NOTE: The bullets that appear below each of the skills measured are intended to illustrate how
we are assessing that skill. This list is not definitive or exhaustive.
NOTE: In most cases, exams do NOT cover preview features, and some features will only be
added to an exam when they are GA (General Availability).
Exam 70-740: Installation, Storage, and Compute with
Install, upgrade, and migrate servers and workloads
implement Windows Server Update Services (WSUS) solutions; configure WSUS groups;
manage patch management in mixed environments; implement an antimalware solution
with Windows Defender; integrate Windows Defender with WSUS and Windows Update;
perform backup and restore operations using Windows Server Backup; determine
backup strategies for different Windows Server roles and workloads, including Hyper-V
Host, Hyper-V Guests, Active Directory, File Servers, and Web Servers using Windows
Server 2016 native tools and solutions
monitor workloads using Performance Monitor, Server Manager, Event Viewer; configure
Data Collector Sets; determine appropriate CPU, memory, disk, and networking counters
for storage and compute workloads; configure alerts; monitor workloads using Resource
Monitor, manage and monitor Windows Server by using Windows Admin Center
Exam 70-741: Networking with Windows Server 2016
determine DNS installation requirements; install DNS; configure forwarders; configure
Root Hints; configure delegation; implement DNS policies; Configure DNS Server settings
using Windows PowerShell; configure Domain Name System Security Extensions
(DNSSEC); configure DNS Socket Pool; configure cache locking; enable Response Rate
Limiting; configure DNS-based Authentication of Named Entities (DANE); configure DNS
logging; configure delegated administration; configure recursion settings; implement
DNS performance tuning; configure global settings
create primary zones; configure Active Directory primary zones; create and configure
secondary zones; create and configure stub zones; configure a GlobalNames zone;
analyze zone-level statistics; create and configure DNS Resource Records (RR), including
A, AAAA, PTR, SOA, NS, SRV, CNAME, and MX records; configure zone scavenging;
configure record options, including Time To Live (TTL) and weight; configure round
robin; configure secure dynamic updates; configure unknown record support; use DNS
audit events and analytical (query) events for auditing and troubleshooting; configure
Zone Scopes; configure records in Zone Scopes; configure policies for zones
install and configure DHCP servers; authorize a DHCP server; create and configure
scopes; create and configure superscopes and multicast scopes; configure a DHCP
reservation; configure DHCP options; configure DNS options from within DHCP;
configure policies; configure client and server for PXE boot; configure DHCP Relay Agent;
implement IPv6 addressing using DHCPv6; perform export and import of a DHCP server;
perform DHCP server migration
Configure a lease period; back up and restore the DHCP database; configure high
availability using DHCP failover; configure DHCP name protection; troubleshoot DHCP
provision IPAM manually or by using Group Policy; configure server discovery; create and
manage IP blocks and ranges; monitor utilization of IP address space; migrate existing
workloads to IPAM; configure IPAM database storage using SQL Server; determine
scenarios for using IPAM with System Center Virtual Machine Manager for physical and
virtual IP address space management, Manage DHCP server properties using IPAM;
configure DHCP scopes and options; configure DHCP policies and failover; manage DNS
server properties using IPAM; manage DNS zones and records; manage DNS and DHCP
servers in multiple Active Directory forests; delegate administration for DNS and DHCP
using role-based access control (RBAC); Audit the changes performed on the DNS and
DHCP servers; audit the IPAM address usage trail; audit DHCP lease events and user
logon events
implement Network Address Translation (NAT); configure routing
implement remote access and site-to-site (S2S) VPN solutions using remote access
gateway; configure different VPN protocol options; configure authentication options;
configure VPN reconnect; create and configure connection profiles; determine when to
use remote access VPN and site-to-site VPN and configure appropriate protocols; install
and configure DirectAccess; implement server requirements; implement client
configuration; troubleshoot DirectAccess
configure a RADIUS server including RADIUS proxy; configure RADIUS clients; configure
NPS templates; configure RADIUS accounting; configure certificates; configure
Connection Request Policies; configure network policies for VPN and wireless and wired
clients; import and export NPS policies
Implement Core and Distributed Network Solutions (15-20%)
configure IPv4 addresses and options; determine and configure appropriate IPv6
addresses; configure IPv4 or IPv6 subnetting; implement IPv6 stateless addressing;
configure interoperability between IPv4 and IPv6 by using ISATAP, 6to4, and Teredo
scenarios; configure Border Gateway Protocol (BGP); configure IPv4 and IPv6 routing
install and configure DFS namespaces; configure DFS replication targets; configure
replication scheduling; configure Remote Differential Compression (RDC) settings;
configure staging; configure fault tolerance; clone a Distributed File System Replication
(DFSR) database; recover DFSR databases; optimize DFS Replication; install and configure
BranchCache; implement distributed and hosted cache modes; implement BranchCache
for web, file, and application servers;; troubleshoot BranchCache
implement NIC Teaming or the Switch Embedded Teaming (SET) solution and identify
when to use each; enable and configure Receive Side Scaling (RSS); enable and configure
network Quality of Service (QoS) with Data Center Bridging (DCB); enable and configure
SMB Direct on Remote Direct Memory Access (RDMA) enabled network adapters;
configure SMB Multichannel; enable and configure virtual Receive Side Scaling (vRSS) on
a Virtual Machine Queue (VMQ) capable network adapter; enable and configure Virtual
Machine Multi-Queue (VMMQ); enable and configure Single-Root I/O Virtualization (SRIOV) on a supported network adapter
determine deployment scenarios and network requirements for deploying SDN;
determine requirements and scenarios for implementing Hyper-V Network Virtualization
(HNV) using Network Virtualization Generic Route Encapsulation (NVGRE) encapsulation
or Virtual Extensible LAN (VXLAN) encapsulation; determine scenarios for
implementation of Software Load Balancer (SLB) for North-South and East-West load
balancing; determine implementation scenarios for various types of Windows Server
Gateways, including L3, GRE, and S2S, and their use; determine requirements and
scenarios for Datacenter firewall policies and network security groups
Install and configure domain controllers
install a new forest; add or remove a domain controller from a domain; upgrade a
domain controller; install AD DS on a Server Core installation; install a domain controller
from Install from Media (IFM); resolve DNS SRV record registration issues; configure a
global catalog server; transfer and seize operations master roles; install and configure a
read-only domain controller (RODC); configure domain controller cloning
automate the creation of Active Directory accounts; create, copy, configure, and delete
users and computers; configure templates; perform bulk Active Directory operations;
configure user rights; implement offline domain join; manage inactive and disabled
accounts; automate unlocking of disabled accounts; automate password resets
configure group nesting; convert groups, including security, distribution, universal,
domain local, and global; manage group membership using Group Policy; enumerate
group membership; automate group membership management using Windows
PowerShell; delegate the creation and management of Active Directory groups and OUs;
manage default Active Directory containers; create, copy, configure, and delete groups
and OUs.
create and configure Service Accounts; create and configure Group Managed Service
Accounts (gMSAs); configure Kerberos Constrained Delegation (KCD); manage Service
Principal Names (SPNs); configure virtual accounts; configure domain and local user
password policy settings; configure and apply Password Settings Objects (PSOs);
delegate password settings management; configure account lockout policy settings;
configure Kerberos policy settings within Group Policy, configure Authentication Policies
and Authentication Policy Silos
back up Active Directory and SYSVOL; manage Active Directory offline; perform offline
defragmentation of an Active Directory database; clean up metadata; configure Active
Directory snapshots; perform object- and container-level recovery; perform Active
Directory restore; configure and restore objects by using the Active Directory Recycle Bin;
configure replication to Read-Only Domain Controllers (RODCs); configure Password
Replication Policy (PRP) for RODC; monitor and manage replication; upgrade SYSVOL
replication to Distributed File System Replication (DFSR)
configure a multi-domain and multi-forest Active Directory infrastructure; deploy
Windows Server 2016 domain controllers within a preexisting Active Directory
environment; upgrade existing domains and forests; configure domain and forest
functional levels; configure multiple user principal name (UPN) suffixes; configure
external, forest, shortcut, and realm trusts; configure trust authentication; configure SID
filtering; configure name suffix routing; configure sites and subnets; create and configure
site links; manage site coverage; manage registration of SRV records; move domain
controllers between sites
configure a central store; manage starter GPOs; configure GPO links; configure multiple
local Group Policies; back up, import, copy, and restore GPOs; create and configure a
migration table; reset default GPOs; delegate Group Policy management; detect health
issues using the Group Policy Infrastructure Status page
configure processing order and precedence; configure blocking of inheritance; configure
enforced policies; configure security filtering and Windows Management Instrumentation
(WMI) filtering; configure loopback processing; configure and manage slow-link
processing and Group Policy caching; configure client-side extension (CSE) behavior;
force a Group Policy update
configure software installation; configure folder redirection; configure scripts; configure
administrative templates; import security templates; import a custom administrative
template file; configure filtering for administrative template
configure printer preferences; define network drive mappings; configure power options;
configure custom registry settings; configure Control Panel settings; configure Internet
Explorer settings; configure file and folder deployment; configure shortcut deployment;
configure item-level targeting
install Active Directory Integrated Enterprise Certificate Authority (CA); install offline root
and subordinate CAs; install standalone CAs; configure Certificate Revocation List (CRL)
distribution points; install and configure Online Responder; implement administrative
role separation; configure CA backup and recovery
manage certificate templates; implement and manage certificate deployment, validation,
and revocation; manage certificate renewal; manage certificate enrolment and renewal
for computers and users using Group Policies; configure and manage key archival and
recovery
upgrade and migrate previous AD FS workloads to Windows Server 2016; implement
claims-based authentication, including Relying Party Trusts; configure authentication
policies; configure multi-factor authentication; implement and configure device
registration; integrate AD FS with Microsoft Passport; configure for use with Microsoft
Azure and Office 365; configure AD FS to enable authentication of users stored in LDAP
directories
install and configure WAP; implement WAP in pass-through mode; implement WAP as
AD FS proxy; integrate WAP with AD FS; configure AD FS requirements; publish web apps
via WAP; publish Remote Desktop Gateway applications; configure HTTP to HTTPS
redirects; configure internal and external Fully Qualified Domain Names (FQDNs)
install a licensor certificate AD RMS server; manage AD RMS Service Connection Point
(SCP); manage AD RMS templates; configure Exclusion Policies; back up and restore AD
RMS