MS TS 70-640 70-642 70-643 70-647 70-649 requirements
the requirement dump is here; notice the requirements are very upto date , as it is up to 2008 R2. I would say it is very different from windows 2003 days
70-640
1. Configuring Domain Name System (DNS) for Active Directory (17%)
· Configure zones.
o May include but is not limited to: Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL); GlobalNames; Primary, Secondary, Active Directory Integrated, Stub; SOA; zone scavenging; forward lookup; reverse lookup
· Configure DNS server settings.
o May include but is not limited to: forwarding; root hints; configure zone delegation; round robin; disable recursion; debug logging; server scavenging
· Configure zone transfers and replication.
o May include but is not limited to: configure replication scope (forestDNSzone; domainDNSzone); incremental zone transfers; DNS Notify; secure zone transfers; configure name servers; application directory partitions
Configuring the Active Directory infrastructure (17 percent)
· Configure a forest or a domain.
o May include but is not limited to: remove a domain; perform an unattended installation; Active Directory Migration Tool (ADMT) ; change forest and domain functional levels; interoperability with previous versions of Active Directory; multiple user principal name (UPN) suffixes; forestprep; domainprep
· Configure trusts.
o May include but is not limited to: forest trust; selective authentication vs. forest-wide authentication; transitive trust; external trust; shortcut trust; SID filtering
· Configure sites.
o May include but is not limited to: create Active Directory subnets; configure site links; configure site link costing; configure sites infrastructure
· Configure Active Directory replication.
o May include but is not limited to: DFSR; one-way replication; Bridgehead server; replication scheduling; configure replication protocols; force intersite replication
· Configure the global catalog.
o May include but is not limited to: Universal Group Membership Caching (UGMC); partial attribute set; promote to global catalog
· Configure operations masters.
o May include but is not limited to: seize and transfer; backup operations master; operations master placement; Schema Master; extending the schema; time service
Configuring Active Directory Roles and Services (14 percent)
· Configure Active Directory Lightweight Directory Service (AD LDS).
o May include but is not limited to: migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core Installation
· Configure Active Directory Rights Management Service (AD RMS).
o May include but is not limited to: certificate request and installation; self-enrollments; delegation; create RMS templates; RMS administrative roles; RM Add-on for IE
· Configure the read-only domain controller (RODC).
o May include but is not limited to: replication; Administrator role separation; read-only DNS; BitLocker; credential caching; password replication; syskey; read-only SYSVOL; staged install
· Configure Active Directory Federation Services (AD FSv2).
o May include but is not limited to: install AD FS server role; exchange certificate with AD FS agents; configure trust policies; configure user and group claim mapping; import and export trust policies
Creating and maintaining Active Directory objects (18 percent)
· Automate creation of Active Directory accounts.
o May include but is not limited to: bulk import; configure the UPN; create computer, user, and group accounts (scripts, import, migration); template accounts; contacts; distribution lists; offline domain join
· Maintain Active Directory accounts.
o May include but is not limited to: manage computer accounts; configure group membership; account resets; delegation; AGDLP/AGGUDLP; deny domain local group; local vs. domain; Protected Admin; disabling accounts vs. deleting accounts; deprovisioning; contacts; creating organizational units (OUs); delegation of control; protecting AD objects from deletion; managed service accounts
· Create and apply Group Policy objects (GPOs).
o May include but is not limited to: enforce, OU hierarchy, block inheritance, and enabling user objects; group policy processing priority; WMI; group policy filtering; group policy loopback; Group Policy Preferences (GPP)
· Configure GPO templates.
o May include but is not limited to: user rights; ADMX Central Store; administrative templates; security templates; restricted groups; security options; starter GPOs; shell access policies
· Deploy and manage software by using GPOs.
o May include but is not limited to: publishing to users; assigning software to users; assigning to computers; software removal; software restriction policies; AppLocker
· Configure account policies.
o May include but is not limited to: domain password policy; account lockout policy; fine-grain password policies
· Configure audit policy by using GPOs.
o May include but is not limited to: audit logon events; audit account logon events; audit policy change; audit access privilege use; audit directory service access; audit object access; advanced audit policies; global object access auditing; “Reason for Access” reporting
Maintaining the Active Directory environment (18 percent)
· Configure backup and recovery.
o May include but is not limited to: using Windows Server Backup; back up files and system state data to media; backup and restore by using removable media; perform an authoritative or non-authoritative restores; linked value replication; Directory Services Recovery Mode (DSRM); backup and restore GPOs; configure AD recycle bin
· Perform offline maintenance.
o May include but is not limited to: offline defragmentation and compaction; Restartable Active Directory; Active Directory database mounting tool
· Monitor Active Directory.
o May include but is not limited to: event viewer subscriptions; data collector sets; real-time monitoring; analyzing logs; WMI queries; PowerShell
Configuring Active Directory Certificate Services (15 percent)
· Install Active Directory Certificate Services.
o May include but is not limited to: certificate authority (CA) types, including standalone, enterprise, root, and subordinate; role services; prepare for multiple-forest deployments
· Configure CA server settings.
o May include but is not limited to: key archival; certificate database backup and restore; assigning administration roles; high-volume CAs; auditing
· Manage certificate templates.
o May include but is not limited to: certificate template types; securing template permissions; managing different certificate template versions; key recovery agent
· Manage enrollments.
o May include but is not limited to: network device enrollment service (NDES); auto enrollment; Web enrollment; extranet enrollment; smart card enrollment; authentication mechanism assurance; creating enrollment agents; deploying multiple-forest certificates; x.509 certificate mapping
· Manage certificate revocations.
o May include but is not limited to: configure Online Responders; Certificate Revocation List (CRL); CRL Distribution Point (CDP); Authority Information Access (AIA)
70-642
1. Configuring Addressing and Services (24 percent)
· Configure IPv4 and IPv6 addressing.
o May include but is not limited to: configure IP address options; subnetting; supernetting; multi-homed; interoperability between IPv4 and IPv6
· Configure Dynamic Host Configuration Protocol (DHCP).
o May include but is not limited to: DHCP options; creating new options; PXE boot; default user profiles; DHCP relay agents; exclusions; authorize server in Active Directory; scopes; DHCPv6
· Configure routing.
o May include but is not limited to: static routing; persistent routing; Routing Internet Protocol (RIP); metrics; choosing a default gateway; maintaining a routing table; demand-dial routing; IGMP proxy
· Configure Windows Firewall with Advanced Security.
o May include but is not limited to: inbound and outbound rules; custom rules; authorized users; authorized computers; configure firewall by using Group Policy; network location profiles; service groups; import/export policies; isolation policy; IPsec group policies; Connection Security Rules
Configuring Names Resolution (27 percent)
· Configure a Domain Name System (DNS) server.
o May include but is not limited to: conditional forwarding; external forwarders; root hints; cache-only; socket pooling; cache locking
· Configure DNS zones.
o May include but is not limited to: zone scavenging; zone types; Active Directory integration; Dynamic Domain Name System (DDNS); Secure DDNS; GlobalNames; zone delegation; DNS Security Extensions (DNSSEC); reverse lookup zones
· Configure DNS records.
o May include but is not limited to: record types; Time to live (TTL); weighting records; registering records; netmask ordering; DnsUpdateProxy group; round robin; DNS record security; auditing
· Configure DNS replication.
o May include but is not limited to: DNS secondary zones; DNS stub zones; Active Directory Integrated replication scopes; securing zone transfer; SOA refresh; auditing
· Configure name resolution for client computers.
o May include but is not limited to: configuring HOSTS file; Link-Local Multicast Name Resolution (LLMNR); broadcasting; resolver cache; DNS server list; Suffix Search order; DNS devolution
Configuring Network Access (22 percent)
· Configure remote access.
o May include but is not limited to: dial-up; Remote Access Policy; Network Address Translation (NAT); VPN protocols, such as Secure Socket Tunneling Protocol (SSTP) and IKEv2; Routing and Remote Access Services (RRAS); packet filters; Connection Manager; VPN reconnect; RAS authentication by using MS-CHAP, MS-CHAP v2, and EAP
· Configure Network Access Protection (NAP).
o May include but is not limited to: network layer protection; DHCP enforcement; VPN enforcement; RDS enforcement; configure NAP health policies; IPsec enforcement; 802.1x enforcement; flexible host isolation; multi-configuration System Health Validator (SHV)
· Configure DirectAccess.
o May include but is not limited to: IPv6; IPsec; server requirements; client requirements; perimeter network; name resolution policy table
· Configure Network Policy Server (NPS).
o May include but is not limited to: IEEE 802.11 wireless; IEEE 802.3 wired; group policy for wireless; RADIUS accounting; Connection Request policies; RADIUS proxy; NPS templates
Configuring File and Print Services (13 percent)
· Configure a file server.
o May include but is not limited to: file share publishing; Offline Files; share permissions; NTFS permissions; encrypting file system (EFS); BitLocker; Access-Based Enumeration (ABE); branch cache; Share and Storage Management console
· Configure Distributed File System (DFS).
o May include but is not limited to: DFS namespace; DFS configuration and application; creating and configuring targets; DFS replication; read-only replicated folder; failover cluster support; health reporting
· Configure backup and restore.
o May include but is not limited to: backup types; backup schedules; managing remotely; restoring data; shadow copy services; volume snapshot services (VSS); bare metal restore; backup to remote file share
· Manage file server resources.
o May include but is not limited to: FSRM; quota by volume or quota by user; quota entries; quota templates; file classification; Storage Manager for SANs; file management tasks; file screening
· Configure and monitor print services.
o May include but is not limited to: printer share; publish printers to Active Directory; printer permissions; deploy printer connections; install printer drivers; export and import print queues and printer settings; add counters to Performance Monitor to monitor print servers; print pooling; print priority; print driver isolation; location-aware printing; print management delegation
Monitoring and Managing a Network Infrastructure (14 percent)
· Configure Windows Server Update Services (WSUS) server settings.
o May include but is not limited to: update type selection; client settings; Group Policy object (GPO); client targeting; software updates; test and approval; disconnected networks
· Configure performance monitoring.
o May include but is not limited to: Data Collector Sets; Performance Monitor; Reliability Monitor; monitoring System Stability Index; page files; analyze performance data
· Configure event logs.
o May include but is not limited to: custom views; application and services logs; subscriptions; attaching tasks to events find and filter
· Gather network data.
o May include but is not limited to: Simple Network Management Protocol (SNMP); Network Monitor; Connection Security Rules monitoring
70-643
Deploying Servers (28 percent)
· Deploy images by using Windows Deployment Services.
o May include but is not limited to: Install from media (IFM); configure Windows Deployment Services; capture Windows Deployment Services images; deploy Windows Deployment Services images; dynamic driver provisioning; PXE provider; multicasting; VHD deployment
· Configure Microsoft Windows activation.
o May include but is not limited to: install a KMS server; create a DNS SRV record; replicate volume license data; Multiple Activation Key (MAK); managing activation
· Configure Windows Server Hyper-V and virtual machines.
o May include but is not limited to: Virtual networking; virtualization hardware requirements; Virtual Hard Disks; migration types; Integration Services; dynamic memory allocation; dynamic virtual machine storage; import/export; snapshot
· Configure high availability.
o May include but is not limited to: failover clustering; Network Load Balancing; geo-clustering support; cluster service migration; Cluster Shared Volumes (CSV)
· Configure storage.
o May include but is not limited to: RAID types; Virtual Disk Specification (VDS); iSCSI Initiator; Storage Area Networks (SANs); mount points; Multipath I/O (MPIO); VHD mounting; boot from VHD; N-Port Identification Virtualization (NPIV)
Configuring Remote Desktop Services (26 percent)
· Configure RemoteApp and Remote Desktop Web Access.
o May include but is not limited to: providing access to remote resources; per-user filtering; forms-based authentication; single sign-on
· Configure Remote Desktop Gateway (RD Gateway).
o May include but is not limited to: certificate configuration; Remote Desktop resource authorization policy (RD RAP); Remote Desktop connection authorization policy (RD CAP); Remote Desktop group policy
· Configure Remote Desktop Connection Broker.
o May include but is not limited to: redirection modes; DNS registration; set by using group policy
· Configure and monitor Remote Desktop resources.
o May include but is not limited to: allocate resources by using Windows Server Resource Manager; configure application logging; fair share CPU scheduling; viewing processes
· Configure Remote Desktop licensing.
o May include but is not limited to: deploy licensing server; connectivity between Remote Desktop Session Hosts (RD Session Hosts) and Remote Desktop Licensing (RD Licensing); recovering Remote Desktop Licensing server; managing Remote Desktop Services client access licenses (RDS CALs); revoking licensing
· Configure Remote Desktop Session Host.
o May include but is not limited to: session options; session permissions; display data prioritization; profiles and home folders; IP Virtualization; RemoteFX
Configuring a Web Services Infrastructure (25 percent)
· Configure Web applications.
o May include but is not limited to: directory-dependent; publishing; URL-specified configuration; Microsoft .NET components, for example, .NET and aspx; configure application pools; manage service accounts; server core
· Manage Web sites.
o May include but is not limited to: migrate sites and Web applications; publish IIS Web sites; configure virtual directories; xcopy deployment
· Configure a File Transfer Protocol (FTP) server.
o May include but is not limited to: configure for extranet users; configure permissions; configure File Transfer Protocol Secure (FTPS); WebDAV integration; user isolation
· Configure Simple Mail Transfer Protocol (SMTP).
o May include but is not limited to: setting up smart hosts; configuring size limitations; setting up security and authentication to the delivering server; creating proper service accounts; authentication; SMTP relay
· Manage the Web Server (IIS) role.
o May include but is not limited to: Web site content backup and restore; IIS configuration backup; monitor IIS; configuration logging and tracing; delegation of administrative rights
· Configure SSL security.
o May include but is not limited to: configure certificates; requesting SSL certificate; renewing SSL certificate; exporting and importing certificates
· Configure Web site authentication and permissions.
o May include but is not limited to: configure site permissions and authentication; configure application permissions; client certificate mappings; request filtering
Configuring Network Application Services (21 percent)
· Manage the Streaming Media Services role.
o May include but is not limited to: installation; on-demand replication; caching and proxy; multicast streaming; advertising; Web-based administration; Real-Time Streaming Protocol (RTSP)
· Secure streaming media.
o May include but is not limited to: encryption; sharing business rules; configuring license delivery; configuring policy templates; configure Windows Media Rights Manager; automatically acquire media usage rights; Microsoft DRM upgrade service
· Configure SharePoint Foundation options.
o May include but is not limited to: site permissions; backup; service accounts; rights management services (RMS); migration; audience targeting; claims-based authentication; SharePoint Timer jobs; usage and report logging
· Configure SharePoint Foundation integration.
o May include but is not limited to: configuring a document library to receive e-mail; configuring incoming vs. outgoing e-mail; support for Office Web Apps and SharePoint Workspaces
70-647
Planning network and application services (23 percent)
· Plan for name resolution and IP addressing. May include but is not limited to: internal and external naming strategy, naming resolution support for legacy clients, naming resolution for directory services, IP addressing scheme, TCP/IP version coexistence
· Design for network access. May include but is not limited to: network access policies, remote access strategy, perimeter networks, server and domain isolation
· Plan for application delivery. May include but is not limited to: application virtualization, presentation virtualization, locally installed software, Web-based applications
· Plan for Remote Desktop Services. May include but is not limited to: Terminal Services licensing, Remote Desktop Services infrastructure
Designing core identity and access management components (25 percent)
· Design Active Directory forests and domains. May include but is not limited to: forest structure, forest and domain functional levels, intra-organizational authorization and authentication, schema modifications
· Design the Active Directory physical topology. May include but is not limited to: placement of servers, site and replication topology, printer location policies
· Design the Active Directory administrative model. May include but is not limited to: delegation, group strategy, compliance auditing, group administration, organizational structure
· Design the enterprise-level group policy strategy. May include but is not limited to: group policy hierarchy and scope filtering, control device installation, authentication and authorization
Designing support identity and access management components (29 percent)
· Plan for domain or forest migration, upgrade, and restructuring. May include but is not limited to: cross-forest authentication, backward compatibility, object migration, migration planning, implementation planning, environment preparation
· Design the branch office deployment. May include but is not limited to: authentication strategy, server security
· Design and implement public key infrastructure. May include but is not limited to: certificate services, PKI operations and maintenance, certificate life cycle management
· Plan for interoperability. May include but is not limited to: inter-organizational authorization and authentication, application authentication interoperability, cross-platform interoperability
Designing for business continuity and data availability (23 percent)
· Plan for business continuity. May include but is not limited to: service availability, directory service recovery
· Design for software updates and compliance management. May include but is not limited to: patch management and patch management compliance, Microsoft Update and Windows Update, security baselines, system health models
· Design the operating system virtualization strategy. May include but is not limited to: server consolidation, application compatibility, virtualization management, placement of servers
· Design for data management and data access. May include but is not limited to: data security, data accessibility and redundancy, data collaboration
70-649
Configuring Additional Active Directory Server Roles
· Configure Active Directory Lightweight Directory Service (AD LDS)
May include but is not limited to: migration to AD LDS, configuring data within AD LDS, configuring an authentication server, server core, Windows Server 2008 Hyper-V
· Configure Active Directory Rights Management Service (AD RMS)
May include but is not limited to: certificate request and installation, self-enrollments, delegation, Active Directory Metadirectory Services (AD MDS), Windows Server virtualization
· Configure the read-only domain controller (RODC)
May include but is not limited to: unidirectional replication, Administrator role separation, read-only DNS, BitLocker, credential caching, password replication, syskey, Windows Server virtualization
· Configure Active Directory Federation Services (ADFS)
May include but is not limited to: installing AD FS server role, exchange certificate with AD FS agents, configuring trust policies, configuring user and group claim mapping, Windows Server virtualization
Configuring IP Addressing and Services
· Configure IPv4 and IPv6 addressing
May include but is not limited to: configuring IP options, subnetting, supernetting, alternative configuration
· Configure Dynamic Host Configuration Protocol (DHCP)
May include but is not limited to: DHCP options, creating new options, PXE boot, default user profiles, DHCP relay agents, exclusions, authorizing server in Active Directory, scopes, server core, Windows Server Hyper-V
· Configure routing
May include but is not limited to: static routing, persistent routing, Routing Internet Protocol (RIP), Open Shortest Path First (OSPF)
· Configure IPsec
May include but is not limited to: creating IPsec policy, IPsec Authentication Header (AH), IPsec Encapsulating Security Payload (ESP)
Monitoring and Managing a Network Infrastructure
· Configure Windows Software Update Services (WSUS) server settings
May include but is not limited to: updating type selection, client settings, Group Policy object (GPO), client targeting, software updates, test and approval, disconnected networks
· Capture performance data
May include but is not limited to: Data Collector Sets, Performance Monitor, Reliability Monitor, monitoring System Stability Index
· Monitor event logs
May include but is not limited to: custom views, application and services logs, subscriptions, DNS log
· Gather network data
May include but is not limited to: Simple Network Management Protocol (SNMP), Baseline Security Analyzer, Network Monitor
Deploying Servers
· Deploy images by using Windows Deployment Services
May include but is not limited to: installing from media (IFM), configuring Windows Deployment Services, capturing Windows Deployment Services images, deploying Windows Deployment Services images, server core
· Configure Microsoft Windows activation
May include but is not limited to: installing a KMS server, creating a DNS SRV record, replicating volume license data
· Configure Windows Server Hyper-V and virtual machines
May include but is not limited to: virtual networking, virtualization hardware requirements, Virtual Hard Disks, migrating from physical to virtual, VM additions, backup, optimization, server core
· Configure high availability
May include but is not limited to: failover clustering, Network Load Balancing, hardware redundancy
· Configure storage
May include but is not limited to: RAID types, Virtual Disk Specification (VDS) API, Network Attached Storage, iSCSI and Fibre Channel storage area networks, mount points
Configuring Remote Desktop Services
· Configure RemoteApp and Remote Desktop Web Access.
May include but is not limited to: providing access to remote resources; per-user filtering; forms-based authentication; single sign-on
· Configure Remote Desktop Gateway (RD Gateway).
May include but is not limited to: certificate configuration; Remote Desktop resource authorization policy (RD RAP); Remote Desktop connection authorization policy (RD CAP); Remote Desktop group policy
· Configure Remote Desktop Connection Broker.
May include but is not limited to: redirection modes; DNS registration; set by using group policy
· Configure and monitor Remote Desktop resources.
May include but is not limited to: allocate resources by using Windows Server Resource Manager; configure application logging; fair share CPU scheduling; viewing processes
· Configure Remote Desktop licensing.
May include but is not limited to: deploy licensing server; connectivity between Remote Desktop Session Hosts (RD Session Hosts) and Remote Desktop Licensing (RD Licensing); recovering Remote Desktop Licensing server; managing Remote Desktop Services client access licenses (RDS CALs); revoking licensing
· Configure Remote Desktop Session Host.
May include but is not limited to: session options; session permissions; display data prioritization; profiles and home folders; IP Virtualization; RemoteFX
Configuring a Web Services Infrastructure
· Configure Web applications
May include but is not limited to: directory-dependent, publishing, URL-specified configuration, Microsoft .NET components, for example, .NET and .aspx, configuring application pools
· Manage Web sites
May include but is not limited to: migrating sites and Web applications, publishing IIS Web sites, configuring virtual directories
· Configure a File Transfer Protocol (FTP) server
May include but is not limited to: configuring for extranet users, configuring permissions
· Configure Simple Mail Transfer Protocol Services (SMTP)
May include but is not limited to: setting up smart hosts, configuring size limitations, setting up security and authentication to the delivering server, creating proper service accounts, authentication, SMTP relay
· Manage Internet Information Services (IIS)
May include but is not limited to: Web site content backup and restore, IIS configuration backup, monitoring IIS, configuring logging, delegation of administrative rights
· Configure SSL security
May include but is not limited to: configuring certificates, requesting SSL certificate, renewing SSL certificate, exporting and importing certificates
· Configure Web site authentication and permissions
May include but is not limited to: configuring site permissions and authentication, configuring application permissions, client certificate mappings
