Like this article? We recommend
Exam Objectives
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Exam Objectives
Here are the exam objectives as stated by Microsoft. The percentages indicate the relative weight of each major topic area on the exam.
Configuring Additional Active Directory Server Roles
- Configure Active Directory Lightweight Directory Service (AD LDS). May include but is not limited to: migration to AD LDS, configuring data within AD LDS, configuring an authentication server, server core, Windows Server 2008 Hyper-V
- Configure Active Directory Rights Management Service (AD RMS). May include but is not limited to: certificate request and installation, self-enrollments, delegation, Active Directory Metadirectory Services (AD MDS), Windows Server virtualization
- Configure the read-only domain controller (RODC). May include but is not limited to: unidirectional replication, Administrator role separation, read-only DNS, BitLocker, credential caching, password replication, syskey, Windows Server virtualization
- Configure Active Directory Federation Services (AD FS). May include but is not limited to: install AD FS server role, exchange certificate with AD FS agents, configuring trust policies, configuring user and group claim mapping, Windows Server virtualization
Maintaining the Active Directory Environment
- Configure backup and recovery. May include but is not limited to: using Windows Server Backup, backup files and system state data to media, backup and restore by using removable media, performing an authoritative or non-authoritative Active Directory restore, linked value replication, Directory Services Recovery Mode (DSRM) (reset admin password), backing up and restoring GPOs
- Perform offline maintenance. May include but is not limited to: offline defragmentation and compaction, Restartable Active Directory, Active Directory database storage allocation
- Monitor Active Directory. May include but is not limited to: Network Monitor, Task Manager, Event Viewer, ReplMon, RepAdmin, Windows System Resource Manager, Reliability and Performance Monitor, Server Performance Advisor, RSOP
Configuring Active Directory Certificate Services
- Install Active Directory Certificate Services. May include but is not limited to: standalone versus enterprise, CA hierarchies—root versus subordinate, certificate requests, certificate practice statement
- Configure CA server settings. May include but is not limited to: key archival, certificate database backup and restore, assigning administration roles
- Manage certificate templates. May include but is not limited to: certificate template types, securing template permissions, managing different certificate template versions, key recovery agent
- Manage enrollments. May include but is not limited to: network device enrollment service (NDES), autoenrollment, Web enrollment, smart card enrollment, creating enrollment agents
- Manage certificate revocations. May include but is not limited to: configuring Online Responders, Certificate Revocation List (CRL), CRL Distribution Point (CDP), Authority Information Access (AIA)
Configuring IP Addressing and Services
- Configure IPv4 and IPv6 addressing. May include but is not limited to: configuring IP options, subnetting, supernetting, alternative configuration
- Configure Dynamic Host Configuration Protocol (DHCP). May include but is not limited to: DHCP options, creating new options, PXE boot, default user profiles, DHCP relay agents, exclusions, authorizing server in Active Directory, scopes, server core, Windows Server Hyper-V
- Configure routing. May include but is not limited to: static routing, persistent routing, Routing Internet Protocol (RIP), Open Shortest Path First (OSPF)
- Configure IPsec. May include but is not limited to: creating IPsec policy, IPsec Authentication Header (AH), IPsec Encapsulating Security Payload (ESP)
Configuring Network Access
- Configure remote access. May include but is not limited to: dial-up, Remote Access Policy, Network Address Translation (NAT), Internet Connection Sharing (ICS), VPN, Routing and Remote Access Services (RRAS), inbound/outbound filters, configuring Remote Authentication Dial-In User Service (RADIUS) server, configuring RADIUS proxy, remote access protocols, Connection Manager
- Configure Network Access Protection (NAP). May include but is not limited to: network layer protection, DHCP enforcement, VPN enforcement, configuring NAP health policies, IPsec enforcement, 802.1x enforcement, flexible host isolation
- Configure network authentication. May include but is not limited to: LAN authentication by using NTLMv2 and Kerberos, WLAN authentication by using 802.1x, RAS authentication by using MS-CHAP, MS-CHAP v2, and EAP
- Configure wireless access. May include but is not limited to: Set Service Identifier (SSID), Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), ad hoc versus infrastructure mode, group policy for wireless
- Configure firewall settings. May include but is not limited to: incoming and outgoing traffic filtering, Active Directory account integration, identifying ports and protocols, Windows Firewall versus Windows Firewall with Advanced Security, configuring firewall by using group policy, isolation policy
Monitoring and Managing a Network Infrastructure
- Configure Windows Software Update Services (WSUS) server settings. May include but is not limited to: updating type selection, client settings, Group Policy object (GPO), client targeting, software updates, test and approval, disconnected networks
- Capture performance data. May include but is not limited to: Data Collector Sets, Performance Monitor, Reliability Monitor, monitoring System Stability Index
- Monitor event logs. May include but is not limited to: custom views, application and services logs, subscriptions, DNS log
- Gather network data. May include but is not limited to: Simple Network Management Protocol (SNMP), Baseline Security Analyzer, Network Monitor