The most effective way to prepare to take an
exam.
The relationship between Microsoft training
materials and exam content.
Microsoft policy concerning the incorporation of
service pack and revision updates into exam content.
Exam question types and formats.
Exam time limits and number of questions asked.
We recommend that you review this
preparation guide in its entirety and familiarize
yourself with the FAQs and resources on the Microsoft
Certification website before you schedule your exam.
Audience Profile
The Microsoft Certified Technology Specialist (MCTS) on
Windows Server 2008 credentials are intended for information
technology (IT) professionals who work in the complex
computing environment of medium to large companies. The MCTS
candidate should have at least one year of experience
implementing and administering Windows Server 2008 R2 in an
environment that has the following characteristics:
network services and resources such as messaging,
databases, file and print, firewalls, Internet access,
an intranet, Public Key Infrastructure, remote access,
remote desktop, virtualization, and client computer
management
connectivity requirements such as connecting branch
offices and individual users in remote locations to
corporate resources, and connecting corporate networks
Credit Toward CertificationWhen
you pass Exam 70-640: Windows Server 2008 Active Directory,
Configuring, you complete the requirements for the following
certification(s):
Skills
Being MeasuredThis exam measures your
ability to accomplish the technical tasks listed below.The
percentages indicate the relative weight of each major topic area on the
exam.The higher the percentage, the more questions you are likely to see
on that content area on the exam.
The information after “This
objective may include but is not limited to” is intended to further
define or scope the objective by describing the types of skills and
topics that may be tested for the objective. However, it is not an
exhaustive list of skills and topics that could be included on the exam
for a given skill area. You may be tested on other skills and topics
related to the objective that are not explicitly listed here.
1. Configuring Domain Name System (DNS) for Active Directory
(18%)
Configure zones.
May include but
is not limited to: Dynamic DNS (DDNS), Non-dynamic DNS
(NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL);
GlobalNames; Primary, Secondary, Active Directory
Integrated, Stub; SOA; zone scavenging; forward lookup;
reverse lookup
Configure DNS server settings.
May include but
is not limited to: forwarding; root hints; configure zone
delegation; round robin; disable recursion; debug logging;
server scavenging
Configure zone transfers and replication.
May include but
is not limited to: configure replication scope
(forestDNSzone; domainDNSzone); incremental zone transfers;
DNS Notify; secure zone transfers; configure name servers;
application directory partitions
Configuring the Active Directory infrastructure (17 percent)
Configure a forest or a domain.
May include but
is not limited to: remove a domain; perform an unattended
installation; Active Directory Migration Tool (ADMT) ;
change forest and domain functional levels; interoperability
with previous versions of Active Directory; multiple user
principal name (UPN) suffixes; forestprep; domainprep
Configure trusts.
May include but
is not limited to: forest trust; selective authentication
vs. forest-wide authentication; transitive trust; external
trust; shortcut trust; SID filtering
Configure sites.
May include but
is not limited to: create Active Directory subnets;
configure site links; configure site link costing; configure
sites infrastructure
Configure Active Directory replication.
May include but
is not limited to: DFSR; one-way replication; Bridgehead
server; replication scheduling; configure replication
protocols; force intersite replication
Configure the global catalog.
May include but
is not limited to: Universal Group Membership Caching
(UGMC); partial attribute set; promote to global catalog
Configure operations masters.
May include but
is not limited to: seize and transfer; backup operations
master; operations master placement; Schema Master;
extending the schema; time service
Configuring Active Directory Roles and Services (14 percent)
Configure Active Directory Lightweight Directory Service (AD
LDS).
May include but
is not limited to: migration to AD LDS; configure data
within AD LDS; configure an authentication server; Server
Core Installation
Configure Active Directory Rights Management Service (AD
RMS).
May include but
is not limited to: certificate request and installation;
self-enrollments; delegation; create RMS templates; RMS
administrative roles; RM Add-on for IE
Configure the read-only domain controller (RODC).
May include but
is not limited to: replication; Administrator role
separation; read-only DNS; BitLocker; credential caching;
password replication; syskey; read-only SYSVOL; staged
install
Configure Active Directory Federation Services (AD FSv2).
May include but
is not limited to: install AD FS server role; exchange
certificate with AD FS agents; configure trust policies;
configure user and group claim mapping; import and export
trust policies
Creating and maintaining Active Directory objects (18 percent)
Automate creation of Active Directory accounts.
May include but
is not limited to: bulk import; configure the UPN; create
computer, user, and group accounts (scripts, import,
migration); template accounts; contacts; distribution lists;
offline domain join
Maintain Active Directory accounts.
May include but
is not limited to: manage computer accounts; configure group
membership; account resets; delegation; AGDLP/AGGUDLP; deny
domain local group; local vs. domain; Protected Admin;
disabling accounts vs. deleting accounts; deprovisioning;
contacts; creating organizational units (OUs); delegation of
control; protecting AD objects from deletion; managed
service accounts
Create and apply Group Policy objects (GPOs).
May include but
is not limited to: enforce, OU hierarchy, block inheritance,
and enabling user objects; group policy processing priority;
WMI; group policy filtering; group policy loopback; Group
Policy Preferences (GPP)
Configure GPO templates.
May include but
is not limited to: user rights; ADMX Central Store;
administrative templates; security templates; restricted
groups; security options; starter GPOs; shell access
policies
Deploy and manage
software by using GPOs.
May include but
is not limited to: publishing to users; assigning software
to users; assigning to computers; software removal; software
restriction policies; AppLocker
Configure account policies.
May include but
is not limited to: domain password policy; account lockout
policy; fine-grain password policies
Configure audit policy by using GPOs.
May include but
is not limited to: audit logon events; audit account logon
events; audit policy change; audit access privilege use;
audit directory service access; audit object access;
advanced audit policies; global object access auditing;
“Reason for Access” reporting
Maintaining the Active Directory environment (18 percent)
Configure backup and recovery.
May include but
is not limited to: using Windows Server Backup; back up
files and system state data to media; backup and restore by
using removable media; perform an authoritative or
non-authoritative restores; linked value replication;
Directory Services Recovery Mode (DSRM); backup and restore
GPOs; configure AD recycle bin
Perform offline maintenance.
May include but
is not limited to: offline defragmentation and compaction;
Restartable Active Directory; Active Directory database
mounting tool
Monitor Active Directory.
May include but
is not limited to: event viewer subscriptions; data
collector sets; real-time monitoring; analyzing logs; WMI
queries; PowerShell
Configuring Active Directory Certificate Services (15 percent)
Install Active Directory Certificate Services.
May include but
is not limited to: certificate authority (CA) types,
including standalone, enterprise, root, and subordinate;
role services; prepare for multiple-forest deployments
Configure CA server settings.
May include but
is not limited to: key archival; certificate database backup
and restore; assigning administration roles; high-volume
CAs; auditing
Manage certificate templates.
May include but
is not limited to: certificate template types; securing
template permissions; managing different certificate
template versions; key recovery agent
Manage enrollments.
May include but
is not limited to: network device enrollment service (NDES);
auto enrollment; Web enrollment; extranet enrollment; smart
card enrollment; authentication mechanism assurance;
creating enrollment agents; deploying multiple-forest
certificates; x.509 certificate mapping
Manage certificate revocations.
May include but
is not limited to: configure Online Responders; Certificate
Revocation List (CRL); CRL Distribution Point (CDP);
Authority Information Access (AIA)
О нас
