McSa 70-741 Cert Guide

Learn, prepare, and practice for MCSA 70-741 exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification.

• Master MCSA 70-741 exam topics
• Assess your knowledge with chapter-ending quizzes
• Review key concepts with exam preparation tasks
• Practice with realistic exam questions

MCSA 70-741 Cert Guide is a best-of-breed exam study guide. Leading technology trainer and exam development consultant Michael S. Schulz shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The study guide helps you master all the topics on the MCSA 70-741 exam for Windows Server 2016, including

• DNS implementation, including server configuration, zones, records, policies, DNSSEC, and DANE
• DHCP, including server installation, configuration, and scopes
• IPAM, including installation/configuration, DNS/DHCP management, and auditing
• Network connectivity and remote access solutions, including VPN, DirectAccess, NPS Radius, and wired clients
• Core and distributed network solutions, including IPv4 and IPv6 addressing, DFS, and branch office solutions
• Advanced network infrastructure

Introduction xxix

Part I: Implement Windows Server 2016 DNS

Chapter 1 Installing and Configuring DNS Servers 3

“Do I Know This Already?” Quiz 3

Foundation Topics 7

DNS Fundamentals 7

    DNS Queries 9

    Difference Between Authoritative and Nonauthoritative Responses 9

    Recursive Queries 10

    Iterative Queries 10

    Forwarding 10

    Round Robin 11

    Conditional Forwarding 12

    DNS Server Caching 13

    Cache Locking 14

    Resource Record Types 14

    File-Based Zone Types 15

    Active Directory—Integrated Zone Types 16

    Dynamic Update 17

    Delegating DNS Administration 17

    DNS Logging 18

    Aging and Scavenging 20

    DNS Backup 21

    Netmask Ordering 21

    Socket Pool 21

    Nano Server 22

Windows Server 2016 DNS Installation 23

    Using DNS with Active Directory 23

    Using DNS Without Active Directory 24

    DNS Server Installation Options 24

    Tools for DNS Server Installation 24

    Installing DNS with Server Manager 25

    Installing DNS with PowerShell 36

    Installing a DNS Server on RODC 36

    Installing a DNS Server on Azure 39

    Installing a DNS Server on a Nano Server 43

        Nano Server Zero Footprint Model 44

        Nano Server Deployment Scenarios 44

        Nano Server Recovery Console 45

        DNS Servers Supported on Nano Server 46

        Adding Roles on Nano Server 46

        Adding Nano Server to a Domain 49

        Installing a DNS Server Package on Nano Server 50

        Setting Static IP Addresses on Nano Server 50

        Adding Drivers on Nano Server 50

        Injecting Additional Drivers for Nano Server Deployment 51

    Connecting with WinRM to Nano Server 51

        Deploying Nano DNS Server During Image Creation 51

        Deploying Nano Server and Adding the DNS Package Afterward 52

        Deploying DNS Nano Server to Bare Metal Host 54

        Configuring Nano Server as a DNS Client 55

Configure and Implement DNS Global Settings Using Windows PowerShell 56

    Set-DnsServerGlobalQueryBlockList 56

    Set-DnsServerResponseRateLimiting 56

        Enabling RRL 57

        Enabling RRL LogOnly-mode 57

        Configuring RRL Exception Lists 57

    Set-DnsServerZoneTransferPolicy 58

    Set-DnsServerRecursionScope 58

    Export-DnsServerZone 59

Configure Forwarders 59

    Types of Forwarders 59

    Configuring DNS Forwarder with PowerShell 60

    Configuring Forwarder with DNS Manager Console 61

    Selective Recursion Control Using DNS Server Policies 62

    Configuring Root Hints 63

Configure DNS Delegation 65

    Creating DNS Delegation Automatically 65

    Ignoring DNS Delegation Option 65

    Configuring DNS Delegation with PowerShell 66

Configure DNS Socket Pool 66

Configure Cache Locking 67

Configure DNS Logging 68

    Monitoring Tab 68

    Auditing and Analytic Event Logging 69

Configure DNS Delegated Administration 70

    DNSAdmins Security Group 70

    Privileged Account Management 71

Exam Preparation Tasks 72

Chapter 2 Creating and Configuring DNS Zones and Records 79

“Do I Know This Already?” Quiz 79

Foundation Topics 84

Zone Type Overview 84

    Primary Zones 84

    Secondary Zones 85

    Stub Zones 86

    File-Based Zone Types 88

    Active Directory—Integrated Zone Types 89

    Active Directory—Integrated Zones 89

    msdcs Zone 91

Primary Zones 92

    Forward Lookup Zones 92

    Reverse Lookup Zones 93

    Managing Primary Zones with PowerShell 93

    Primary DNS Server as a Single Point of Failure 96

    Fault Tolerance with AD-Integrated DNS Servers 96

    Encrypted DNS Data Replication Traffic 96

    Benefits of AD-Integrated Zones 97

    Managing AD-Integrated Zones with PowerShell 97

Secondary Zones 98

    Zone Transfer Process 98

    Modifying Zone Transfer Settings Using the DNS Manager 99

    Modifying Zone Transfer Settings Using the Command Line 100

    Types of Zone Transfers 101

    Using DNS Policies in a Primary/Secondary Deployment 101

Stub Zones 104

    Stub Zone Name Resolution Process 104

    Communication Between DNS Servers That Host Parent and Child Zones 105

    Managing Stub Zones with PowerShell 105

GlobalNames Zones 105

    Creating a GlobalNames Zone 105

    Managing a GlobalNames Zone with PowerShell 106

DNSSEC 106

    DNSSEC Zone Signing Wizard 107

Analyzing Zone-Level Statistics 107

    Windows Server 2012 R2 DNS Server Statistics 108

    Windows Server 2016 Enhanced Zone-Level Statistics 108

Zone Scavenging 109

    Enabling and Disabling Scavenging 109

    Starting the Scavenging Process 110

    Scavenging Configuration with PowerShell 111

Record Options 111

    Most Common Resource Records 112

    TLSA Records and Unknown Record Types 112

    Managing Resource Records with PowerShell 112

DNS Audit and Analytical Events 114

    Enabling or Disabling Analytical DNS Logging 114

Exam Preparation Tasks 115

Chapter 3 Configuring and Managing DNS Policies 119

“Do I Know This Already?” Quiz 119

Foundation Topics 122

DHCP Options 122

DHCP Name Protection 123

Manage DNS Client Settings with PowerShell 125

Manage DNS Server Settings with PowerShell 126

Network Troubleshooting with PowerShell 132

Understanding Routing 134

    Routing with Windows Server 2016 135

Split DNS 136

    NRPT and Split DNS 137

DNS Policies 138

    DNS Policy Elements 139

    Types of DNS Policies and Differences 139

    DNS Policy Parameters 140

    Multiple Query Resolution DNS Policies 141

    Using DNS Policies Based on Location 141

    Using DNS Policies for Split-Brain 143

    Selective Recursion Control with DNS Policies 145

    How Selective Recursion Control with DNS Policies Works 146

    Practice: Block Queries for a Domain with DNS Policies 146

    Practice: Create a Server-Level Zone Transfer Policy 146

    Practice: Create a Zone-Level Zone Transfer Policy 146

    Practice: Block Queries from a Domain 147

    Practice: Allow Queries Only from a Domain 147

    Responses Based on Time of Day 147

    Time-of-Day Responses with Azure App Server 149

Exam Preparation Tasks 151

Chapter 4 Understanding and Configuring DNSSEC 155

“Do I Know This Already?” Quiz 155

Foundation Topics 159

DNSSEC Planning 159

    DNSSEC Requirements 160

    Identifying Goals 161

    DNSSEC Staging 162

Enabling DNSSEC 163

DNSSEC Functionality 165

    DNSSEC and RODCs 165

DNSSEC Zone Signing Wizard 166

    Key Master 170

    Transferring the Key Master 171

    Key Signing Key 172

    Understanding ZSK 176

DNSSEC Monitoring 180

    Event Viewer 180

    DNSSEC Outages 181

    DNSSEC Status Verification 181

Trust Anchors 182

    DS Resource Record Set 186

    Updating and Removing Trust Anchors 186

    Trust Anchor Types 187

    Trust Anchor Status 187

    Trust Anchor Status Verification 187

    Root Zone Trust Anchor 188

    DNSSEC Priming 189

    Trust Anchor Distribution with Active Directory 189

    Trust Anchor Distribution in Active Directory Using DNS Manager 189

    Trust Anchor Distribution in Active Directory Using PowerShell 190

ZSK/KSK Rollover Process 190

DNSSEC Clients 192

    Name Resolution Policy 192

    Security-aware Status 194

DNSSEC and Delegation 194

Chain of Trust 195

DNSSEC Record Types 197

    RRset 198

    DNSKEY Record 198

    DS Record 199

    RRSIG Record 199

    NSEC/NSEC3 Records 200

Exam Preparation Tasks 202

Chapter 5 Understanding and Configuring DANE 209

“Do I Know This Already?” Quiz 210

Foundation Topics 213

DANE Overview 213

    DANE Criteria 215

    DANE Statements 215

    DANE Operation Modes 215

    DANE Bottlenecks 216

DANE Security 217

TLSA Records 218

Configuring DANE 224

    DANE Example Configuration 224

Common DANE Failures 228

Exam Preparation Tasks 229

Part II: Implement Windows Server 2016 DHCP

Chapter 6 Installing and Configuring Windows Server 2016 DHCP Server 235

“Do I Know This Already?” Quiz 235

Foundation Topics 239

DHCP Fundamentals 239

    DHCP Address Allocation Process 240

    DHCP Lease Generation 240

    DHCP Lease Renewal Process 241

    DHCP Database 242

    DHCP Backup 242

    Moving a DHCP Database 243

    DHCP Server Migration 243

        DHCP Data Import 244

        Exporting and Importing DHCP Data with netsh 244

DHCP Server Installation 244

    Performing DHCP Post-Installation Tasks with PowerShell Commands 249

    DHCP Authorization 251

        Active Directory Requirements 251

        Standalone DHCP Server Considerations 251

        Unauthorized DHCP Servers 252

DHCP Scopes 252

    Superscopes 252

    Multicast Scopes 253

    Creating and Configuring DHCP Scopes 256

    Creating DHCP Scopes with PowerShell 259

DHCP Options 261

    Common IPv4 DHCP Scope Options 261

    PXE Boot Options 262

    Common IPv6 DHCP Scope Options 262

    Applying DHCP Options 263

DHCP Relay Agent 264

DHCP Security Options 264

    Limited Network Access 265

    DHCP Auditing 265

    DHCP Name Protection 266

    Just Enough Administration 267