure network monitoring, schedule performance monitoring
Windows Deployment Services overview
Windows Server Update Services overview
Update management in Windows Server 2012: Revealing cluster-aware updating and the new generation of WSUS
Configure File and Print Services (15–20%)
Configure Distributed File System (DFS)
Install and configure DFS namespaces, configure DFS Replication Targets, configure Replication Scheduling, configure Remote Differential Compression settings, configure staging, configure fault tolerance, clone a DFS database, recover DFS databases, optimise DFS replication
Configure File Server Resource Manager (FSRM)
Install the FSRM role service, configure quotas, configure file screens, configure reports, configure file management tasks
Configure file and disk encryption
Configure BitLocker encryption; configure the Network Unlock feature; configure BitLocker policies; configure the EFS recovery agent; manage EFS and BitLocker certificates, including backup and restore
Configure advanced audit policies
Implement auditing using Group Policy and AuditPol.exe, create expression-based audit policies, create removable device audit policies
DFS namespaces and DFS replication overview
DFS replication improvements in Windows Server 2012
File Server Resource Manager overview
Configure network services and access (15–20%)
Configure DNS zones
Configure primary and secondary zones, configure stub zones, configure conditional forwards, configure zone and conditional forward storage in Active Directory, configure zone delegation, configure zone transfer settings, configure notify settings
Configure DNS records
Create and configure DNS Resource Records (RR), including A, AAAA, PTR, SOA, NS, SRV, CNAME and MX records; configure zone scavenging; configure record options, including Time To Live (TTL) and weight; configure round robin; configure secure dynamic updates
Configure virtual private networks (VPN) and routing
Install and configure the Remote Access role, implement Network Address Translation (NAT), configure VPN settings, configure remote dial-in settings for users, configure routing, configure Web Application proxy in passthrough mode
Implement server requirements, implement client configuration, configure DNS for Direct Access, configure certificates for Direct Access
How the Domain Name System (DNS) works
DNS server operations guide
Configure a Network Policy Server (NPS) infrastructure (10–15%)
Configure Network Policy Server
Configure a RADIUS server, including RADIUS proxy; configure RADIUS clients; configure NPS templates; configure RADIUS accounting; configure certificates
Configure NPS policies
Configure connection request policies, configure network policies for VPN clients (multilink and bandwidth allocation, IP filters, encryption, IP addressing), import and export NPS policies
Configure Network Access Protection (NAP)
Configure System Health Validators (SHVs), configure health policies, configure NAP enforcement using DHCP and VPN, configure isolation and remediation of non-compliant computers using DHCP and VPN, configure NAP client settings
Network Policy and Access Services overview
Network Policy Server operations guide
Policies in NPS
Configure and manage Active Directory (10–15%)
Configure service authentication
Create and configure Service Accounts, create and configure Group Managed Service Accounts, configure Kerberos delegation, manage Service Principal Names (SPNs), configure virtual accounts
Configure domain controllers
Transfer and seize operations master roles, install and configure a read-only domain controller (RODC), configure domain controller cloning
Maintain Active Directory
Back up Active Directory and SYSVOL, manage Active Directory offline, optimise an Active Directory database, clean up metadata, configure Active Directory snapshots, perform object- and container-level recovery, perform Active Directory restore, configure and restore objects by using the Active
Directory Recycle Bin
Configure account policies
Configure domain and local user password policy settings, configure and apply Password Settings Objects (PSOs), delegate password settings management, configure account lockout policy settings, configure Kerberos policy settings
Group managed service accounts overview
Step-by-step: Safely cloning an Active Directory domain controller with Windows Server 2012
Administering Active Directory backup and recovery
Configure and manage Group Policy (15–20%)
Configure Group Policy processing
Configure processing order and precedence, configure blocking of inheritance, configure enforced policies, configure security filtering and Windows Management Instrumentation (WMI) filtering, configure loopback processing, configure and manage slow-link processing and Group Policy caching, configure client-side extension (CSE) behaviour, force Group Policy Update
Configure Group Policy settings
Configure settings, including software installation, folder redirection, scripts, and administrative template settings; import security templates; import custom administrative template file; configure property filters for administrative templates
Manage Group Policy objects (GPOs)
Back up, import, copy and restore GPOs; create and configure Migration Table; reset default GPOs; delegate Group Policy management
Configure Group Policy preferences (GPP)
Configure GPP settings, including printers, network drive mappings, power options, custom registry settings, Control Panel settings, Internet Explorer settings, file and folder deployment and shortcut deployment; configure item-level targeting
Group Policy in Windows Server 2012: Overview
Work with WMI filters
Back up, restore, import and copy Group Policy objects
You work as the network administrator for a Microsoft Windows Server 2008 domain named
Certkingdom.com. Certkingdom.com has a Development division which utilizes two organizational units
(OU) named DevelopUsers and DevelopComputers for user and computer account storage. The
Development division user and computer accounts are configured as members of global security
groups named DevUsers and DevComputers.
During the course of the week you configure two Password Settings objects for Development
division members named CredSettings01 and CredSettings02. You additionally configure a
minimum password length of 10 for CredSettings01 and 9 for CredSettings02. CertKingdom.com
wants you to determine the required password length minimum for Development division users.
What minimum password length should be configured for CredSettings01 applied to DevUsers?
A. You should configure the minimum password length to 9.
B. You should configure the minimum password length to 10.
C. You should configure the minimum password length to 5.
D. You should configure the minimum password length to 4.
You administrate an Active Directory domain named CertKingdom.com. The domain has a Microsoft
Windows Server 2012 R2 server named CertKingdom-SR01 that hosts the File Server Resource
Manager role service.
You are configuring quota threshold and want to receive an email alert when 80% of the quota has
Where would you enable the email alert?
A. You should consider creating a Data Collector Set (DCS).
B. You should use Windows Resource Monitor.
C. You should use the File Server Resource Manager.
D. You should use Disk Quota Tools.
E. You should use Performance Logs and Alerts.
To make use of email alerts, you need to configure the SMTP Server address details in the File
Server Resource Manager options.
You work as a network administrator at CertKingdom.com. CertKingdom.com has an Active Directory
Domain Services (AD DS) domain name CertKingdom.com. All servers in the CertKingdom.com domain
have Microsoft Windows Server 2012 R2 installed.
The computer accounts for all file servers are located in an organizational unit (OU) named
You are required to track user access to shared folders on the file servers.
Which of the following actions should you consider?
A. You should configure auditing of Account Logon events for the DataOU.
B. You should configure auditing of Object Access events for the DataOU.
C. You should configure auditing of Global Object Access Auditing events for the DataOU.
D. You should configure auditing of Directory Service Access events for the DataOU.
E. You should configure auditing of Privilege Use events for the DataOU.
You are the administrator of an Active Directory Domain Services (AD DS) domain named
CertKingdom.com. The domain has a Microsoft Windows Server 2012 R2 server named CertKingdomSR05
that hosts the File and Storage Services server role.
CertKingdom-SR05 hosts a shared folder named userData. You want to receive an email alert when
a multimedia file is saved to the userData folder.
Which tool should you use?
A. You should use File Management Tasks in File Server Resource Manager.
B. You should use File Screen Management in File Server Resource Manager.
C. You should use Quota Management in File Server Resource Manager.
D. You should use File Management Tasks in File Server Resource Manager.
E. You should use Storage Reports in File Server Resource Manager.
You work as a Network Administrator at CertKingdom.com. CertKingdom.com has an Active Directory
Domain Services (AD DS) domain named CertKingdom.com. All servers in the CertKingdom.com domain
have Microsoft Windows Server 2012 R2 installed and all client computers have Windows 8 Pro
BitLocker Drive Encryption (Bitlocker) is enabled on all client computers. CertKingdom.com wants you
to implement BitLocker Network Unlock.
Which of the following servers would you required to implement BitLocker Network Unlock?
A. A Domain Controller.
B. A DHCP server.
C. A DNS Server.
D. A Windows Deployment Server.
E. An Application Server.
F. A Web Server.
G. A File and Print Server.
H. A Windows Server Update Services server.
BitLocker Network Unlock requires a Windows Server 2012 R2 server running the Windows
Deployment Services (WDS) role in the environment.
Comments are closed.