The 70-642 exam TS (technical specialist) in Windows server 2008 infrastructure is designed to test your in-depth knowledge of Microsoft's current server operating system and all of its core components. For the exam, you will need to have good knowledge of the entire exam criteria, as outlined by the exam profile. However, there are some parts of the exam which you should really master for the upcoming exam; in this article I will highlight some key topics to look out for.
1. Infrastructure knowledge
The 70-642 exam is designed for IT administrators who have worked in networks of 250 users or more, for at least two years. So essentially, you need to have some understanding of working within a Microsoft infrastructure so that you can understand how all of the roles work together. None of the infrastructure roles within the 70-642 exam work independently; they all rely on each other to allow the network to function. Suppose your clients couldn't get to the network because they have no DNS server configured on the network card; this would lead to an issue with the DHCP configuration. It could be that the DHCP server database was corrupted by an update incorrectly approved in WSUS. You need to correct the issue using a backup of the database on your file server, which you will need to access remotely as you are out of the office. You use your RRAS VPN you have configured to dial in and resolve the issue. Now it is unlikely such a scenario will be the basis of an exam question (as its too short for a start!) but few questions will actually focus on just one infrastructure role but the network as a whole.
2. DNS Part 1
For any infrastructure related exams the topic of DNS is a guaranteed question hot spot. In the 70-642 exam, 27% of it is made up of configuring DNS in Windows server 2008. Although the concept of DNS is relatively simple, the topic is substantial, and Windows Server 2008 introduces a number of new concepts to learn as well.
This exam is really the equivalent of the 70-291 within the old MCSA/MCSE track in that it covers DNS from the basics, such as HOST files, how name resolution works and the right way to populate a network card’s properties. Then you move into the complex parts, on the DNS server side, which include setting up forward lookup zones, Active Directory integrated DNS and conditional forwarding. Make sure that you have good understanding of DNS from end to end as there are so many potential questions that you could be asked on this topic, and also within relation to other topics within the exam. DNS is at the core of this infrastructure based exam, so make sure you know how it interacts with all of the other core roles in the exam.
3. DNS part 2
Just to hit the point home, I thought I would add DNS in here again...just in case you missed it the first time. As mentioned above you really need to have good knowledge of DNS servers within a Microsoft infrastructure. There have been some additional features added into Windows server 2008 which aim to tighten up the security of the DNS. The weaknesses of Microsoft 's DNS has been well documented over the last few years, and as such they have responded with a number of new tools to resolve these issues, such as cache locking, DNSSEC, and DNS record security. This makes it highly likely that you will be asked questions on these new features, so make sure you know what they are and how they are configured.
In the real world, updates are an essential part of maintaining the security and integrity of a Microsoft network. The purpose of the WSUS role is to centralize your internal patching infrastructure so that you can manage the updates you distribute to your clients, ensure your network stays up to date, while also reducing network bandwidth. You are guaranteed at least one WSUS-based question in the exam as it is important to Microsoft that you have good knowledge of this tool and that you know how to administer it. In the MCSA/MCSE track the 70-299 and the 70-298 exams were dedicated to infrastructure security, which included the SUS topic and all of its associated tools (such as MBSA) in great detail. Microsoft has integrated the security components into the infrastructure track now, and the importance of security in today’s network environment means you can expect to be tested on anything security-related that appears in the examination track.
Although in the real world you would most likely buy a router from a third party provider, Microsoft still promote the router utility within their Routing and Remote Access server role (RRAS). The principles of routing are the same regardless of the vendor, so if you are familiar with using other routing equipment, you will have a head start on this topic. The setting up of normal routing protocols such as RIP, RIPv2, and OSPF is covered in brief; however, the most likely exam question area is within static routing. Once you understand the way in which static routing works, the other factors should just drop into place. A useful command line tool which you will cover in this topic is the Route command. If you use the route print command then you can view the entire routing table for the router, which displays all of the routes configured. The /p switch applies a configured route permanently, while the /delete switch removes the route. The result of a route print can be useful as it displays the route the same way it should be written
[Destination IP or subnet] MASK [Destination IP or subnets subnet mask] [default gateway of the network] [Interface that this route will be applied too]
6. DHCP Server
The role of the DHCP server is a straight forward one on the surface; it distributes and manages the IP addresses to clients. As you dig deeper, you learn more about leases, excluded addresses, reservations and options, which are all still key concepts you need to learn as the basics of DHCP in Windows Server 2008. However you also need to understand how IPv6 has changed the DHCP server role, and what new features are included to manage this emerging protocol. Features such as stateless and stateful methods of IP address assignment should be known as well as the new process that DHCP follows in order to distribute an IP address to a client. Formally the process was by which the DHCP server and a client workstation communicate was called DORA (Discover > Offer > Receive > Acknowledge). The process now is the less catchy titled SARR (Solicit > Advertise > Request > Reply).Within the more advanced management settings of DHCP, make sure you have a good understanding of pre-defined and vendor classes, and how you use the IPCONFIG /SETCLASSID on clients to assign different class options. Also, maintenance of the DHCP database is important, including reconciling and backing it up. The NETSH command can be used for managing the DHCP from a command line, and although you won't be expected to know the command in too much detail it may appear in a question scenario. Finally, as with the DNS server role, knowing where to go to troubleshoot the DHCP server using log files and network monitor is always good ground for questioning. As you delve deeper into the DHCP server role you realize there is much more to it, and for examination purposes you will be expected to know its inner workings very well.
7. File services
The topic heading is normally file and print services, and although printing is one of the core requirements of any network environment, the file services topic is the much larger and more detailed of the two parts. If you are familiar with the file services topics from Windows Server 2003, then you will be familiar with DFS (Distributed File System), ABE (Access Based Enumeration) as well as the smaller features such as offline files and disk quotas. However, these have had additional features added to them and incorporate additional features within Server 2008, which Microsoft will be keen to promote, so make sure that you review the changes that have been made.
Other parts of File services have had a complete revamp, such as the backup software. Gone are the NTbackup days, which have been replaced with an almost equally limited and frustrating backup solution you will need to master. Also, there are new features such as the Storage Manager for SAN's, which have been introduced to keep up with emerging the emerging SAN technology which incorporates into the rapidly growing virtualization market.
8. Network monitoring
One of the most critical elements of network management is actually monitoring the network for any potential issues before they escalate and become actual issues. Many of the tools that were used in Windows Server 2003 are still prevalent here, such as the Performance and Monitoring console, the event viewer and network monitor. However as with NAP, they have been combined into a single console for ease of use. For the exam, you should make yourself familiar with the newly named reliability console, even if you are confident you know all of its components from previous examinations.
The Microsoft network monitor is a tool which will perform detailed network analysis of your network traffic in order for you to diagnose problems you may be having. You can use this tool to troubleshoot DHCP, for example, as you can monitor the Discovery, Offer, Request, and Acknowledgement process between clients and servers and see if any DHCPNACK broadcasts are being displayed. You can also use this to check whether your network traffic is being encrypted after you have applied an IPSEC policy on the network. Although you won't have to use this in the exam, for your studies it can be a very useful tool indeed.
9. Command line tools
There are a number of very useful command line tools within the 70-642 that are all useful for managing the various roles being tested. Below are just some of the more prominent ones. For the purposes of the exam, you won't need to know the exact syntax, but you would be expected to know when or which tool you should use for each issue.
- IPCONFIG - /all /flushdns /registerdns /setclassid: Along with the PING and TRACERT command, this is a core command line tool which will reappear throughout this exam, so make you know it.
- NETSH - Short for network shell; this tool is very powerful and on its own can be used to administer the DHCP server and manage and apply IPSEC policies.
- NSLOOKUP - More easily remembered as DNSLOOKUP, this is a key tool within the DNS topic area, which you will at least need to understand how it can help you with name resolution issues.
One of the big changes within Windows Server 2008 is the focus on security and more specifically network security. Some of this is in part down to the retirement of a specific network security exam, and the other part is down to the increase of mobile working and the greater threats to network security that this brings.
Network Access Protection is the first of these new server roles, which groups the various security requirements per application together. The focus of the network access role is based around remote access, such as VPNs, Remote Desktop Services, IPSEC, DHCP, and wireless (802,1x) roles, which must meet the set criteria within the boundaries set by the Network Policy Server role. This allows administrators to enforce system polices onto these specific roles so that any clients trying to access the network who don't meet the Service Health Requirements (SHV) of the network are restricted or denied access. Although there were some enforcement policies within previous Windows versions, this has advanced considerably within Server 2008, so Microsoft will want to promote these features by testing you on them thoroughly.