MS TS 70-640 70-642 70-643 70-647 70-649 requirements

MS TS 70-640 70-642 70-643 70-647 70-649 requirements

the requirement dump is here; notice the requirements are very upto date , as it is up to 2008 R2. I would say it is very different from windows 2003 days

70-640

1. Configuring Domain Name System (DNS) for Active Directory (17%)

·         Configure zones.

o    May include but is not limited to: Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL); GlobalNames; Primary, Secondary, Active Directory Integrated, Stub; SOA; zone scavenging; forward lookup; reverse lookup

·         Configure DNS server settings.

o    May include but is not limited to: forwarding; root hints; configure zone delegation; round robin; disable recursion; debug logging; server scavenging

·         Configure zone transfers and replication.

o    May include but is not limited to: configure replication scope (forestDNSzone; domainDNSzone); incremental zone transfers; DNS Notify; secure zone transfers; configure name servers; application directory partitions

Configuring the Active Directory infrastructure (17 percent)

·         Configure a forest or a domain.

o    May include but is not limited to: remove a domain; perform an unattended installation; Active Directory Migration Tool (ADMT) ; change forest and domain functional levels; interoperability with previous versions of Active Directory; multiple user principal name (UPN) suffixes; forestprep; domainprep

·         Configure trusts.

o    May include but is not limited to: forest trust; selective authentication vs. forest-wide authentication; transitive trust; external trust; shortcut trust; SID filtering

·         Configure sites.

o    May include but is not limited to: create Active Directory subnets; configure site links; configure site link costing; configure sites infrastructure

·         Configure Active Directory replication.

o    May include but is not limited to: DFSR; one-way replication; Bridgehead server; replication scheduling; configure replication protocols; force intersite replication

·         Configure the global catalog.

o    May include but is not limited to: Universal Group Membership Caching (UGMC); partial attribute set; promote to global catalog

·         Configure operations masters.

o    May include but is not limited to: seize and transfer; backup operations master; operations master placement; Schema Master; extending the schema; time service

Configuring Active Directory Roles and Services (14 percent)

·         Configure Active Directory Lightweight Directory Service (AD LDS).

o    May include but is not limited to: migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core Installation

·         Configure Active Directory Rights Management Service (AD RMS).

o    May include but is not limited to: certificate request and installation; self-enrollments; delegation; create RMS templates; RMS administrative roles; RM Add-on for IE

·         Configure the read-only domain controller (RODC).

o    May include but is not limited to: replication; Administrator role separation; read-only DNS; BitLocker; credential caching; password replication; syskey; read-only SYSVOL; staged install

·         Configure Active Directory Federation Services (AD FSv2).

o    May include but is not limited to: install AD FS server role; exchange certificate with AD FS agents; configure trust policies; configure user and group claim mapping; import and export trust policies

Creating and maintaining Active Directory objects (18 percent)

·         Automate creation of Active Directory accounts.

o    May include but is not limited to: bulk import; configure the UPN; create computer, user, and group accounts (scripts, import, migration); template accounts; contacts; distribution lists; offline domain join

·         Maintain Active Directory accounts.

o    May include but is not limited to: manage computer accounts; configure group membership; account resets; delegation; AGDLP/AGGUDLP; deny domain local group; local vs. domain; Protected Admin; disabling accounts vs. deleting accounts; deprovisioning; contacts; creating organizational units (OUs); delegation of control; protecting AD objects from deletion; managed service accounts

·         Create and apply Group Policy objects (GPOs).

o    May include but is not limited to: enforce, OU hierarchy, block inheritance, and enabling user objects; group policy processing priority; WMI; group policy filtering; group policy loopback; Group Policy Preferences (GPP)

·         Configure GPO templates.

o    May include but is not limited to: user rights; ADMX Central Store; administrative templates; security templates; restricted groups; security options; starter GPOs; shell access policies

·         Deploy and manage software by using GPOs.

o    May include but is not limited to: publishing to users; assigning software to users; assigning to computers; software removal; software restriction policies; AppLocker

·         Configure account policies.

o    May include but is not limited to: domain password policy; account lockout policy; fine-grain password policies

·         Configure audit policy by using GPOs.

o    May include but is not limited to: audit logon events; audit account logon events; audit policy change; audit access privilege use; audit directory service access; audit object access; advanced audit policies; global object access auditing; “Reason for Access” reporting

Maintaining the Active Directory environment (18 percent)

·         Configure backup and recovery.

o    May include but is not limited to: using Windows Server Backup; back up files and system state data to media; backup and restore by using removable media; perform an authoritative or non-authoritative restores; linked value replication; Directory Services Recovery Mode (DSRM); backup and restore GPOs; configure AD recycle bin

·         Perform offline maintenance.

o    May include but is not limited to: offline defragmentation and compaction; Restartable Active Directory; Active Directory database mounting tool

·         Monitor Active Directory.

o    May include but is not limited to: event viewer subscriptions; data collector sets; real-time monitoring; analyzing logs; WMI queries; PowerShell

Configuring Active Directory Certificate Services (15 percent)

·         Install Active Directory Certificate Services.

o    May include but is not limited to: certificate authority (CA) types, including standalone, enterprise, root, and subordinate; role services; prepare for multiple-forest deployments

·         Configure CA server settings.

o    May include but is not limited to: key archival; certificate database backup and restore; assigning administration roles; high-volume CAs; auditing

·         Manage certificate templates.

o    May include but is not limited to: certificate template types; securing template permissions; managing different certificate template versions; key recovery agent

·         Manage enrollments.

o    May include but is not limited to: network device enrollment service (NDES); auto enrollment; Web enrollment; extranet enrollment; smart card enrollment; authentication mechanism assurance; creating enrollment agents; deploying multiple-forest certificates; x.509 certificate mapping

·         Manage certificate revocations.

o    May include but is not limited to: configure Online Responders; Certificate Revocation List (CRL); CRL Distribution Point (CDP); Authority Information Access (AIA)

70-642

1. Configuring Addressing and Services (24 percent)

·         Configure IPv4 and IPv6 addressing.

o    May include but is not limited to: configure IP address options; subnetting; supernetting; multi-homed; interoperability between IPv4 and IPv6

·         Configure Dynamic Host Configuration Protocol (DHCP).

o    May include but is not limited to: DHCP options; creating new options; PXE boot; default user profiles; DHCP relay agents; exclusions; authorize server in Active Directory; scopes; DHCPv6

·         Configure routing.

o    May include but is not limited to: static routing; persistent routing; Routing Internet Protocol (RIP); metrics; choosing a default gateway; maintaining a routing table; demand-dial routing; IGMP proxy

·         Configure Windows Firewall with Advanced Security.

o    May include but is not limited to: inbound and outbound rules; custom rules; authorized users; authorized computers; configure firewall by using Group Policy; network location profiles; service groups; import/export policies; isolation policy; IPsec group policies; Connection Security Rules

Configuring Names Resolution (27 percent)

·         Configure a Domain Name System (DNS) server.

o    May include but is not limited to: conditional forwarding; external forwarders; root hints; cache-only; socket pooling; cache locking

·         Configure DNS zones.

o    May include but is not limited to: zone scavenging; zone types; Active Directory integration; Dynamic Domain Name System (DDNS); Secure DDNS; GlobalNames; zone delegation; DNS Security Extensions (DNSSEC); reverse lookup zones

·         Configure DNS records.

o    May include but is not limited to: record types; Time to live (TTL); weighting records; registering records; netmask ordering; DnsUpdateProxy group; round robin; DNS record security; auditing

·         Configure DNS replication.

o    May include but is not limited to: DNS secondary zones; DNS stub zones; Active Directory Integrated replication scopes; securing zone transfer; SOA refresh; auditing

·         Configure name resolution for client computers.

o    May include but is not limited to: configuring HOSTS file; Link-Local Multicast Name Resolution (LLMNR); broadcasting; resolver cache; DNS server list; Suffix Search order; DNS devolution

Configuring Network Access (22 percent)

·         Configure remote access.

o    May include but is not limited to: dial-up; Remote Access Policy; Network Address Translation (NAT); VPN protocols, such as Secure Socket Tunneling Protocol (SSTP) and IKEv2; Routing and Remote Access Services (RRAS); packet filters; Connection Manager; VPN reconnect; RAS authentication by using MS-CHAP, MS-CHAP v2, and EAP

·         Configure Network Access Protection (NAP).

o    May include but is not limited to: network layer protection; DHCP enforcement; VPN enforcement; RDS enforcement; configure NAP health policies; IPsec enforcement; 802.1x enforcement; flexible host isolation; multi-configuration System Health Validator (SHV)

·         Configure DirectAccess.

o    May include but is not limited to: IPv6; IPsec; server requirements; client requirements; perimeter network; name resolution policy table

·         Configure Network Policy Server (NPS).

o    May include but is not limited to: IEEE 802.11 wireless; IEEE 802.3 wired; group policy for wireless; RADIUS accounting; Connection Request policies; RADIUS proxy; NPS templates

Configuring File and Print Services (13 percent)

·         Configure a file server.

o    May include but is not limited to: file share publishing; Offline Files; share permissions; NTFS permissions; encrypting file system (EFS); BitLocker; Access-Based Enumeration (ABE); branch cache; Share and Storage Management console

·         Configure Distributed File System (DFS).

o    May include but is not limited to: DFS namespace; DFS configuration and application; creating and configuring targets; DFS replication; read-only replicated folder; failover cluster support; health reporting

·         Configure backup and restore.

o    May include but is not limited to: backup types; backup schedules; managing remotely; restoring data; shadow copy services; volume snapshot services (VSS); bare metal restore; backup to remote file share

·         Manage file server resources.

o    May include but is not limited to: FSRM; quota by volume or quota by user; quota entries; quota templates; file classification; Storage Manager for SANs; file management tasks; file screening

·         Configure and monitor print services.

o    May include but is not limited to: printer share; publish printers to Active Directory; printer permissions; deploy printer connections; install printer drivers; export and import print queues and printer settings; add counters to Performance Monitor to monitor print servers; print pooling; print priority; print driver isolation; location-aware printing; print management delegation

Monitoring and Managing a Network Infrastructure (14 percent)

·         Configure Windows Server Update Services (WSUS) server settings.

o    May include but is not limited to: update type selection; client settings; Group Policy object (GPO); client targeting; software updates; test and approval; disconnected networks

·         Configure performance monitoring.

o    May include but is not limited to: Data Collector Sets; Performance Monitor; Reliability Monitor; monitoring System Stability Index; page files; analyze performance data

·         Configure event logs.

o    May include but is not limited to: custom views; application and services logs; subscriptions; attaching tasks to events find and filter

·         Gather network data.

o    May include but is not limited to: Simple Network Management Protocol (SNMP); Network Monitor; Connection Security Rules monitoring

70-643

Deploying Servers (28 percent)

·         Deploy images by using Windows Deployment Services.

o    May include but is not limited to: Install from media (IFM); configure Windows Deployment Services; capture Windows Deployment Services images; deploy Windows Deployment Services images; dynamic driver provisioning; PXE provider; multicasting; VHD deployment

·         Configure Microsoft Windows activation.

o    May include but is not limited to: install a KMS server; create a DNS SRV record; replicate volume license data; Multiple Activation Key (MAK); managing activation

·         Configure Windows Server Hyper-V and virtual machines.

o    May include but is not limited to: Virtual networking; virtualization hardware requirements; Virtual Hard Disks; migration types; Integration Services; dynamic memory allocation; dynamic virtual machine storage; import/export; snapshot

·         Configure high availability.

o    May include but is not limited to: failover clustering; Network Load Balancing; geo-clustering support; cluster service migration; Cluster Shared Volumes (CSV)

·         Configure storage.

o    May include but is not limited to: RAID types; Virtual Disk Specification (VDS); iSCSI Initiator; Storage Area Networks (SANs); mount points; Multipath I/O (MPIO); VHD mounting; boot from VHD; N-Port Identification Virtualization (NPIV)

Configuring Remote Desktop Services (26 percent)

·         Configure RemoteApp and Remote Desktop Web Access.

o    May include but is not limited to: providing access to remote resources; per-user filtering; forms-based authentication; single sign-on

·         Configure Remote Desktop Gateway (RD Gateway).

o    May include but is not limited to: certificate configuration; Remote Desktop resource authorization policy (RD RAP); Remote Desktop connection authorization policy (RD CAP); Remote Desktop group policy

·         Configure Remote Desktop Connection Broker.

o    May include but is not limited to: redirection modes; DNS registration; set by using group policy

·         Configure and monitor Remote Desktop resources.

o    May include but is not limited to: allocate resources by using Windows Server Resource Manager; configure application logging; fair share CPU scheduling; viewing processes

·         Configure Remote Desktop licensing.

o    May include but is not limited to: deploy licensing server; connectivity between Remote Desktop Session Hosts (RD Session Hosts) and Remote Desktop Licensing (RD Licensing); recovering Remote Desktop Licensing server; managing Remote Desktop Services client access licenses (RDS CALs); revoking licensing

·         Configure Remote Desktop Session Host.

o    May include but is not limited to: session options; session permissions; display data prioritization; profiles and home folders; IP Virtualization; RemoteFX

Configuring a Web Services Infrastructure (25 percent)

·         Configure Web applications.

o    May include but is not limited to: directory-dependent; publishing; URL-specified configuration; Microsoft .NET components, for example, .NET and aspx; configure application pools; manage service accounts; server core

·         Manage Web sites.

o    May include but is not limited to: migrate sites and Web applications; publish IIS Web sites; configure virtual directories; xcopy deployment

·         Configure a File Transfer Protocol (FTP) server.

o    May include but is not limited to: configure for extranet users; configure permissions; configure File Transfer Protocol Secure (FTPS); WebDAV integration; user isolation

·         Configure Simple Mail Transfer Protocol (SMTP).

o    May include but is not limited to: setting up smart hosts; configuring size limitations; setting up security and authentication to the delivering server; creating proper service accounts; authentication; SMTP relay

·         Manage the Web Server (IIS) role.

o    May include but is not limited to: Web site content backup and restore; IIS configuration backup; monitor IIS; configuration logging and tracing; delegation of administrative rights

·         Configure SSL security.

o    May include but is not limited to: configure certificates; requesting SSL certificate; renewing SSL certificate; exporting and importing certificates

·         Configure Web site authentication and permissions.

o    May include but is not limited to: configure site permissions and authentication; configure application permissions; client certificate mappings; request filtering

Configuring Network Application Services (21 percent)

·         Manage the Streaming Media Services role.

o    May include but is not limited to: installation; on-demand replication; caching and proxy; multicast streaming; advertising; Web-based administration; Real-Time Streaming Protocol (RTSP)

·         Secure streaming media.

o    May include but is not limited to: encryption; sharing business rules; configuring license delivery; configuring policy templates; configure Windows Media Rights Manager; automatically acquire media usage rights; Microsoft DRM upgrade service

·         Configure SharePoint Foundation options.

o    May include but is not limited to: site permissions; backup; service accounts; rights management services (RMS); migration; audience targeting; claims-based authentication; SharePoint Timer jobs; usage and report logging

·         Configure SharePoint Foundation integration.

o    May include but is not limited to: configuring a document library to receive e-mail; configuring incoming vs. outgoing e-mail; support for Office Web Apps and SharePoint Workspaces

70-647

Planning network and application services (23 percent)

·         Plan for name resolution and IP addressing. May include but is not limited to: internal and external naming strategy, naming resolution support for legacy clients, naming resolution for directory services, IP addressing scheme, TCP/IP version coexistence

·         Design for network access. May include but is not limited to: network access policies, remote access strategy, perimeter networks, server and domain isolation

·         Plan for application delivery. May include but is not limited to: application virtualization, presentation virtualization, locally installed software, Web-based applications

·         Plan for Remote Desktop Services. May include but is not limited to: Terminal Services licensing, Remote Desktop Services infrastructure

Designing core identity and access management components (25 percent)

·         Design Active Directory forests and domains. May include but is not limited to: forest structure, forest and domain functional levels, intra-organizational authorization and authentication, schema modifications

·         Design the Active Directory physical topology. May include but is not limited to: placement of servers, site and replication topology, printer location policies

·         Design the Active Directory administrative model. May include but is not limited to: delegation, group strategy, compliance auditing, group administration, organizational structure

·         Design the enterprise-level group policy strategy. May include but is not limited to: group policy hierarchy and scope filtering, control device installation, authentication and authorization

Designing support identity and access management components (29 percent)

·         Plan for domain or forest migration, upgrade, and restructuring. May include but is not limited to: cross-forest authentication, backward compatibility, object migration, migration planning, implementation planning, environment preparation

·         Design the branch office deployment. May include but is not limited to: authentication strategy, server security

·         Design and implement public key infrastructure. May include but is not limited to: certificate services, PKI operations and maintenance, certificate life cycle management

·         Plan for interoperability. May include but is not limited to: inter-organizational authorization and authentication, application authentication interoperability, cross-platform interoperability

Designing for business continuity and data availability (23 percent)

·         Plan for business continuity. May include but is not limited to: service availability, directory service recovery

·         Design for software updates and compliance management. May include but is not limited to: patch management and patch management compliance, Microsoft Update and Windows Update, security baselines, system health models

·         Design the operating system virtualization strategy. May include but is not limited to: server consolidation, application compatibility, virtualization management, placement of servers

·         Design for data management and data access. May include but is not limited to: data security, data accessibility and redundancy, data collaboration

70-649

Configuring Additional Active Directory Server Roles

·         Configure Active Directory Lightweight Directory Service (AD LDS)

May include but is not limited to: migration to AD LDS, configuring data within AD LDS, configuring an authentication server, server core, Windows Server 2008 Hyper-V

·         Configure Active Directory Rights Management Service (AD RMS)

May include but is not limited to: certificate request and installation, self-enrollments, delegation, Active Directory Metadirectory Services (AD MDS), Windows Server virtualization

·         Configure the read-only domain controller (RODC)

May include but is not limited to: unidirectional replication, Administrator role separation, read-only DNS, BitLocker, credential caching, password replication, syskey, Windows Server virtualization

·         Configure Active Directory Federation Services (ADFS)

May include but is not limited to: installing AD FS server role, exchange certificate with AD FS agents, configuring trust policies, configuring user and group claim mapping, Windows Server virtualization

Configuring IP Addressing and Services

·         Configure IPv4 and IPv6 addressing

May include but is not limited to: configuring IP options, subnetting, supernetting, alternative configuration

·         Configure Dynamic Host Configuration Protocol (DHCP)

May include but is not limited to: DHCP options, creating new options, PXE boot, default user profiles, DHCP relay agents, exclusions, authorizing server in Active Directory, scopes, server core, Windows Server Hyper-V

·         Configure routing

May include but is not limited to: static routing, persistent routing, Routing Internet Protocol (RIP), Open Shortest Path First (OSPF)

·         Configure IPsec

May include but is not limited to: creating IPsec policy, IPsec Authentication Header (AH), IPsec Encapsulating Security Payload (ESP)

Monitoring and Managing a Network Infrastructure

·         Configure Windows Software Update Services (WSUS) server settings

May include but is not limited to: updating type selection, client settings, Group Policy object (GPO), client targeting, software updates, test and approval, disconnected networks

·         Capture performance data

May include but is not limited to: Data Collector Sets, Performance Monitor, Reliability Monitor, monitoring System Stability Index

·         Monitor event logs

May include but is not limited to: custom views, application and services logs, subscriptions, DNS log

·         Gather network data

May include but is not limited to: Simple Network Management Protocol (SNMP), Baseline Security Analyzer, Network Monitor

Deploying Servers

·         Deploy images by using Windows Deployment Services

May include but is not limited to: installing from media (IFM), configuring Windows Deployment Services, capturing Windows Deployment Services images, deploying Windows Deployment Services images, server core

·         Configure Microsoft Windows activation

May include but is not limited to: installing a KMS server, creating a DNS SRV record, replicating volume license data

·         Configure Windows Server Hyper-V and virtual machines

May include but is not limited to: virtual networking, virtualization hardware requirements, Virtual Hard Disks, migrating from physical to virtual, VM additions, backup, optimization, server core

·         Configure high availability

May include but is not limited to: failover clustering, Network Load Balancing, hardware redundancy

·         Configure storage

May include but is not limited to: RAID types, Virtual Disk Specification (VDS) API, Network Attached Storage, iSCSI and Fibre Channel storage area networks, mount points

Configuring Remote Desktop Services

·         Configure RemoteApp and Remote Desktop Web Access.

May include but is not limited to: providing access to remote resources; per-user filtering; forms-based authentication; single sign-on

·         Configure Remote Desktop Gateway (RD Gateway).

May include but is not limited to: certificate configuration; Remote Desktop resource authorization policy (RD RAP); Remote Desktop connection authorization policy (RD CAP); Remote Desktop group policy

·         Configure Remote Desktop Connection Broker.

May include but is not limited to: redirection modes; DNS registration; set by using group policy

·         Configure and monitor Remote Desktop resources.

May include but is not limited to: allocate resources by using Windows Server Resource Manager; configure application logging; fair share CPU scheduling; viewing processes

·         Configure Remote Desktop licensing.

May include but is not limited to: deploy licensing server; connectivity between Remote Desktop Session Hosts (RD Session Hosts) and Remote Desktop Licensing (RD Licensing); recovering Remote Desktop Licensing server; managing Remote Desktop Services client access licenses (RDS CALs); revoking licensing

·         Configure Remote Desktop Session Host.

May include but is not limited to: session options; session permissions; display data prioritization; profiles and home folders; IP Virtualization; RemoteFX

Configuring a Web Services Infrastructure

·         Configure Web applications

May include but is not limited to: directory-dependent, publishing, URL-specified configuration, Microsoft .NET components, for example, .NET and .aspx, configuring application pools

·         Manage Web sites

May include but is not limited to: migrating sites and Web applications, publishing IIS Web sites, configuring virtual directories

·         Configure a File Transfer Protocol (FTP) server

May include but is not limited to: configuring for extranet users, configuring permissions

·         Configure Simple Mail Transfer Protocol Services (SMTP)

May include but is not limited to: setting up smart hosts, configuring size limitations, setting up security and authentication to the delivering server, creating proper service accounts, authentication, SMTP relay

·         Manage Internet Information Services (IIS)

May include but is not limited to: Web site content backup and restore, IIS configuration backup, monitoring IIS, configuring logging, delegation of administrative rights

·         Configure SSL security

May include but is not limited to: configuring certificates, requesting SSL certificate, renewing SSL certificate, exporting and importing certificates

·         Configure Web site authentication and permissions

May include but is not limited to: configuring site permissions and authentication, configuring application permissions, client certificate mappings