admin

admin

Hi I educated in the U.K. with working experienced for 18 years in multinational companies, As an IT Manager and IT Instructor, I am attached with certkingdom.com here they provide IT exams study material, the study materials included exams Q&A with Explanation, Study Guides, Training Labs, Exams Simulations, Training Videos, etc. for certification like MCSE 2003 Training, MCITP Training, http://www.certkingdom.com, CCNA exams preparation, CompTIA A+ Training, and more Certkingdom.com provide you the best training 100% guarantee. “Best Material Great Results”

Home page: http://www.certkingdom.com

Posts by admin

Exam 70-432 Microsoft SQL Server 2008, Implementation and Maintenance

Published: September 30, 2008
Languages: English, Japanese
Audiences: IT professionals
Technology: Microsoft SQL Server 2008
Credit toward certification: MCP, MCSA

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

Installing and configuring SQL Server 2008 (11%)
Install SQL Server 2008 and related services
File locations; default paths; service accounts
Configure SQL Server instances
sp_configure; Dynamic Management Views (DMVs)
Configure SQL Server services
Configuration manager; SQL browser
Configure additional SQL Server components
SQL Server Integration Services (SSIS), SQL Server Analysis Services (SSAS), SQL Server Reporting Services (SSRS), replication; MDS
Implement database mail
Set up and configure
Configure full-text indexing
Enable/disable, index population

Preparation resources
Installing SQL Server 2008
Configuring SQL Server 2008

Maintaining SQL Server instances (9%)
Manage SQL Server Agent jobs
Create and schedule jobs; notification of job execution; disable/enable jobs; change job step order; logging
Manage SQL Server Agent alerts
Performance condition alerts; SQL event alerts; Windows Management Instrumentation (WMI) alerts
Manage SQL Server Agent operators
Operator schedules; fail safe operator; add a new operator; notification methods
Implement the declarative management framework (DMF)
Create a policy; verify a policy; schedule a policy compliance check; enforce a policy; create a condition
Back up a SQL Server environment
Operating system-level concepts; SQL Server Utility; compression media families

Preparation resources
Scheduling SQL Server Agent jobs
Sample: Creating a SQL Server Agent alert by using the WMI Provider for server events
Managing the SQL Server Utility

Managing SQL Server security (18%)
Manage logins and server roles
Create logins; disable/enable logins; security model (authentication mode); password policy enforcement; fixed server roles; alter logins; create credentials; certificate logins
Manage users and database roles
User mapping; user-defined roles; fixed roles; guest, public, dbo; creating and deleting user roles; application roles
Manage SQL Server instance permissions
Logon triggers; permissions versus fixed role membership; cross-database ownership chaining; impersonation; endpoint permissions
Manage database permissions
Impersonation; cross-database ownership chaining
Manage schema permissions and object permissions
Manage schema ownership; object rights
Audit SQL Server instances
Use DDL triggers and logon triggers; C2; common criteria; login failures; event notifications
Manage transparent data encryption (TDE)
Impact of transparent data encryption on backups; certificate management; symmetric keys
Configure surface area
sp_configure

Preparation resources
Managing users, roles, and logins
Auditing in Microsoft SQL Server 2008
SQL Server 2008 transparent data encryption

Maintaining a SQL Server database (17%)
Back up databases
Full backups; differential backups; transaction log; compressed backups; file and filegroup backups; verifying backup; TDE backups
Restore databases
Online restores; full restores; differential restores; transaction log; file and filegroup restores; verifying restore; tail of the transaction log; TDE restores
Manage and configure databases
Files, file groups, and related options; database options; recovery model; attach/detach data
Manage database snapshots
Create, drop, revert
Maintain database integrity
DBCC CHECKDB; suspect pages; page level restores
Maintain a database by using maintenance plans
Maintenance Plan Wizard; Maintenance Plan Designer

Preparation resources
Backing up and restoring databases in SQL Server
Maintenance plans

Performing data management tasks (10%)
Import and export data
BCP; BULK INSERT; OPENROWSET; GUI tools
NOT: SSIS
Manage data partitions
Switching data from one partition to another; add a filegroup; alter a partition function; alter a partition scheme
NOT: designing partition tables/indexes
Implement data compression
Sparse columns; page/row; Unicode compression
Maintain indexes
Create spatial indexes; create partitioned indexes; clustered and non-clustered indexes; XML indexes; disable and enable indexes; filtered index on sparse columns; indexes with included columns; rebuilding/reorganizing indexes; online/offline; statistics on filtered indexes
NOT: designing new indexes
Manage collations
Column collation; database collation; instance collation

Preparation resources
The Data Loading Performance Guide
Creating compressed tables and indexes
Setting and changing collations

Monitoring and troubleshooting SQL Server (14%)
Identify SQL Server service problems
DB Engine service; SQL Agent service; SQL Browser service
Identify concurrency problems
Blocks, locks, deadlocks, activity monitor; relevant Dynamic Management Views
Identify SQL Agent job execution problems
Proxy accounts; credentials; job history
Locate error information
Error log; agent log; job execution history; event logs

Preparation resources
Troubleshooting Database Engine
Understanding Concurrency Control
Viewing the SQL Server Error Log

Optimizing SQL Server performance (12%)
Implement Resource Governor
Use the Database Engine Tuning Advisor
Collect trace data by using SQL Server Profiler
Collect performance data by using Dynamic Management Views
Collect performance data by using System Monitor
Use Performance Studio

Preparation resources
SQL Server 2008 – Resource Governor
Using Database Engine Tuning Advisor
SQL Server Performance Survival Guide

Implementing high availability (9%)
Implement database mirroring
Monitoring, configuring, failover
Implement a SQL Server clustered instance
Monitoring, configuring, failover
Implement log shipping
Monitoring, configuring, failover
Implement replication
Monitoring, configuring

Preparation resources
Technical considerations and best practices for disaster recovery and high availability for SQL Server
Database mirroring and failover clustering
Deployment (replication)


Sample Questions


QUESTION 1
You maintain a SQL Server 2008 instance that contains a database named DB1. DB1
stores customer data for the company. The customers use a Web application to access their profile data. You need to protect the customer data such that data files, log files, and subsequent backups are as secure as possible even if the backup media is lost. Your solution must not affect the Web application or impact performance.
What should you do?

A. Encrypt the customer data at the cell level and then back up DB1.
B. Configure access to DB1 to only use stored procedures and functions.
C. Enable Transparent Database Encryption for DB1 and then back up the transaction logs.
D. Encrypt the customer data at the folder level by using Encrypted File System (EFS) and then back up the transaction logs.

Answer: C


QUESTION 2
You administer a Microsoft SQL Server 2008 R2 database that contains an OrderItems table. The table has the following definition:


Data is grouped into quarterly partitions.
You need to configure the groupings into 12 monthly partitions.
What should you do?

A. Remove the clustered index from the table.
B. Use the ALTER PARTITION FUNCTION … SPLIT RANGE statement.
C. Use the ALTER TABLEstatement to remove the COLLATEoption.
D. Execute the DBCC CLEANTABLEcommand on the OrderItems table.
E. • Create a new filegroup.
• Create a new database file.
• Use the ALTER PARTITION SCHEME statement along with the NEXT USED clause.
• Use ALTER INDEX REORGANIZE statement. F. • Create a new Filegroup.
• Create a new database File.
• Use the ALTER PARTITION SCHEME statement along with the NEXT USED clause.
• Use the ALTER PARTITION FUNCTION statement along with the SPLIT RANGE clause. G. • Create a new table.
• Use the ALTER TABLE statement along with the SWITCH PARTITION clause.
• Use the ALTER PARTITION FUNCTION statement along with the MERGE RANGE clause.
H. • Create a new partition function.
• Create a new partition scheme.
• Add a clustered index to place the data onto the partition scheme.
I. Run the following statement:
CREATE PARTITION SCHEME SEC_FG AS PARTITION FUNC_FG
ALL TO (SECONDARY);
J. Run the following statement: EXECUTE sp_tableoption @TableNamePattern =’OrderItem3′, @OptionName= ‘PartltionByYear’; @OptionValue= ‘true’;

Answer: B


QUESTION 3
You administer a SQL Server 2008 instance.
You need to configure the instance to use a single thread for queries that have an estimated execution cost less than 3.
Which sp_configure configuration option should you set?

A. priority boost
B. precompute rank
C. max worker threads
D. query governor cost limit
E. cost threshold for parallelism

Answer: E


QUESTION 4
You design a maintenance plan for a SQL Server 2008 instance that contains a database named SalesDB.
The SalesDB database includes spatial indexes to support queries on spatial data.
You need to perform physical consistency checks on SalesDB. You also need to ensure that the performance effect on the SalesDB database is minimized.
Which Transact-SQL statement should you execute?

A. DBCC SYS_CHECK (SalesDB);
B. DBCC SQLPERF (SalesDB);
C. DBCC RSPAIRDB (SalesDB);
D. DBCC CHECKDB (SalesDB);

Answer: A


QUESTION 5
You administer a Microsoft SQL Server 2008 R2 instance.
You need to ensure that no suspect pages have been detected in your database.
What should you do?

A. Execute sp_helpfile.
B. Execute DBCC CHECKDB.
C. Examine the msdb..suspect_pagestable.
D. Execute DBCC CHECKDBalong with the REPAIR_FASTclause.
E. Execute DBCC CHECKDBalong with the REPAIR_REBUILDclause.
F. Restore the database from the most recent full backup. Apply any differential and log backups.
G. Use the ALTER DATABASEstatement along with the SET EMERGENCYclause.
H. Use the RESTORE DATABASEstatement along with the PAGESclause. Create a new log backup. Apply all differential and log backups, including the most recent backup.
I. Use the RESTORE DATABASEstatement along with the PAGESclause. Apply any differential and log backups. Create a new log backup and then restore the new log backup.

Answer: C


QUESTION 6
You are mastering the company database, On a SQL Server 2008, you find out that one of the data files computer is broken. You should reserve the database which is from the most recent configurations of backups. In order to cut the lost, you should find the method as quickly as possible. Which is the correct answer?

A. You should run a transaction log backup for the database.
B. You should reserve the old database backup for the database.
C. You should reserve the most recent store produce log backup for the database.
D. You should run the whole database backup.

Answer: A

 

 

Click here to view complete Q&A of 70-432 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-432 Training at certkingdom.com

Dynamics CRM Online Deployment Exam MB2-706

Today I took and passed the Dynamics CRM Online Deployment exam MB2-706. The title only mention Dynamics CRM Online, however when I look more carefully on the skills measured section, there are some topics that quite overlapped with the Dynamics CRM Installation exam MB2-708.

First of all, I won’t break the NDA of the exam but I would like to give my thought on the exam. And if you ask me anything about sample questions and answers, I would say upfront, but sorry I won’t give anything.

As I mentioned earlier on the post that there are some overlapped topics with the installation exam, however I was quite unprepared when I was given some questions that supposedly only applicable for on-premise installation. Then I spent the time of the feedback to point out the questions that not accurate for the Online Deployment. Apart from that, the rest of the exams questions completely reflects the items that listed on the skills measured.

For the preparation of the exam, I just used the Dynamics CRM Online Deployment MOC training material from PartnerSource, however the training itself is not sufficient to pass the exam. Referring back to the skills measured, there are some topics that were not covered in the Online Deployment training, maybe combined with the installation course would be beneficial. Reading the Implementation and Administration guide also a good supplement to prepare the exam.

And one more tip for the exam: Second Shot. Microsoft is offering the second chance if you don’t pass the exam for the first time. The Second Shot offer valid for MCP exams that is taken between January 5, 2015, and May 31, 2015. My tip on this Second Shot is not use this opportunity to memorise the questions, but to identify on which section(s) that we are weak at, then do better preparation for the second chance.

I hope this helps!

I have just completed and passed the MB2-706 certification. (Online deployment certification.)

Interesting as the first certification I have completed online, not sure I’ll rush towards taking the exam on-line again.

I can’t / won’t break the NDA by mentioning specific questions but if you are preparing for the exam, the first tip I have it to actually prepare for the MB2-708 and MB2-706 exams together. There is a large amount of cross over. (MB2-708 being the CRM installations exam.)

I expected the main focus of MB2-706 to be Office 365 admin of CRM subscriptions and instances. Don’t get me wrong that stuff is covered but the exam goes quite a bit wider than that. Review the skills measured on the Microsoft site and ensure you have EVERYTHING covered.

I was unprepared for the number of questions about Outlook deployment and Email Router set-up. So much so that I did the unthinkable and failed first time out! Just shows that the old saying of “fail to prepare, prepare to fail” is bang on.

The “positive” was I got to try out using second shot! Your second attempt is currently still free with second shot. Originally this involved a lengthy process of obtaining a voucher and entering the code when you book the exam. They have made the process smoother these days, if you are eligible for second shot its automatically allocated when you book the exam.

Several questions came up about the process of upgrading from CRM2013 to CRM2015. When you are conducting research for the exam don’t just focus on a vanilla install. Look at any specific considerations for folks moving from earlier versions of CRM.

Be prepared for frustration with some questions! All the questions are valid in the wider context of a CRM deployment but quite a few seemed irrelevant for an online deployment exam. But to be fair Microsoft do make this clear in the skills measured. The word server appears six times in the administration section of the skills measured, that should have been my clue that some questions might feel more aligned to an on premise deployment exam. This area of the skills measured does not have a focus on online deployment and as this is up to 25% of the questions you should expect a significant number of questions that might feel off topic.

Click here to view complete Q&A of MB2-706 exam

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MB2-706 Training at certkingdom.com

Exam 70-417 Upgrading Your Skills to MCSA Windows Server 2012

Published: September 21, 2012
Languages: English, German, Japanese
Audiences: IT professionals
Technology: Windows Server 2012 R2
Credit toward certification: MCP, MCSA, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

This exam has been updated to cover the recent technology updates in Windows Server 2012 R2 and System Center 2012 R2. For more details, you may review the documents on the exam detail pages for exams 70-410, 70-411, and 70-412.

Install and configure servers (20 – 25%)
Install servers
Plan for a server installation, plan for server roles, plan for a server upgrade, install Server Core, optimize resource utilization by using Features on Demand, migrate roles from previous versions of Windows Server
Configure servers
Configure Server Core, delegate administration, add and remove features in offline images, deploy roles on remote servers, convert Server Core to/from full GUI, configure services, configure NIC teaming, install and configure Windows PowerShell Desired State Configuration (DSC)
Configure local storage
Design storage spaces, configure basic and dynamic disks, configure Master Boot Record (MBR) and GUID Partition Table (GPT) disks, manage volumes, create and mount virtual hard disks (VHDs), configure storage pools and disk pools, create storage pools by using disk enclosures

Preparation resources
Installing Windows Server 2012
Configure Server Core
Windows Server 2012 “Early Experts” challenge – Exam 70-410 – storage spaces

Configure server roles and features (20 – 25%)
Configure servers for remote management
Configure WinRM, configure down-level server management, configure servers for day-to-day management tasks, configure multi-server management, configure Server Core, configure Windows Firewall, manage non-domain joined servers

Preparation resources
NTFS shared folders in Windows Server 2012
Simplified printing with Windows 8 and Windows Server 2012
Using the Windows Server 2012 Server Manager for remote and multi-server management

Configure Hyper-V (20 – 25%)
Create and configure virtual machine (VM) settings
Configure dynamic memory, configure smart paging, configure Resource Metering, configure guest integration services, create and configure Generation 1 and 2 VMs, configure and use enhanced session mode, configure RemoteFX
Create and configure virtual machine storage
Create VHDs and VHDX, configure differencing drives, modify VHDs, configure pass-through disks, manage checkpoints, implement a virtual Fibre Channel adapter, configure storage Quality of Service
Create and configure virtual networks
Configure Hyper-V virtual switches, optimize network performance, configure MAC addresses, configure network isolation, configure synthetic and legacy virtual network adapters, configure NIC teaming in VMs

Preparation resources
Hyper-V Dynamic Memory overview
Configuring pass-through disks in Hyper-V
Hyper-V network virtualization overview

Install and administer Active Directory (25 – 30%)
Install domain controllers
Add or remove a domain controller from a domain, upgrade a domain controller, install Active Directory Domain Services (AD DS) on a Server Core installation, install a domain controller from install from media (IFM), resolve Domain Name System (DNS) SRV record registration issues, configure a global catalog server, deploy Active Directory infrastructure as a service (IaaS) in Microsoft Azure

Preparation resources
What’s new in Active Directory Domain Services installation
Overview of Active Directory simplified administration
Using the updated Active Directory Administration Center


QUESTION 1
You have a server named DNS1 that runs Windows Server 2012 R2.
You discover that the DNS resolution is slow when users try to access the company intranet home page by using the URL http://companyhome.
You need to provide single-label name resolution for CompanyHome that is not dependent on the suffix search order.
Which three cmdlets should you run? (Each correct
Answer presents part of the solution. Choose three.)

A. Add-DnsServerPrimaryZone
B. Add-DnsServerResourceRecordCName
C. Set-DnsServerDsSetting
D. Set-DnsServerGlobalNameZone
E. Set-DnsServerEDns
F. Add-DnsServerDirectory Partition

Answer: A,B,D


QUESTION 2
Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company.
The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website.
However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?

A. Run dnscmd and specify the CacheLockingPercent parameter
B. Run Set-DnsServerGlobalQueryBlockList
C. Run ipconfig and specify the Renew parameter
D. Run Set-DnsServerCache

Answer: D


QUESTION 3
Your network contains an Active Directory forest named adatum.com. The forest contains an Active Directory Rights Management Services (AD RMS) cluster.
A partner company has an Active Directory forest named litwareinc.com. The partner company does not have AD RMS deployed.
You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.
Which type of trust policy should you create?

A. At federated trust
B. A trusted user domain
C. A trusted publishing domain
D. Windows Live ID

Answer: A
Explanation:
A. In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure.
http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/cc757344(v=ws.10).aspx


QUESTION 4
You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients.
Which criteria should you specify when you create the DHCP policy?

A. The user class
B. The vendor class
C. The client identifier
D. The relay agent information

Answer: A


QUESTION 5
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct
Answer presents part of the solution. Choose two.)

A. Enable the Device Registration Service in Active Directory.
B. Publish the Device Registration Service by using a Web Application Proxy.
C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D. Install the Work Folders role service on Server2.
E. Create and configure a sync share on Server2.

Answer: A,C
Explanation: *Prepare your Active Directory forest to support devices
This is a one-time operation that you must run to prepare your Active Directory forest to support devices.
To prepare the Active Directory forest
On your federation server, open a Windows PowerShell command window and type: Initialize-ADDeviceRegistration
*Enable Device Registration Service on a federation server farm node To enable Device Registration Service
1.On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration
2.Repeat this step on each federation farm node in your AD FS farm.

Click here to view complete Q&A of 70-417 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-398 Training at certkingdom.com

See how these companies were social engineered

You could be next
Tim Roberts, a security consultant at Solutionary, has been on the other side of trickery. Roberts was recently hired to infiltrate a company’s buildings and networks – mirroring a crook’s social engineering attempts to get at sensitive personal and corporate data. This was all done for cybersecurity assessment purposes and his findings and solutions are shared in hopes you can avoid being the next victim.

Key Loggers and Post-Its
I approached the front desk and chatted up the assistant (nametag Sarah) and a maintenance worker. “There was a ticket put in a while back. Did you guys not get an email notification that I would be here? We are in the process of doing some migration on the network and there have been some outages at the offices.”

At this point, Sarah locked her system and let me sit down at her desk. Instead of using a lot of gadgets, I just took out the key logger and plugged it in between the keyboard and the system. “Could you go ahead and log back in? I need to pull up a command prompt to test the connectivity.” She did, and the key logger was able to catch her submission. “Actually, because I am going to have to ask you to do that a few times, do you mind just writing down your credentials and then we can trash it once I am finished?” I slid the Post-It stack to her and placed a pen on top as I continued to focus on the system, in an effort to convey that this was normal. She wrote down her password and slid it back to me. As I was snooping around the system, I gained access to network shares and several systems on the network. I also noticed that she had her BitLocker recovery key saved conveniently in the My Documents folder, along with some VPN information.

“Sarah, I noticed you don’t have a laptop. Do you ever do work from home?” She replied, “I am not special enough for a laptop. But, they did give me a tablet that I rarely use. I can’t get the VPN to connect.” I tried to bait her with another question. “Oh yeah? Could you show me how you typically connect from home and what credentials you use? Maybe I can reset some things from here for you.” She continued to explain how to remotely connect to the network. I took some quick notes when she wasn’t paying attention. In the end, I had another gig of data, domain credentials, encryption key and a tutorial about how to connect to the VPN.

Poor gullible Sarah
I’d say this was a successful engagement and most importantly a reminder of how gullible people can be, when you appear legitimate, are sympathetic and helpful.

Security awareness training! This goes beyond the annual awareness campaign and quizzes. This must be ingrained into the culture of your company. Your employees must be aware of the risks that are associated with information security (this includes physical and technical controls).
A Clean Desk policy. Sensitive data should be put away when not in use. Passwords should never be written down and taped to the workstation.
Make sure that your Minimum Baseline Configurations (MBC) includes disabling the physical ports that are unnecessary (ie USB). Aside from physical key loggers, the risk for data leakage is increased when an employee has the capability to copy data to an external storage device.
You don’t have to be paranoid, but skepticism and awareness are traits every employee should have. An employee who is able to discern common traits and mannerisms of a would-be attack, can be the first barrier to prevent compromises like this.

Unsuspecting guards
Once I picked the lock to the unalarmed external emergency door, I realized that the client took the extra step of implementing biometric access control. There wasn’t a single person going in or out while I observed. I needed a different way in to the server room. I noticed a security guard station with several monitors and a key box behind the desk. I saw a guard and a maintenance employee were taking a coffee break. “Sorry guys, I’ll just be a moment. I need to get the serial numbers off of these devices. We are doing inventory.” I gave him the face of, “you know, the grind,” shrugged and began writing down anything I saw. “Not a problem,” the guard responded after glancing at my fake badge I made using basic photo editing skills. “You can take them if you want. They don’t work half of the time anyway,” the guard chuckled.

“Could you show me? Maybe I could get corporate to put something in the budget for some new systems.” I made my way behind him, looking at the monitors. Without hesitation, the guard typed in the default password of ‘1111’ and showed me the security issues of the building, where the cameras were located, which ones worked, etc. “I almost forgot.” Turning to the maintenance employee, I asked “You’re with maintenance, correct?” He nodded.

“Awesome, I need to get into the server room for some serial numbers.” This was a big risk, but I figured, why not? “Not a problem. I can let you in.” The guard sat up from his chair and escorted me to the server room. I thanked him for his help and told him that I could take it from there.

A new guard
Again, awareness training would help prevent situations the guards faced. Some awareness programs aren’t robust enough to really get the point across as to the dangers of social engineering and real-world threats. Security awareness training too often becomes routine, just another annual training.
Employees need to understand that security starts with them. Always double-check someone’s story, especially when someone is claiming to need access to this or that or doesn’t badge in. It’s OK to take a minute to call and verify someone’s story and/or credentials. Even if they seem irritated and inconvenienced, it’s better to be safe than sorry.
Change default passwords on devices, even if it only forces a three-pin code for a security system. Switch it up routinely.
Remind the security vendor what risks there are outside of the obvious. Inquisitive security guards who are diligent can make or break your physical security.

Barbecuing your data center
The quarterly employee appreciation BBQ was the perfect time to survey the building undetected. I noticed that nearly all of the badge-restricted areas had doors with the same lever handles. I peeked through the thin window, between a haphazard paper and taping job covering what appeared to be a highly sensitive area. My under-the-door tool allowed me to open a lever door from the other side. Utilizing this, I was able to bypass several restricted areas, including a PBX and server room door. Once inside the server room we had access to systems, networking and telecom devices, butt sets (telephone test sets) and PBX systems. After about 30 minutes of harvesting as much data as possible, we heard someone badge in. Two employees came in, one went straight to his laptop, and the other asked who we were. “I’m Elliot, from XYZ. I’m doing some inventory on the PBX systems.” I interjected as I casually flipped through a clipboard that I had taken from outside. At this point, we were able to gather equipment and devices upon leaving the room.

I found a door that led to the main data center, and passed the cubicle area for what I could only assume was the networking department. This door had two-factor authentication, requiring a four-digit PIN and proximity badge in order to gain access. I noticed that the drop-floor below me could be opened. There was also a handy suction grip conveniently sitting on a table beside the door. I lifted one of the tiles and could have easily crawled under the floor, but I decided against this since I was sporting a white button up and it would have heightened the risk of being exposed. I replaced the tile and instead tried to pick the lock using a bogota-style pick. I was able to bypass the tumbler lock, the two-factor authentication and open the door. I was in the data center and had access to several systems with sensitive data, remote employee VPN devices, laptops, Internet switches, the core switch and more.

How not to get grilled by con men
Use industry best practice when securing your server rooms. This means floor-to-ceiling walls, no lever handles and no windows.
Make sure that your intrusion detection systems cover all external doors and accessible windows.
Don’t leave too big of a gap under doors. This makes it harder to trip exit motion sensors and work the under the door tool.
If you must have a physical key to bypass additional access controls consider a strong lock core and a key management log.
Instill a culture of social and physical awareness, not paranoia. Every employee, vendor, contractor, etc. has a part in security. If employees feel suspicious, encourage them not to be afraid to inquire, challenge and to double-check.
Require badges to be visible at all times. If a certain badge requires an escort, make sure there is an escort. If the badge looks funny, ask to see it.
Keep destruction/shredder bins secure. This goes beyond your run of the mill padlock.

Key to the kingdom
After about an hour of walking around, taking photos, picking the locks on office doors and shredder bins dumpster diving, I gathered quite a bit of sensitive data (some of which included scans of driver licenses and Social Security cards). I successfully used the “under-the-door” tool to bypass a lever handle door which led to the IT department and the data center area. I not only had access to the servers, switches, laptops and a treasure trove of data, but I also found a box of handy “remote employee VPN devices and handbook.”

The Security Control Room contained access to the security cameras and security system, a badge maker, access logs, security staff files and a key box. This box was made out of aluminum and had a generic lock that was easily bypassed (I wanted to try to bypass it, even though I had the guard’s keychain). It had a key spreadsheet on the inside of the door, and several keys hanging in it. There were keys to company vehicles, wiring closets, several rooms and cabinets, elevators and much more. The key that caught my eye was one labeled “Facility 2 – Server Rm.” I had agreed to not take anything outside of the facility, so I couldn’t take the key with me.

“Sorry to bug you, but I am doing a key inventory and John from facility services had given me this key for the Security Control Room, but it doesn’t appear to be working. He said that you should have one and to ask if I could use it for a minute. I promise to bring it right back,” I said as I stood in front of the guard’s desk, smiling and gently tapping the random key on the table.

The security guard paused for a moment, smiled and pulled out a handful of keys. “Well, I suppose, but you better bring my keys back, or I am going to hunt you down.” I made my way back down to the door, unlocked it and then locked it back once inside.

Don’t be so trusting
Tell your guards to stop being so trusting and to never hand their keys over to a random “employee”. Guards are one of the first layers of security, but too many companies often depend on them to be the primary eyes and ears, where the whole employee body should be several eyes and ears.

Don’t forget about the hard locks on doors and cabinets leading to restricted and sensitive areas.
Make sure that your guards are alert and aware. Security guard work can get boring, which enhances distractions (phone, Internet, conversation etc.). Make sure that the guards understand their roles and responsibilities, especially if they are not in-house. The security guard can often make a huge difference in your physical security. They are the first barrier within the facility and should not hesitate to challenge someone’s story.
Always double check and never be afraid to validate the identity of someone. If a would-be attacker doesn’t have a legitimate badge visible or isn’t escorted? Escalate. Did someone piggyback? Ask them to badge in and verify a successful result.

Sure, come on in
During the Open Source Intelligence (OSINT) gathering phase of the assessment, and after performing some remote phishing and charming phone calls, we were able to gather a handful of domain credentials and user naming conventions, which happened to be the same as what LinkedIn shows, even without a professional account (last name, first initial), security policy information, badge details and some names to drop.

I pretended to badge in at the entrance. Once I was in the men’s bathroom, my partner said there were still employees leaving and he had kicked off some wireless scans (to see what was accessible outside the building). After the employees left, I stepped out of the bathroom and walked around the floor, browsing through files, taking pictures of sensitive information left in unlocked destruction bins and trash bins, I might add, beside several printers. I found a couple of untethered laptops (only took one) and the perfect cube to stash our device in. Why was this perfect? Because someone was on vacation and it appears that whomever occupied said cube, had a little home router of his or her own connected. I unplugged it and replaced it with ours.

With our rogue access point in place and hidden behind some empty laptop bags beneath the desk, I made my way out of the building and to my partner’s location. Once in the vehicle, we both connected to the access point and DHCP allowed us to scan several ranges. We were able to compromise a few systems exploiting some known vulnerabilities and by using credentials that we had harvested from the remote portion of the assessment, dump some database tables and spend most of the night in front of dimly lit screens in the hotel parking lot hacking away.

Close the backdoor
Network access should be restricted utilizing methods like Network Access Control (NAC) and Rogue Access Point (AP) detection. This will help to prevent malicious drop boxes and networking devices from leaving a backdoor open into your network for further remote compromise.

It is great if employees are aware of tailgating, but it shouldn’t be as simple as allowing a would-be attacker to catch the door and go through the motion of swiping their badge. Pay attention to the sound of authentication and the color – if technically feasible. Employees should not be offended or afraid to challenge each other if they are not following policy. Restricted access doors should be carefully monitored if there is a need for a time-delay (such as a handicapped employee).

Security outmatched by a smile
I piggybacked my way into the building and picked the lock to the executive office space. I saw that one of the VP’s office doors was open and the office was unoccupied. After a minute in the office, I heard the receptionist return to her desk outside of the VP office. I took a business card off the VP’s desk, noticing that the receptionist is looking in. With a smile I acknowledge her, “I am looking for John Doe. This is his office, right?”

“Yes, but he is in a meeting in the conference room. Did you have an appointment?”

“Kind of. I was supposed to install an encryption client on his laptop today. It would only take a moment.”

“Well, he should be back in about an hour or so. Would you be able to come back then?”

“I have a lot of systems to work on and I would like to go ahead and knock his out while I’m here. I will be heading back to corporate early tomorrow, and I still have a lot to do.”

“Well, let me ask him and see what he says.” She got up and made her way down the hall to the conference room. At this point, I could leave and risk compromising the engagement or gamble with luck.

A few minutes later, she returns and says, “He said that he put a ticket in for something like that, three weeks ago.” Concerned, I followed up with a sympathetic, “Yeah, we’ve been a little backed up; hence the time crunch. Could you let me get the serial number off the bottom of the laptop?” I asked. “I want at least some proof that I came by.” I then started to make my way to the office. Although hesitant, the receptionist follows, smiles, nods, unmounts the laptop and hands it to me.

Good thing IT is backed up
I can’t stress enough how important a security culture is within a company and how a comprehensive security awareness program should be. Social engineering is only one attack vector and is often the most dangerous – because it bypasses investment in technical and physical security controls, when your employee isn’t aware of real dangers that lead to and have led to many compromises.

Click here to view complete Q&A of 70-412 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-412 Training at certkingdom.com

 

 

Exam 70-414 Implementing an Advanced Server Infrastructure

Published: April 7, 2014
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Windows Server 2012 and Windows Server 2012 R2
Credit toward certification: MCP, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

As of April 2014, this exam includes content covering Windows Server 2012 R2.

Manage and maintain a server infrastructure (25–30%)
Design an administrative model
Design considerations, including user rights and built-in groups; design a delegation of administration structure for Microsoft System Center 2012 R2; design self-service portals by using System Center Service Manager; delegate rights for managing private cloud by using AppController and System Center Virtual Machine Manager
Design a monitoring strategy
Design considerations including monitoring servers using Audit Collection Services (ACS) and System Center Global Service Monitor, performance monitoring, application monitoring, centralized monitoring, and centralized reporting; implement and optimize System Center 2012 – Operations Manager management packs; plan for monitoring Active Directory
Plan and implement automated remediation
Create an Update Baseline in Virtual Machine Manager; implement a Desired Configuration Management (DCM) Baseline; implement Virtual Machine Manager integration with Operations Manager; configure Virtual Machine Manager to move a VM dynamically based on policy; integrate System Center 2012 for automatic remediation into your existing enterprise infrastructure; design and implement a Windows PowerShell Desired State Configuration (DSC) solution

Preparation resources
Design considerations for delegation of administration in Active Directory
Update management in Windows Server 2012: Revealing cluster-aware updating and the new generation of WSUS

Plan and implement a highly available enterprise infrastructure (25–30%)
Plan and implement failover clustering
Plan for and implement multi-node and multi-site clustering including the use of networking storage, name resolution, and Global Update Manager (GUM); design considerations including redundant networks, network priority settings, resource failover and failback, heartbeat and DNS settings, Quorum configuration, storage placement and replication, and cluster aware updates
Plan and implement highly available network services
Plan for and configure Network Load Balancing (NLB); design considerations including fault-tolerant networking, multicast vs. unicast configuration, state management, and automated deployment of NLB using Virtual Machine Manager service templates
Plan and implement highly available storage solutions
Plan for and configure storage spaces and storage pools; design highly available, multi-replica DFS namespaces; plan for and configure multi-path I/O (MPIO); configure highly available iSCSI Target and iSNS Server; plan for and implement storage using RDMA and SMB multi-channel
Plan and implement highly available roles
Plan for a highly available Dynamic Host Configuration Protocol (DHCP) Server, Hyper-V clustering, Continuously Available File Shares, and a DFS Namespace Server; plan for and implement highly available applications, services, and scripts using Generic Application, Generic Script, and Generic Service clustering roles
Plan and implement a business continuity and disaster recovery solution
Plan a backup and recovery strategy; planning considerations including Active Directory domain and forest recovery, Hyper-V replica including using Microsoft Azure Site Recovery, domain controller restore and cloning, and Active Directory object and container restore using authoritative restore and Recycle Bin; plan for and implement backup and recovery by using System Center Data Protection Manager (DPM)

Preparation resources
Failover cluster design guide
Network load balancing overview
Storage spaces overview

Plan and implement a server virtualization infrastructure (25–30%)
Plan and implement virtualization hosts
Plan for and implement delegation of virtualization environment (hosts, services, and VMs), including self-service capabilities; plan and implement multi-host libraries including equivalent objects; plan for and implement host resource optimization; integrate third-party virtualization platforms; deploying Hyper-V hosts to bare metal
Plan and implement virtual machines
Plan for and implement highly available VMs; plan for and implement guest resource optimization including shared VHDx; configure placement rules; create Virtual Machine Manager templates
Plan and implement virtualization networking
Plan for and configure Virtual Machine Manager logical networks, including virtual switch extensions and logical switches; plan for and configure IP address and MAC address settings across multiple Hyper-V hosts, including network virtualization; plan for and configure virtual network optimization; plan and implement Windows Server Gateway; plan and implement VLANs and pVLANs; plan and implement virtual machine (VM) networks; plan and implement converged networks
Plan and implement virtualization storage
Plan for and configure Hyper-V host clustered storage; plan for and configure Hyper-V virtual machine storage including virtual Fibre Channel, iSCSI, and shared VHDx; plan for storage optimization; plan and implement storage using SMB 3.0 file shares
Plan and implement virtual machine movement
Plan for and configure live and storage migration between Hyper-V hosts; plan for and manage P2V and V2V; plan and implement virtual machine migration between clouds
Manage and maintain a server virtualization infrastructure
Manage dynamic optimization and resource optimization; integrate Operations Manager with System Center Virtual Machine Manager and System Center Service Manager; update virtual machine images in libraries; plan for and implement backup and recovery of virtualization infrastructure by using System Center Data Protection Manager (DPM)

Preparation resources
Installing and opening the VMM self-service portal
How to create a virtual machine from a template
Configuring networking in VMM overview

Design and implement identity and access solutions (20–25%)
Design a Certificate Services infrastructure
Design a multi-tier Certificate Authority (CA) hierarchy with offline root CA; plan for multi-forest CA deployment; plan for Certificate Enrollment Web Services and Certificate Enrollment Policy Web Services; plan for Network Device Enrollment Services (NDES); plan for certificate validation and revocation; plan for disaster recovery; plan for trust between organizations including Certificate Trust Lists (CTL), cross certifications, and bridge CAs
Implement and manage a Certificate Services infrastructure
Configure and manage offline root CA; configure and manage Certificate Enrollment Web Services and Certificate Enrollment Policy Web Services; configure and manage Network Device Enrollment Services; configure Online Certificates Status Protocol (OCSP) responders; migrate CA; implement administrator role separation; implement and manage trust between organizations including Certificate Trust Lists (CTL), cross certifications, and bridge CAs; monitor CA health
Implement and manage certificates
Manage certificate templates; implement and manage certificate deployment, validation, renewal, revocation, and publishing including Internet-based clients, CAs, and network devices; configure and manage key archival and recovery
Design and implement a federated identity solution
Plan for and implement claims-based authentication including planning and implementing Relying Party Trusts; plan for and configure Claims Provider and Relying Party Trust claim rules; plan for and configure attribute stores including Active Directory Lightweight Directory Services (AD LDS); plan for and manage Active Directory Federation Services (AD FS) certificates; plan for and implement Identity Integration with cloud services; integrate Web Application Proxy with AD FS
Design and implement Active Directory Rights Management Services (AD RMS
Plan for highly available AD RMS deployment; plan for AD RMS client deployment; manage Trusted User Domains; manage Trusted Publishing Domains; manage Federated Identity support; upgrade or migrate AD RMS; decommission AD RMS

Preparation resources
Active Directory Certificate Services overview


QUESTION 1
You need to create a virtual machine template for the web servers used by the CRM
application.
The solution must meet the virtualization requirements.
What should you use?

A. An .iso image
B. A virtual machine
C. A Windows PowerShell script
D. A virtual hard disk (VHD)

Answer: D
Reference: http://technet.microsoft.com/en-us/library/bb740838.aspx


QUESTION 2
You are planning the deployment of System Center 2012 Virtual Machine Manager (VMM).
You need to identify which additional System Center 2012 product is required to meet the virtualization requirements.
What should you include in the recommendation?

A. App Controller
B. Operations Manager
C. Configuration Manager
D. Service Manager

Answer: B


QUESTION 3
You need to recommend a solution that resolves the current file server issue. The solution must meet the business requirements.
What should you include in the recommendation?

A. BranchCache in hosted cache mode
B. BranchCache in distributed cache mode
C. A storage pool
D. Distributed File System (DFS)

Answer: D


QUESTION 4
You need to recommend a solution for managing updates. The solution must meet the technical requirements.
What should you include in the recommendation?

A. A System Center 2012 Configuration Manager management point in the main office and a WSUS downstream server in each office
B. A System Center 2012 Configuration Manager software update point in the main office and a System Center 2012 Configuration Manager distribution point in each office
C. A System Center 2012 Configuration Manager management point in the main office and a System Center 2012 Configuration Manager distribution point in each office
D. A WSUS upstream server in the main office and a WSUS downstream server in each office

Answer: B

 

Click here to view complete Q&A of 70-414 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-414 Training at certkingdom.com

 

 

Exam 70-413 Designing and Implementing a Server Infrastructure

Published: April 7, 2014
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Windows Server 2012 and Windows Server 2012 R2
Credit toward certification: MCP, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

As of April 2014, this exam includes content covering Windows Server 2012 R2.

Plan and deploy a server infrastructure (20–25%)
Design and plan an automated server installation strategy
Design considerations including images and bare metal/virtual deployment; design a server implementation using Windows Assessment and Deployment Kit (ADK); design a virtual server deployment
Plan for deploying servers to Microsoft Azure infrastructure as a service (IaaS); plan for deploying servers to public and private cloud by using AppController and Windows PowerShell; plan for multicast deployment; plan for Windows Deployment Services (WDS)
Implement a server deployment infrastructure
Configure multi-site topology and transport servers; implement a multi-server topology, including stand-alone and Active Directory–integrated Windows Deployment Services (WDS) servers; deploy servers to Microsoft Azure IaaS; deploy servers to public and private cloud by using AppController and Windows PowerShell
Plan and implement server upgrade and migration
Plan for role migration; migrate server roles; migrate servers across domains and forests; design a server consolidation strategy; plan for capacity and resource optimization
Plan and deploy Virtual Machine Manager services
Design Virtual Machine Manager service templates; plan and deploy profiles, operating system profiles, hardware and capability profiles, application profiles, and SQL profiles; plan and manage services including scaling out, updating and servicing services; configure Virtual Machine Manager libraries; plan and deploy services to non-trusted domains and workgroups
Plan and implement file and storage services
Planning considerations include iSCSI SANs, Fibre Channel SANs, Virtual Fibre Channel, storage spaces, storage pools including tiered storage and data de-duplication; configure the Internet Storage Name server (iSNS); configure Services for Network File System (NFS); plan and implement SMB 3.0 based storage; plan for Windows Offloaded Data Transfer (ODX)

Preparation resources
Windows deployment with the Windows ADK
Windows Deployment Services overview
Install, use, and remove Windows Server migration tools

Design and implement network infrastructure services (20–25%)
Design and maintain a Dynamic Host Configuration Protocol (DHCP) solution
Design considerations including a highly available DHCP solution including split scope, DHCP failover, and DHCP failover clustering, DHCP interoperability, and DHCPv6; implement DHCP filtering; implement and configure a DHCP management pack; maintain a DHCP database
Design a name resolution solution strategy
Design considerations including Active Directory integrated zones, DNSSEC, DNS Socket Pool, cache locking, disjoint namespaces, DNS interoperability, migration to application partitions, IPv6, Single-Label DNS Name Resolution, zone hierarchy, and zone delegation
Design and manage an IP address management solution
Design considerations including IP address management technologies including IPAM, Group Policy based, manual provisioning, and distributed, centralized, hybrid placement, and database storage; configure role-based access control; configure IPAM auditing; migrate IPs; manage and monitor multiple DHCP and DNS servers; configure data collection for IPAM; integrate IPAM with Virtual Machine Manager (VMM)

Preparation resources
DHCP design guide
Reviewing DNS concepts
IP Address Management (IPAM) overview

Design and implement network access services (15–20%)
Design a VPN solution
Design considerations including certificate deployment, firewall configuration, client/site to site, bandwidth, protocol implications, connectivity to Microsoft Azure IaaS and VPN deployment configurations using Connection Manager Administration Kit (CMAK)
Design a DirectAccess solution
Design considerations including deployment topology, migration from Forefront UAG, One Time Password (OTP), and use of certificates issued by enterprise Certificate Authority (CA)
Design a Web Application Proxy solution
Design considerations including planning for applications, authentication and authorization, Workplace Join, devices, multifactor authentication, multifactor access control, single sign-on (SSO), certificates, planning access for internal and external clients
Implement a scalable remote access solution
Configure site-to-site VPN; configure packet filters; implement packet tracing; implement multi-site Remote Access; configure Remote Access clustered with Network Load Balancing (NLB); implement an advanced DirectAccess solution, configure multiple RADIUS server groups and infrastructure, configure Web Application Proxy for clustering
Design and implement network protection solution
Design considerations including Network Access Protection (NAP) enforcement methods for DHCP, IPSec, VPN, and 802.1x, capacity, placement of servers, firewall, Network Policy Server (NPS), and remediation network, configure NAP enforcement for IPsec and 802.1x, monitor for compliance

Preparation resources
Plan the Remote Access deployment
DirectAccess design, deployment, and troubleshooting guides
Microsoft Virtual Academy: Multi site and high availability DirectAccess

Design and implement an Active Directory infrastructure (logical) (20–25%)
Design a forest and domain infrastructure
Design considerations including multi-forest architecture, trusts, functional levels, domain upgrade, domain migration, forest restructure, Microsoft Azure Active Directory and DirSync
Implement a forest and domain infrastructure
Configure domain rename; configure Kerberos realm trusts; implement a domain upgrade; implement a domain migration; implement a forest restructure; deploy and manage a test forest including synchronization with production forests
Design a Group Policy strategy
Design considerations including inheritance blocking, enforced policies, loopback processing, security, and WMI filtering, site-linked Group Policy Objects (GPOs), slow-link processing, group strategies, organizational unit (OU) hierarchy, and Advanced Group Policy Management (AGPM), and Group Policy caching
Design an Active Directory permission model
Design considerations including Active Directory object security and Active Directory quotas; customize tasks to delegate in Delegate of Control Wizard; deploy administrative tools on the client devices; delegate permissions on administrative users (AdminSDHolder); plan for Kerberos delegation

Preparation resources
AD DS design guide
Domain Rename technical reference
Advanced Group Policy management

Design and implement an Active Directory infrastructure (physical) (20–25%)
Design an Active Directory sites topology
Design considerations including proximity of domain controllers, replication optimization, and site link; monitor and resolve Active Directory replication conflicts
Design a domain controller strategy
Design considerations including global catalog, operations master roles, Read-Only Domain Controllers (RODCs), partial attribute set, and domain controller cloning, and domain controller placement
Design and implement a branch office infrastructure
Design considerations including RODC, Universal Group Membership Caching (UGMC), global catalog, DNS, DHCP, and BranchCache; implement confidential attributes; delegate administration; modify filtered attributes set; configure password replication policy; configure hash publication

Preparation resources

Planning domain controller placement
RODC frequently asked questions
Branch office infrastructure solution


QUESTION 1
What method should you use to deploy servers?

A. WDS
B. AIK
C. ADK
D. EDT

Answer: A

Explanation: WDS is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network-based installation. This means that you do not have to install each operating system directly from a CD, USB drive, or DVD.
Reference: What’s New in Windows Deployment Services in Windows Server


QUESTION 2
You need to recommend a solution for DHCP logging. The solution must meet the technical requirement.
What should you include in the recommendation?

A. Event subscriptions
B. IP Address Management (IPAM)
C. DHCP audit logging
D. DHCP filtering

Answer: B

Explanation: * Scenario: A central log of the IP address leases and the users associated to those leases must be created.
* Feature description
IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol
(DHCP) and Domain Name Service (DNS). IPAM includes components for:
• Automatic IP address infrastructure discover)’: IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM.
• Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups.
• Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name.
• Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console.
Reference: IP Address Management (IPAM) Overview


QUESTION 3
After the planned upgrade to Windows Server 2012, you restore a user account from the Active Directory Recycle Bin.
You need to replicate the restored user account as quickly as possible.
Which cmdlets should you run?

A. Get-ADReplicationSite and Set-ADReplicationConnection
B. Get-ADReplicationAttributeMetadata and Compare-Object
C. Get-ADReplicationUpToDatenessVectorTable and Set-ADReplicationSite
D. Get ADDomainController and Sync-ADObject

Answer: D

Explanation:
* Scenario:
All of the domain controllers are global catalog servers.
The FSMO roles were not moved since the domains were deployed.
* The Get-ADDomainController cmdlet gets the domain controllers specified by the parameters.
You can get domain controllers by setting the Identity, Filter or Discover parameters.
* The Sync-ADObject cmdlet replicates a single object between any two domain controllers that have partitions in common. The two domain controllers do not need to be direct replication partners. It can also be used to populate passwords in a read-only domain
controller (RODC) cache.
Reference: Get-ADDomainController, Sync-ADObject


QUESTION 4
You need to recommend a fault-tolerant solution for the VPN. The solution must meet the technical requirements.
What should you include in the recommendation?

A. Network adapter teaming
B. Network Load Balancing (NLB)
C. Failover Clustering
D. DirectAccess

Answer: B

Explanation:
* Scenario: Core networking services in each office must be redundant if a server fails.
* The Network Load Balancing (NLB) feature distributes traffic across several servers by using the TCP/IP networking protocol. By combining two or more computers that are running applications into a single virtual cluster, NLB provides reliability and performance for web servers and other mission-critical servers.
Reference: Network Load Balancing Overview
http://technet.microsoft.com/en-us/library/hh831698.aspx


QUESTION 5
You are planning the migration of research.contoso.com.
You need to identify which tools must be used to perform the migration.
Which tools should you identify?

A. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Group Policy Management Console (GPMC)
B. Active Directory Federation Services (AD FS) and Microsoft Federation Gateway
C. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Active Directory Federation Services (AD FS)
D. Active Directory Lightweight Directory Services (AD LDS) and Group Policy Management
Console (GPMC)

Answer: A

Explanation:
* Scenario:
All of the users and the Group Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com.
two domain controllers for the research.contoso.com domain. The domain controllers run Windows Server 2008 R2.

 


 

 

Click here to view complete Q&A of 70-413 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-413 Training at certkingdom.com

Exam 70-412 Configuring Advanced Windows Server 2012 Services

Published: September 17, 2012
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Windows Server 2012 R2
Credit toward certification: MCP, MCSA, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

As of January 2014, this exam includes content covering Windows Server 2012 R2.

Configure and manage high availability (15–20%)
Configure Network Load Balancing (NLB)
Install NLB nodes, configure NLB prerequisites, configure affinity, configure port rules, configure cluster operation mode, upgrade an NLB cluster
Configure failover clustering
Configure quorum, configure cluster networking, restore single node or cluster configuration, configure cluster storage, implement Cluster-Aware Updating, upgrade a cluster, configure and optimize clustered shared volumes, configure clusters without network names, configure storage spaces
Manage failover clustering roles
Configure role-specific settings, including continuously available shares; configure virtual machine (VM) monitoring; configure failover and preference settings; configure guest clustering
Manage VM movement
Perform live migration; perform quick migration; perform storage migration; import, export, and copy VMs; configure VM network health protection; configure drain on shutdown

Preparation resources
Managing Network Load Balancing clusters
Setting Network Load Balancing parameters
Failover cluster deployment guide

Configure file and storage solutions (15–20%)
Configure advanced file services
Configure Network File System (NFS) data store, configure BranchCache, configure File Classification Infrastructure (FCI) using File Server Resource Manager (FSRM), configure file access auditing
Implement Dynamic Access Control (DAC)
Configure user and device claim types, implement policy changes and staging, perform access-denied remediation, configure file classification, create and configure Central Access rules and policies, create and configure resource properties and lists
Configure and optimize storage
Configure iSCSI target and initiator, configure Internet Storage Name server (iSNS), implement thin provisioning and trim, manage server free space using Features on Demand, configure tiered storage

Preparation resources
Network File System
File Server Resource Manager
Dynamic Access Control: Scenario overview

Implement business continuity and disaster recovery (15–20%)
Configure and manage backups
Configure Windows Server backups, configure Microsoft Azure backups, configure role-specific backups, manage VSS settings using VSSAdmin
Recover servers
Restore from backups, perform a Bare Metal Restore (BMR), recover servers using Windows Recovery Environment (Win RE) and safe mode, configure the Boot Configuration Data (BCD) store
Configure site-level fault tolerance
Configure Hyper-V Replica, including Hyper-V Replica Broker and VMs; configure multi-site clustering, including network settings, Quorum, and failover settings; configure Hyper-V Replica extended replication; configure Global Update Manager; recover a multi-site failover cluster

Preparation resources
Windows Server backup overview
Windows Recovery Environment (RE) explained
How to configure bare-metal restore/recovery media

Configure Network Services (15–20%)
Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution
Create and configure superscopes and multicast scopes; implement DHCPv6; configure high availability for DHCP, including DHCP failover and split scopes; configure DHCP Name Protection; configure DNS registration
Implement an advanced DNS solution
Configure security for DNS, including Domain Name System Security Extensions (DNSSEC), DNS Socket Pool, and cache locking; configure DNS logging; configure delegated administration; configure recursion; configure netmask ordering; configure a GlobalNames zone; analyze zone level statistics
Deploy and manage IP Address Management (IPAM)
Provision IPAM manually or by using Group Policy, configure server discovery, create and manage IP blocks and ranges, monitor utilization of IP address space, migrate to IPAM, delegate IPAM administration, manage IPAM collections, configure IPAM database storage

Preparation resources
Dynamic Host Configuration Protocol (DHCP) overview
Step-by-step: Demonstrate DNSSEC in a test lab
Holistic administration of IP address space using Windows Server 2012 IP Address Management

Configure the Active Directory infrastructure (15–20%)
Configure a forest or a domain
Implement multi-domain and multi-forest Active Directory environments, including interoperability with previous versions of Active Directory; upgrade existing domains and forests, including environment preparation and functional levels; configure multiple user principal name (UPN) suffixes
Configure trusts
Configure external, forest, shortcut, and realm trusts; configure trust authentication; configure SID filtering; configure name suffix routing
Configure sites
Configure sites and subnets, create and configure site links, manage site coverage, manage registration of SRV records, move domain controllers between sites
Manage Active Directory and SYSVOL replication
Configure replication to Read-Only Domain Controllers (RODCs), configure Password Replication Policy (PRP) for RODC, monitor and manage replication, upgrade SYSVOL replication to Distributed File System Replication (DFSR)

Preparation resources
Deploy Active Directory Domain Services (AD DS) in your enterprise
Active Directory domains and trusts
Introduction to Active Directory replication and topology management using Windows PowerShell (Level 100)

Configure Identity and Access Solutions (15–20%)
Implement Active Directory Federation Services (AD FS)
Install AD FS; implement claims-based authentication, including Relying Party Trusts; configure authentication policies; configure Workplace Join; configure multi-factor authentication
Install and configure Active Directory Certificate Services (AD CS)
Install an Enterprise Certificate Authority (CA), configure certificate revocation lists (CRL) distribution points, install and configure Online Responder, implement administrative role separation, configure CA backup and recovery
Manage certificates
Manage certificate templates; implement and manage certificate deployment, validation, and revocation; manage certificate renewal; manage certificate enrollment and renewal to computers and users using Group Policies; configure and manage key archival and recovery
Install and configure Active Directory Rights Management Services (AD RMS)
Install a licensing or certificate AD RMS server, manage AD RMS Service Connection Point (SCP), manage RMS templates, configure Exclusion Policies, back up and restore AD RMS

Preparation resources
AD FS deployment guide
Active Directory Certificate Services overview
Deploy a private CA with Windows Server 2012


QUESTION 1
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a cluster disk resource.
A developer creates an application named App1. App1 is NOT a cluster-aware application. App1 runs as a service. App1 stores date on the cluster disk resource.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?

A. Add-ClusterGenericServiceRole
B. Add-ClusterGenericApplicationRole
C. Add-ClusterScaleOutFileServerRole
D. Add-ClusterServerRole

Answer: B
Explanation:
Add-ClusterGenericApplicationRole
Configure high availability for an application that was not originally designed to run in a failover cluster.
If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.
EXAMPLE 1.
Command Prompt: C:\PS>
Add-ClusterGenericApplicationRole -CommandLine NewApplication.exe
Name OwnerNode State
—- ——— —–
cluster1GenApp node2 Online Description
———–
This command configures NewApplication.exe as a generic clustered application. A default name will be used for client access and this application requires no storage.
Reference: Add-ClusterGenericApplicationRole
http://technet.microsoft.com/en-us/library/ee460976.aspx


QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8.
You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1.
What should you configure?

A. A classification property
B. The File Server Resource Manager Options
C. A file management task
D. A file screen template

Answer: B
Explanation:
Access-denied assistance can be configured by using the File Server Resource Manager console on the file server.
Note: Access-denied assistance is a new feature in Windows Server 2012, which provides the following ways to troubleshoot issues that are related to access to files and folders:
* Self-assistance. If a user can determine the issue and remediate the problem so that they can get the requested access, the impact to the business is low, and no special exceptions are needed in the central access policy. Access-denied assistance provides an access-denied message that file server administrators can customize with information specific to their organizations. For example, an administrator could set the message so that users can request access from a data owner without involving the file server administrator.
Reference: Scenario: Access-Denied Assistance


QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.
You complete the Active Directory Federation Services Configuration Wizard on Server1.
You need to ensure that client devices on the internal network can use Workplace Join.
Which two actions should you perform on Server1? (Each correct Answer presents part of the solution. Choose two.)

A. Run Enable-AdfsDeviceRegistration -PrepareActiveDirectory.
B. Edit the multi-factor authentication global authentication policy settings.
C. Run Enable-AdfsDeviceRegistration.
D. Run Set-AdfsProxyProperties HttpPort 80.
E. Edit the primary authentication global authentication policy settings.

Answer: C,E
Explanation:
C. To enable Device Registration Service
On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration
Repeat this step on each federation farm node in your AD FS farm.
E. Enable seamless second factor authentication
Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a ‘known’ device and administrators can use this information to drive conditional access and gate access to resources.
To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices.
In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.
Reference: Configure a federation server with Device Registration Service.


QUESTION 3
You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard. You discover that the new virtual disk has a write-back cache of 1 GB.
You need to ensure that the virtual disk has a write-back cache of 5 GB.
What should you do?

A. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.
B. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.
C. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.
D. Delete the virtual disk, and then run the New-VirtualDisk cmdlet.

Answer: D
Explanation:
So what about changing the cache size? Well, you can’t modify the cache size, but you can specify it at the time that you create a new virtual hard disk. In order to do so, you have to use Windows PowerShell.
New-VirtualDisk –StoragePoolFriendlyName “<storage pool name>” –FriendlyName “<v
Reference: Using Windows Server 2012’s SSD Write-Back Cache


QUESTION 4
Your company has offices in Montreal, New York, and Amsterdam.
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link.
You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office.
The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day.
What should you do?

A. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITE1INK. Modify the schedule of DEFAULTIPSITELINK.
B. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of DEFAULTIPSITELINK.
C. Create a new site link that contains Montreal and Amsterdam. Remove Amsterdam from DEFAULTIPSITELINK. Modify the schedule of the new site link.
D. Create a new site link that contains Montreal and Amsterdam. Create a new site link bridge. Modify the schedule of the new site link.

Answer: C
Explanation:
We create a new site link between Montreal and Amsterdam and schedule it only between 20:00 and 08:00. To ensure that traffic between Montreal and Amsterdam only occurs at this time we also remove Amsterdam from the DEFAULTIPSITELINK.
Reference: How Active Directory Replication Topology Works
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx


QUESTION 5
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?

A. 2001:123:4567:890A::
B. FE80:123:4567::
C. FF00:123:4567:890A::
D. FD00:123:4567::

Answer: D
Explanation:
Explanation/Reference:
* A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC 4193. It is the approximate IPv6 counterpart of the IPv4 private address.
The address block fc00::/7 is divided into two /8 groups: / The block fc00::/8 has not been defined yet.
/ The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to a randomly generated bit string.
* Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges:
/ They are not allocated by an address registry and may be used in networks by anyone without outside involvement.
/ They are not guaranteed to be globally unique.
/ Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in the global DNS.
Reference: RFC 4193


QUESTION 6
Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?

A. Run dnscmd and specify the CacheLockingPercent parameter.
B. Run Set-DnsServerGlobalQueryBlockList.
C. Run ipconfig and specify the Renew parameter.
D. Run Set-DnsServerCache.

Answer: D
Explanation:
The Set-DnsServerCache cmdlet modifies cache settings for a Domain Name System (DNS) server.
Run Set-DnsServerCache with the -LockingPercent switch.
/ -LockingPercent<UInt32>
Specifies a percentage of the original Time to Live (TTL) value that caching can consume. Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, the DNS server does not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This value means that the DNS server will not overwrite cached entries for the entire duration of the TTL.
Note. A better way would be clear the DNS cache on the DNS server with either Dnscmd /ClearCache (from command prompt), or Clear-DnsServerCache (from Windows PowerShell).
Reference: Set-DnsServerCache
http://technet.microsoft.com/en-us/library/jj649852.aspx
Incorrect:
Not A. You need to use the /config parameter as well:
You can change this value if you like by using the dnscmd command:
dnscmd /Config /CacheLockingPercent<percent>

Click here to view complete Q&A of 70-412 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-412 Training at certkingdom.com

Exam 70-410 Installing and Configuring Windows Server 2012

Published: September 17, 2012
Languages: English, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)
Audiences: IT professionals
Technology: Windows Server 2012
Credit toward certification: MCP, MCSA, MCS

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

As of January 2014, this exam includes content covering Windows Server 2012 R2.

Install and configure servers (15–20%)
Install servers
Plan for a server installation, plan for server roles, plan for a server upgrade, install Server Core, optimize resource utilization by using Features on Demand, migrate roles from previous versions of Windows Server
Configure servers
Configure Server Core, delegate administration, add and remove features in offline images, deploy roles on remote servers, convert Server Core to/from full GUI, configure services, configure NIC teaming, install and configure Windows PowerShell Desired State Configuration (DSC)
Configure local storage
Design storage spaces, configure basic and dynamic disks, configure master boot record (MBR) and GUID partition table (GPT) disks, manage volumes, create and mount virtual hard disks (VHDs), configure storage pools and disk pools, create storage pools by using disk enclosures

Preparation resources
Plan for server roles
Configure Server Core
Windows Server 2012 “early experts” challenge – Exam 70-410 – storage spaces

Configure server roles and features (15–20%)
Configure file and share access
Create and configure shares, configure share permissions, configure offline files, configure NTFS permissions, configure access-based enumeration (ABE), configure Volume Shadow Copy Service (VSS), configure NTFS quotas, create and configure Work Folders
Configure print and document services
Configure the Easy Print print driver, configure Enterprise Print Management, configure drivers, configure printer pooling, configure print priorities, configure printer permissions
Configure servers for remote management
Configure WinRM, configure down-level server management, configure servers for day-to-day management tasks, configure multi-server management, configure Server Core, configure Windows Firewall, manage non-domain joined servers

Preparation resources
Improve file server resiliency with ReFS in Windows Server 2012
Simplified printing with Windows 8 and Windows Server 2012
Using the Windows Server 2012 Server Manager for remote and multi-server management

Configure Hyper-V (15–20%)
Create and configure virtual machine settings
Configure dynamic memory, configure smart paging, configure Resource Metering, configure guest integration services, create and configure Generation 1 and 2 virtual machines, configure and use enhanced session mode, configure RemoteFX
Create and configure virtual machine storage
Create VHDs and VHDX, configure differencing drives, modify VHDs, configure pass-through disks, manage checkpoints, implement a virtual Fibre Channel adapter, configure storage Quality of Service
Create and configure virtual networks
Configure Hyper-V virtual switches, optimize network performance, configure MAC addresses; configure network isolation, configure synthetic and legacy virtual network adapters, configure NIC teaming in virtual machines

Preparation resources
Hyper-V dynamic memory overview
Configuring virtual disks and storage
Hyper-V network virtualization overview

Deploy and configure core network services (15–20%)
Configure IPv4 and IPv6 addressing
Configure IP address options, configure IPv4 or IPv6 subnetting, configure supernetting, configure interoperability between IPv4 and IPv6, configure Intra-site Automatic Tunnel Addressing Protocol (ISATAP), configure Teredo
Deploy and configure Dynamic Host Configuration Protocol (DHCP) service
Create and configure scopes, configure a DHCP reservation, configure DHCP options, configure client and server for PXE boot, configure DHCP relay agent, authorize DHCP server
Deploy and configure DNS service
Configure Active Directory integration of primary zones, configure forwarders, configure Root Hints, manage DNS cache, create A and PTR resource records

Preparation resources
IPv6 bootcamp: Get up to speed quickly
What is DHCP?

Install and administer Active Directory (15–20%)
Install domain controllers
Add or remove a domain controller from a domain, upgrade a domain controller, install Active Directory Domain Services (AD DS) on a Server Core installation, install a domain controller from Install from Media (IFM), resolve DNS SRV record registration issues, configure a global catalog server, deploy Active Directory infrastructure as a service (IaaS) in Microsoft Azure
Create and manage Active Directory users and computers
Automate the creation of Active Directory accounts; create, copy, configure, and delete users and computers; configure templates; perform bulk Active Directory operations; configure user rights; offline domain join; manage inactive and disabled accounts
Create and manage Active Directory groups and organizational units (OUs)
Configure group nesting; convert groups, including security, distribution, universal, domain local, and domain global; manage group membership using Group Policy; enumerate group membership; delegate the creation and management of Active Directory objects; manage default Active Directory containers; create, copy, configure, and delete groups and OUs

Preparation resources
What’s new in Active Directory Domain Services (ADDS) installation
Virtualization-safe technology and domain controller cloning
Overview of Active Directory simplified administration

Create and manage Group Policy (15–20%)
Create Group Policy objects (GPOs)
Configure a Central Store, manage starter GPOs, configure GPO links, configure multiple local Group Policies
Configure security policies
Configure User Rights Assignment, configure Security Options settings. configure Security templates, configure Audit Policy, configure Local Users and Groups, configure User Account Control (UAC)
Configure application restriction policies
Configure rule enforcement, configure AppLocker rules, configure Software Restriction Policies
Configure Windows Firewall
Configure rules for multiple profiles using Group Policy; configure connection security rules; configure Windows Firewall to allow or deny applications, scopes, ports, and users; configure authenticated firewall exceptions; import and export settings

Preparation resources
What’s new in Group Policy in Windows Server 2012
Group Policy analysis and troubleshooting
Group Policy setting reference for Windows 8 and Windows Server 2012


QUESTION 1
Your company has a main office and two branch offices. The offices connect to each other by using a WAN link.
In the main office, you have a server named Server1 that runs Windows Server 2012 R2.
Server1 is configured to use an IPv4 address only.
You need to assign an IPv6 address to Server1. The IP address must be private and routable.
Which IPv6 address should you assign to Server1?
A. fe80:ab32:145c::32cc:401b
B. ff00:3fff:65df:145c:dca8::82a4
C. 2001:ab32:145c::32cc:401b
D. fd00:ab32:14:ad88:ac:58:abc2:4

Answer: D

Explanation:
Unique local addresses are IPv6 addresses that are private to an organization in the same way that private addresses–such as 10.x.x.x, 192.168.x.x, or 172.16.0.0 172.31.255.255–can be used on an IPv4 network.
Unique local addresses, therefore, are not routable on the IPv6 Internet in the same way that an address like 10.20.100.55 is not routable on the IPv4 Internet. A unique local address is always structured as follows:
The first 8 bits are always 11111101 in binary format. This means that a unique local address always begins with FD and has a prefix identifier of FD00::/8.


QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the
Hyper-V server role installed.
On Server1, you create and start a virtual machine named VM1. VM1 is configured as shown in the following table.


You need to recommend a solution to minimize the amount of disk space used for the checkpoint of VM1.
What should you do before you create the checkpoint?
A. Run the Resize-VHD cmdlet.
B. Convert Disk1.vhd to a dynamically expanding disk.
C. Shut down VM1.
D. Run the Convert-VHD cmdlet.

Answer: C

Explanation:
Changing between a fixed and dynamic disk type does not alter the size of a SNAPSHOT much at all.
However, since a snapshot is a record of a VMs state at the exact time that the snapshot was taken, shutting down the VM before taking the snapshot prevents the snapshot from having to contain all of the data in RAM (as there is no data in memory when a machine is powered down).
The question states that the solution should minimize the amount of disk space used for the checkpoint of VM1. If the checkpoint is taken while VM1 is running, there will be two attritional files present at the checkpoint location; a .VSV with VM1 saved state files and a
.BIN file which contains VM1’s memory contents. If, however, VM1 is shut down first, these files will not be created, thus saving disk space.
In order to convert Disk1.vhd to a dynamically expanding disk, VM1 still have to be shut down.


QUESTION 3
Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table.


When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?
A. The placement of the global catalog server
B. The placement of the infrastructure master
C. The placement of the domain naming master
D. The placement of the PDC emulator

Answer: D

Explanation:
The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close interaction between the RID operations master role and the PDC emulator role.
The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it.
The PDC emulator master processes password changes from client computers and replicates these updates to all domain controllers throughout the domain. At any time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.


QUESTION 4 HOTSPOT
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
All servers are configured to enforce AppLocker policies.
You install a server named Server1.
On Server1, you install an application named App1.exe in a folder located on C:\App1.
You have two domain groups named Group1 and Group2.A user named User1 is a member of Group1 and Group2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to contoso.com.
You create the executable rules as shown in the exhibit by using the Create Executable Rules wizard. (Click the Exhibit button.)


To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

Answer:


QUESTION 5
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.


You need to ensure that VM1 can use more CPU time than the other virtual machines when the CPUs on Server1 are under a heavy load.
What should you configure?
A. NUMA topology
B. Resource control
C. resource metering
D. virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization

Answer: B

Explanation:
B. Resource controls provide you with several ways to control the way that Hyper-V allocates resources to virtual machine. Resource control in used in the event where you need to adjust the computing resources of a virtual machine, you can reconfigure the resources to meet the changing needs. You can also specify resource controls to automate how resources are allocated to virtual machines.
References: http://technet.microsoft.com/en-us/library/cc766320(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh831410.aspx http://technet.microsoft.com/en-us/library/cc742470.aspx
Exam Ref 70-410, Installing and Configuring Windows Server 2012 R2, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p.144 Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 7: Hyper-V Virtualization, Lesson 2: Deploying and configuring virtual machines, p.335


QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server1 that runs Windows Server 2012 R2.
You create a DHCP scope named Scope1. The scope has a start address of 192.168.1.10, an end address of 192.168.1.50, and a subnet mask of 255.255.255.192.
You need to ensure that Scope1 has a subnet mask of 255.255.255.0.
What should you do first?
A. From the DHCP console, reconcile Scope1.
B. From the DHCP console, delete Scope1.
C. From the DHCP console, modify the Scope Options of Scope1.
D. From Windows PowerShell, run the Set-DhcpServerv4Scope cmdlet.

Answer: B

Explanation:
You cannot change the subnet mask of a DHCP scope without deleting the scope and recreating it with the new subnet mask.
Set-DhcpServerv4Scope does not include a parameter for the subnet mask.


QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Group Policy Management feature installed. Server2 has the Print and Document Services server role installed.
On Server2, you open Print Management and you deploy a printer named Printer1 by using a Group Policy object (GPO) named GPO1.When you open GPO1 on Server1, you discover that the Deployed Printers node does not appear.
You need to view the Deployed Printers node in GPO1.
What should you do?
A. On Server1, modify the Group Policy filtering options of GPO1.
B. On a domain controller, create a Group Policy central store.
C. On Server2, install the Group Policy Management feature.
D. On Server1, configure the security filtering of GPO1.

Answer: C

Explanation:
Pre-Requisites
To use Group Policy for printer deployment you will need to have a Windows Active Directory domain, and this article assumes that your Domain Controller is a Windows 2008 R2 Server. You will also need the Print Services role installed on a server (can be on your DC), and you will be using the Print Management and Group Policy Management consoles to configure the various settings. It’s assumed that you have already followed Part One and have one or more printers shared on your server with the necessary drivers, ready to deploy to your client computers.

 

 

Click here to view complete Q&A of 70-410 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-410 Training at certkingdom.com

Exam 70-385 Recertification for MCSE: Messaging

Published: January 7, 2016
Languages: English, German, Japanese
Audiences: IT professionals
Technology: Exchange Server 2013
Credit toward certification: MCP, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

Install, configure, and manage the mailbox role
Plan the mailbox role
Plan for database size and storage performance requirements; plan for virtualization requirements and scenarios; plan mailbox role capacity and placement; design public folder placement strategy; validate storage by running JetStress
Configure and manage the mailbox role
Create and configure Offline Address Book (OAB); create and configure public folders; deploy mailbox server roles; design and create hierarchical address lists
Deploy and manage high availability solutions for the mailbox role
Create and configure a Database Availability Group (DAG); identify failure domains; manage DAG networks; configure proper placement of a file share witness; manage mailbox database copies
Monitor and troubleshoot the mailbox role
Troubleshoot database replication and replay; troubleshoot database copy activation; troubleshoot mailbox role performance; troubleshoot database failures; monitor database replication and content indexing

Plan, install, configure, and manage client access
Plan, deploy, and manage a Client Access Server (CAS)
Design to account for differences between legacy CAS and Exchange CAS; configure Office web application; plan for Outlook Anywhere; configure address book policies; plan to implement Kerberos authentication; plan for Outlook MAPI over HTTP
Plan and configure namespaces and client services
Design namespaces for client connectivity; configure URLs; plan for certificates; configure authentication methods; implement auto-discover for a given namespace
Implement load balancing
Configure namespace load balancing; configure Session Initiation Protocol (SIP) load balancing; plan for differences between layer seven and layer four load balancing methods; configure Windows Network Load Balancing (WNLB)

Plan, install, configure, and manage transport
Plan a high availability solution for common scenarios
Set up redundancy for intra-site scenarios; plan for SafetyNet; plan for shadow redundancy; plan for redundant MX records
Design a transport solution
Design inter-site mail flow; design inter-org mail flow; plan for Domain Secure/TLS; design Edge transport; design message hygiene solutions; design shared namespace scenarios
Troubleshoot and monitor transport
Interpret message tracking logs and protocol logs; troubleshoot a shared namespace environment; troubleshoot SMTP mail flow; given a failure scenario, predict mail flow and identify how to recover; troubleshoot Domain Secure/TLS; troubleshoot the new transport architecture

Design and manage an Exchange infrastructure
Plan for impact of Exchange on Active Directory services
Plan the number of domain controllers; plan placement of Global Catalog (GC); determine DNS changes required for Exchange; prepare domains for Exchange; evaluate impact of schema changes required for Exchange; plan around Active Directory site topology
Plan and manage Role Based Access Control (RBAC)
Determine appropriate RBAC roles and cmdlets; limit administration using existing role groups; evaluate differences between RBAC and Active Directory split permissions; configure a custom-scoped role group; configure delegated setup

Design, configure, and manage site resiliency

Manage a site-resilient Database Availability Group (DAG)
Plan and implement Datacenter Activation Coordination (DAC); given customer node requirements, recommend quorum options; plan cross-site DAG configuration; configure DAG networks
Design, deploy, and manage a site-resilient CAS solution
Plan site-resilient namespaces; configure site-resilient namespace URLs; perform steps for site *over; plan certificate requirements for site failovers; predict client behavior during a *over
Design, deploy, and manage site resilience for transport
Configure MX records for failover scenarios; manage resubmission and reroute queues; plan and configure Send/Receive connectors for site resiliency; perform steps for transport *over

Design, configure, and manage advanced security
Select an appropriate security strategy
Evaluate role-based access control (RBAC); evaluate BitLocker; evaluate smart cards; evaluate Information Rights Management (IRM); evaluate S/MIME; evaluate Domain Secure/TLS
Configure and interpret mailbox and administrative auditing
Configure mailbox audit logging; configure administrative audit logging; configure mailbox access logging; interpret all audit logs
Troubleshoot security-related issues
Determine certificate validity; ensure proper Certificate Revocation List (CRL) access and placement; ensure private key availability; troubleshoot failed IRM protection; troubleshoot RBAC

Configure and manage compliance, archiving, and discovery solutions

Perform eDiscovery
Plan and delegate RBAC roles for eDiscovery; enable a legal/litigation hold; perform a query-based InPlace hold; design and configure journaling; perform multi-mailbox searches in Exchange Administration Center (EAC); evaluate how to integrate InPlace federated searches with Microsoft SharePoint
Implement a compliance solution
Design and configure transport rules for ethical walls; configure MailTips; create, configure, and deploy message classifications; design and configure transport rules to meet specified compliance requirements

Implement and manage coexistence, hybrid scenarios, migration, and federation
Establish coexistence with Exchange Online
Deploy and manage hybrid configuration; evaluate limitations of the Hybrid Configuration Wizard; configure requirements for single sign-on (SSO); design and configure Active Directory Federation Services (ADFS)
Deploy and manage Exchange federation
Manage federation trusts with Microsoft federation gateways; manage hybrid deployment OAuth-based authentication; manage sharing policies; design certificate and firewall requirements; manage organization relationships
Implement on-premises coexistence with legacy systems
Plan namespaces for coexistence; configure proxy redirect; plan firewall configuration for coexistence; plan for mail flow requirements
Migrate legacy systems
Determine transition paths to Exchange; migrate public folders; migrate mailboxes; upgrade policies; plan to account for discontinued features; transition and decommission server roles

QUESTION 1
An administrator recommends removing EDGE1 from the implementation plan and adding a new Client Access server named CAS-8 instead.
You need to identify which anti-spam feature will NOT be available on CAS-8.
Which anti-spam feature should you identify?
A. Connection Filtering
B. Sender Filtering
C. Content Filtering
D. Recipient Filtering

Answer: A


QUESTION 2
You need to recommend which tasks must be performed to meet the technical requirements of the research and development (R&D) department.
Which two tasks should you recommend? (Each correct answer presents part of the solution. Choose two.)
A. Create a new global address list (GAL) and a new address book policy.
B. Modify the permissions of the default global address list (GAL), and then create a new GAL.
C. Run the Update AddressList cmdlet.
D. Run the Set-Mailbox cmdlet.
E. Create an OAB virtual directory.

Answer: A,D


QUESTION 3
You need to recommend a design that meets the technical requirements for communication between Fabrikam and A. Datum.
Which three actions should you perform in fabrikam.com? (Each correct answer presents part of the solution. Choose three.)
A. Create a remote domain for adatum.com.
B. Exchange certificates with the administrators of adatum.com.
C. From EDGE1, create a Send connector that has an address space for adatum.com
D. Run the Set-TransportConfigcmdlet.
E. Run the Set-TransportServercmdlet.
F. From a Mailbox server, create a Send connector that has an address space for adatum.com.

Answer: B,D,F


QUESTION 4
You need to recommend which task is required to prepare Active Directory for the planned Exchange Server 2013 implementation.
What should you recommend?
A. On any domain controller in the Paris office, run setup.exe /preparead.
B. On any domain controller in the Amsterdam office, run setup.exe /preparead.
C. On any domain controller in the Paris office, run setup.exe /preparealldomains.
D. On any domain controller in the Amsterdam office, run setup.exe /preparedomain.

Answer: B

Click here to view complete Q&A of 70-385 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-385 Training at certkingdom.com

Exam Prep: 70-341 and 70-342 – MCSE: Messaging (Microsoft Exchange Server 2013)

Exam Prep: 70-341 and 70-342 – MCSE: Messaging (Microsoft Exchange Server 2013)

This Exam Prep session is designed for people experienced with Exchange Server 2013 and who are interested in taking the 70-341 (Core Solutions of Microsoft Exchange Server 2013) and 70-342 (Advanced Solutions of Microsoft Exchange Server 2013) exams. These exams are required for the new MCSE: Messaging certification. Attendees of this session can expect to review the topics covered in these exams in a fast-paced format, as well as receive some valuable test taking techniques. Attendees will leave with an understanding of how Microsoft certification works, the key topics covered in the exams, and an exhaustive look at resources for getting ready for the exam. The session is led by a Microsoft Certified Trainer (MCT), experienced in delivering sessions on these topics.

New book: Exam Ref 70-342 Advanced Solutions of Microsoft Exchange Server 2013
Prepare for Microsoft Exam 70-342—and demonstrate your real-world mastery of advanced Microsoft Exchange Server 2013 solution design, configuration, implementation, management, and support. Designed for experienced IT professionals ready to advance, Exam Ref focuses on critical-thinking and decision-making acumen needed for success at the MCSE level.

Focus on the expertise measured by these objectives:
· Configure, manage, and migrate Unified Messaging
· Design, configure, and manage site resiliency
· Design, configure, and manage advanced security
· Configure and manage compliance, archiving, and discovery solutions
· Implement and manage coexistence, hybrid scenarios, migration, and federation

This Microsoft Exam Ref:
· Organizes its coverage by exam objectives
· Features strategic, what-if scenarios to challenge you
· Provides exam preparation tips written by two Exchange Server MVPs
· Assumes you have at least three years of experience managing Exchange Servers and have responsibilities for an enterprise Exchange messaging environment

Skills measured

This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.
Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.
If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

Starting July 2014, the questions on this exam include content covering Microsoft Exchange Server 2013 Service Pack 1.

Configure, manage, and migrate Unified Messaging (20%)
Configure Unified Messaging (UM)
Configure an IP gateway; configure a UM call router; create and configure an auto attendant; configure a call answering rule; design UM for high availability; create a dial plan
Manage Unified Messaging
Assign a dial plan to a user; move users between dial plans; enable and disable UM features for a user; set up protected voice mail; configure UM mailbox policy; manage UM language packs
Troubleshoot Unified Messaging
Troubleshoot and configure Mutual Transport Layer Security (MTLS); monitor calls and call statistics; troubleshoot and configure Quality of Service (QoS); troubleshoot SIP communication
Migrate Unified Messaging
Prepare to migrate; plan a migration strategy; plan a coexistence strategy; move UM mailboxes between sites; redirect the SIP gateway to Exchange; decommission the legacy system

Preparation resources
Deploy Exchange 2013 UM
Exchange Server 2013 and Unified Messaging – Part 1 – deploying and configuring
UM reports procedures

Design, configure, and manage site resiliency (22%)

Manage a site-resilient Database Availability Group (DAG)
Plan and implement Datacenter Activation Coordination (DAC); given customer node requirements, recommend quorum options; plan cross-site DAG configuration; configure DAG networks
Design, deploy, and manage a site-resilient CAS solution
Plan site-resilient namespaces; configure site-resilient namespace URLs; perform steps for site *over; plan certificate requirements for site failovers; predict client behavior during a *over
Design, deploy, and manage site resilience for transport
Configure MX records for failover scenarios; manage resubmission and reroute queues; plan and configure Send/Receive connectors for site resiliency; perform steps for transport *over
Troubleshoot site-resiliency issues
Resolve quorum issues; troubleshoot proxy redirection issues; troubleshoot client connectivity; troubleshoot mail flow; troubleshoot data center activation; troubleshoot DAG replication

Preparation resources
Microsoft Exchange Server 2013: Managing high availability and site resilience
Planning for high availability and site resilience
Database availability groups

Design, configure, and manage advanced security (21%)
Select an appropriate security strategy
Evaluate role-based access control (RBAC); evaluate BitLocker; evaluate smart cards; evaluate Information Rights Management (IRM); evaluate S/MIME; evaluate Domain Secure/TLS
Deploy and manage IRM with Active Directory Rights Management Services (AD RMS)
Create an AD RMS template; create transport protection rules; create Outlook protection rules; configure transport decryption; configure IRM for discovery; configure pre-licensing for client access
Configure and interpret mailbox and administrative auditing
Configure mailbox audit logging; configure administrative audit logging; configure mailbox access logging; interpret all audit logs
Troubleshoot security-related issues
Determine certificate validity; ensure proper Certificate Revocation List (CRL) access and placement; ensure private key availability; troubleshoot failed IRM protection; troubleshoot RBAC

Preparation resources
Information Rights Management
Mailbox audit logging

Configure and manage compliance, archiving, and discovery solutions (20%)
Configure and manage an archiving solution
Set up online archiving (Office 365); create archive policies; set up on-premises archiving; plan storage for an archiving solution
Design and configure Data Loss Prevention (DLP) solutions
Set up pre-built rules; set up custom rules; design a DLP solution to meet business requirements; set up custom policies
Configure and administer Message Records Management (MRM)
Design retention policies; configure retention policies; create and configure custom tags; assign policies to users; configure the Managed Folder Assistant; remove and delete tags
Perform eDiscovery
Plan and delegate RBAC roles for eDiscovery; enable a legal/litigation hold; perform a query-based InPlace hold; design and configure journaling; perform multi-mailbox searches in Exchange Administration Center (EAC); evaluate how to integrate InPlace federated searches with Microsoft SharePoint
Implement a compliance solution
Design and configure transport rules for ethical walls; configure MailTips; create, configure, and deploy message classifications; design and configure transport rules to meet specified compliance requirements

Preparation resources

Exchange Server 2013: Archive with elegance
Microsoft Exchange Server 2013 data loss prevention
Messaging records management

Implement and manage coexistence, hybrid scenarios, migration, and federation (18%)
Establish coexistence with Exchange Online
Deploy and manage hybrid configuration; evaluate limitations of the Hybrid Configuration Wizard; configure requirements for single sign-on (SSO); design and configure Active Directory Federation Services (ADFS)
Deploy and manage Exchange federation
Manage federation trusts with Microsoft federation gateways; manage hybrid deployment OAuth-based authentication; manage sharing policies; design certificate and firewall requirements; manage organization relationships
Implement on-premises coexistence with legacy systems
Plan namespaces for coexistence; configure proxy redirect; plan firewall configuration for coexistence; plan for mail flow requirements
Set up a cross-forest coexistence solution
Set up cross-forest availability; design certificate and firewall requirements; set up cross-forest mail flow; design and configure AutoDiscover; set up shared namespaces
Migrate legacy systems
Determine transition paths to Exchange; migrate public folders; migrate mailboxes; upgrade policies; plan to account for discontinued features; transition and decommission server roles
Troubleshoot issues associated with hybrid scenarios, coexistence, migration, and federation
Troubleshoot transport; troubleshoot Exchange federation trust and organization relationships; troubleshoot client access; troubleshoot SSO/AD FS; troubleshoot DirSync; troubleshoot cross-forest availability

Preparation resources
Exchange Server 2013 hybrid deployments
Configure the Availability service for cross-forest topologies
Public Folder procedures

Click here to view complete Q&A of 70-341 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-342 Training at certkingdom.com

admin's RSS Feed
Go to Top