M20411 Administering Windows Server 2012
Credit toward certification:
MCP, MCSA, MCSE
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam.
Who should take this exam?
This exam is part two of a series of three exams that test the skills and knowledge necessary to administer a Windows Server 2012 infrastructure in an enterprise environment. Passing this exam validates a candidate’s ability to administer the tasks required to maintain a Windows Server 2012 infrastructure, such as user and group management, network access, and data security. Passing this exam along with the other two exams confirms that a candidate has the skills and knowledge necessary for implementing, managing, maintaining, and provisioning services and infrastructure in a Windows Server 2012 environment.
This exam includes:
- Deploy, manage, and maintain servers (15-20%)
- Deploy and manage server images. Install the Windows Deployment Services (WDS) role; configure and manage boot, install, and discover images; update images with patches, hotfixes, and drivers; install features for offline images; configure driver groups and packages;
- Implement patch management. Install and configure the Windows Server Update Services (WSUS) role, configure group policies for updates, configure client-side targeting, configure WSUS synchronization, configure WSUS groups, manage patch management in mixed environments;
- Monitor servers. Configure Data Collector Sets (DCS), configure alerts, monitor real-time performance, monitor virtual machines (VMs), monitor events, configure event subscriptions, configure network monitoring, schedule performance monitoring.
- Configure File and Print Services (15-20%)
- Configure Distributed File System (DFS). Install and configure DFS namespaces, configure DFS Replication Targets, configure Replication Scheduling, configure Remote Differential Compression settings, configure staging, configure fault tolerance, clone a DFS database, recover DFS databases, optimize DFS replication;
- Configure File Server Resource Manager (FSRM). Install the FSRM role service, configure quotas, configure file screens, configure reports, configure file management tasks;
- Configure file and disk encryption. Configure BitLocker encryption; configure the Network Unlock feature; configure BitLocker policies; configure the EFS recovery agent; manage EFS and BitLocker certificates, including backup and restore;
- Configure advanced audit policies. Implement auditing using Group Policy and AuditPol.exe, create expression-based audit policies, create removable device audit policies.
- Configure network services and access (15-20%)
- Configure DNS zones. Configure primary and secondary zones, configure stub zones, configure conditional forwards, configure zone and conditional forward storage in Active Directory, configure zone delegation, configure zone transfer settings, configure notify settings;
- Configure DNS records. Create and configure DNS Resource Records (RR), including A, AAAA, PTR, SOA, NS, SRV, CNAME, and MX records; configure zone scavenging; configure record options, including Time To Live (TTL) and weight; configure round robin; configure secure dynamic updates;
- Configure virtual private network (VPN) and routing. Install and configure the Remote Access role, implement Network Address Translation (NAT), configure VPN settings, configure remote dial-in settings for users, configure routing, configure Web Application proxy in passthrough mode;
- Configure DirectAccess. Implement server requirements, implement client configuration, configure DNS for Direct Access, configure certificates for Direct Access.
- Configure a Network Policy Server (NPS) infrastructure (10-15%)
- Configure Network Policy Server. Configure a RADIUS server, including RADIUS proxy; configure RADIUS clients; configure NPS templates; configure RADIUS accounting; configure certificates;
- Configure NPS policies. Configure connection request policies, configure network policies for VPN clients (multilink and bandwidth allocation, IP filters, encryption, IP addressing), import and export NPS policies;
- Configure Network Access Protection (NAP). Configure System Health Validators (SHVs), configure health policies, configure NAP enforcement using DHCP and VPN, configure isolation and remediation of non-compliant computers using DHCP and VPN, configure NAP client settings.
- Configure and manage Active Directory (10-15%)
- Configure service authentication. Create and configure Service Accounts, create and configure Group Managed Service Accounts, configure Kerberos delegation, manage Service Principal Names (SPNs), configure virtual accounts;
- Configure domain controllers. Transfer and seize operations master roles, install and configure a read-only domain controller (RODC), configure domain controller cloning;
- Maintain Active Directory. Back up Active Directory and SYSVOL, manage Active Directory offline, optimize an Active Directory database, clean up metadata, configure Active Directory snapshots, perform object- and container-level recovery, perform Active Directory restore, configure and restore objects by using the Active Directory Recycle Bin;
- Configure account policies. Configure domain and local user password policy settings, configure and apply Password Settings Objects (PSOs), delegate password settings management, configure account lockout policy settings, configure Kerberos policy settings.
- Configure and manage Group Policy (15-20%)
- Configure Group Policy processing. Configure processing order and precedence, configure blocking of inheritance, configure enforced policies, configure security filtering and Windows Management Instrumentation (WMI) filtering, configure loopback processing, configure and manage slow-link processing and Group Policy caching, configure client-side extension (CSE) behavior, force Group Policy Update;
- Configure Group Policy settings. Configure settings, including software installation, folder redirection, scripts, and administrative template settings; import security templates; import custom administrative template file; configure property filters for administrative templates;
- Manage Group Policy objects (GPOs). Back up, import, copy, and restore GPOs; create and configure Migration Table; reset default GPOs; delegate Group Policy management;
- Configure Group Policy preferences (GPP). Configure GPP settings, including printers, network drive mappings, power options, custom registry settings, Control Panel settings, Internet Explorer settings, file and folder deployment, and shortcut deployment; configure item-level targeting.