Desenvolvimento pessoal e profissionalMicrosoft

Exame 70-640 – TS Windows Server 2008 Active Directory, Configuring

Claudiano J. da Silva 0 Comments , , , , ,

Este post é para quem tem interesse em conquistar a certificação MCTS Windows Server 2008 Active Directory, Configuring, exame 70-640
Os assuntos abordados no exame são:

Configuring Domain Name System (DNS) for Active Directory (17%)

*Configure zones.

  •   May include but is not limited to: Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL); GlobalNames; Primary, Secondary, Active Directory Integrated, Stub; SOA; zone scavenging; forward lookup; reverse lookup

*Configure DNS server settings.

  • May include but is not limited to: forwarding; root hints; configure zone delegation; round robin; disable recursion; debug logging; server scavenging

*Configure zone transfers and replication.

  •   May include but is not limited to: configure replication scope (forestDNSzone; domainDNSzone); incremental zone transfers; DNS Notify; secure zone transfers; configure name servers; application directory partitions

Configuring the Active Directory infrastructure (17 percent)

*Configure a forest or a domain.

  •  May include but is not limited to: remove a domain; perform an unattended installation; Active Directory Migration Tool (ADMT) ; change forest and domain functional levels; interoperability with previous versions of Active Directory; multiple user principal name (UPN) suffixes; forestprep; domainprep

*Configure trusts.

  • May include but is not limited to: forest trust; selective authentication vs. forest-wide authentication; transitive trust; external trust; shortcut trust; SID filtering

*Configure sites.

  •   May include but is not limited to: create Active Directory subnets; configure site links; configure site link costing; configure sites infrastructure

*Configure Active Directory replication.

  •   May include but is not limited to: DFSR; one-way replication; Bridgehead server; replication scheduling; configure replication protocols; force intersite replication

*Configure the global catalog.

  • May include but is not limited to: Universal Group Membership Caching (UGMC); partial attribute set; promote to global catalog

*Configure operations masters.

  •   May include but is not limited to: seize and transfer; backup operations master; operations master placement; Schema Master; extending the schema; time service

Configuring Active Directory Roles and Services (14 percent)

*Configure Active Directory Lightweight Directory Service (AD LDS).

  •   May include but is not limited to: migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core Installation

*Configure Active Directory Rights Management Service (AD RMS).

  •   May include but is not limited to: certificate request and installation; self-enrollments; delegation; create RMS templates; RMS administrative roles; RM Add-on for IE

*Configure the read-only domain controller (RODC).

  • May include but is not limited to: replication; Administrator role separation; read-only DNS; BitLocker; credential caching; password replication; syskey; read-only SYSVOL; staged install

*Configure Active Directory Federation Services (AD FSv2).

  •   May include but is not limited to: install AD FS server role; exchange certificate with AD FS agents; configure trust policies; configure user and group claim mapping; import and export trust policies

Creating and maintaining Active Directory objects (18 percent)

*Automate creation of Active Directory accounts.

  • May include but is not limited to: bulk import; configure the UPN; create computer, user, and group accounts (scripts, import, migration); template accounts; contacts; distribution lists; offline domain join

*Maintain Active Directory accounts.

  •   May include but is not limited to: manage computer accounts; configure group membership; account resets; delegation; AGDLP/AGGUDLP; deny domain local group; local vs. domain; Protected Admin; disabling accounts vs. deleting accounts; deprovisioning; contacts; creating organizational units (OUs); delegation of control; protecting AD objects from deletion; managed service accounts

*Create and apply Group Policy objects (GPOs).

  • May include but is not limited to: enforce, OU hierarchy, block inheritance, and enabling user objects; group policy processing priority; WMI; group policy filtering; group policy loopback; Group Policy Preferences (GPP)

*Configure GPO templates.

  • May include but is not limited to: user rights; ADMX Central Store; administrative templates; security templates; restricted groups; security options; starter GPOs; shell access policies

* Deploy and manage software by using GPOs.

  • May include but is not limited to: publishing to users; assigning software to users; assigning to computers; software removal; software restriction policies; AppLocker

*Configure account policies.

  •   May include but is not limited to: domain password policy; account lockout policy; fine-grain password policies

*Configure audit policy by using GPOs.

  • May include but is not limited to: audit logon events; audit account logon events; audit policy change; audit access privilege use; audit directory service access; audit object access; advanced audit policies; global object access auditing; “Reason for Access” reporting

Maintaining the Active Directory environment (18 percent)

*Configure backup and recovery.

  •   May include but is not limited to: using Windows Server Backup; back up files and system state data to media; backup and restore by using removable media; perform an authoritative or non-authoritative restores; linked value replication; Directory Services Recovery Mode (DSRM); backup and restore GPOs; configure AD recycle bin

*Perform offline maintenance.

  •   May include but is not limited to: offline defragmentation and compaction; Restartable Active Directory; Active Directory database mounting tool

*Monitor Active Directory.

  •   May include but is not limited to: event viewer subscriptions; data collector sets; real-time monitoring; analyzing logs; WMI queries; PowerShell

Configuring Active Directory Certificate Services (15 percent)

*Install Active Directory Certificate Services.

  • May include but is not limited to: certificate authority (CA) types, including standalone, enterprise, root, and subordinate; role services; prepare for multiple-forest deployments

*Configure CA server settings.

  •   May include but is not limited to: key archival; certificate database backup and restore; assigning administration roles; high-volume CAs; auditing

*Manage certificate templates.

  • May include but is not limited to: certificate template types; securing template permissions; managing different certificate template versions; key recovery agent

*Manage enrollments.

  • May include but is not limited to: network device enrollment service (NDES); auto enrollment; Web enrollment; extranet enrollment; smart card enrollment; authentication mechanism assurance; creating enrollment agents; deploying multiple-forest certificates; x.509 certificate mapping

*Manage certificate revocations.

  • May include but is not limited to: configure Online Responders; Certificate Revocation List (CRL); CRL Distribution Point (CDP); Authority Information Access (AIA)

Pessoal, tem muita coisa para estudar!!!!!!

Abraço e até a próxima.

Fonte: Microsoft

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

Esse site utiliza o Akismet para reduzir spam. Aprenda como seus dados de comentários são processados.