Shared Flashcard Set

Details

70-291 Windows Server 2003
OfficeStar Computer Training Center
234
Computer Science
Not Applicable
09/22/2006

Additional Computer Science Flashcards

 


 

Cards

Term
What 6 things happen when you repair a network connection? What are their command-line equivalents?
Definition
1. Broadcasts a DHCP request to renew current IP address (ipconfig /renew)
2. Flushes the ARP cache (arp -d)
3. NetBIOS name cache is flushed (nbtstat -R)
4. Flushes the DNS cache (ipconfig /flushdns)
5. Reregisters the client's NetBIOS name & IP address with a WINS server if present (nbtstat -RR)
6. Client name is re-registered with DNS (ipconfig /registerdns)
Term
After adding and configuring the DHCP Relay Agent protocol, what other configuration is needed?
Definition
Add a connection for the relay agent to listen on
Term
When is the 2nd configured DNS server used?
Definition
When the 1st DNS server is down.
Term
By default, what is the dynamic update setting for an Active Directory Integrated zone?
Definition
Allow only secure dynamic updates
Term
Which method is tried for host name resolution after the resolver cache?
Definition
DNS
Term
How can you specify a DNS suffix for a single network connection?
Definition
IP Properties of that connection
Term
Where is the configuration to allow DHCP to register clients with DNS? What is the default setting?
Definition
DNS tab of the DHCP server properties in the DHCP console.

The default is that dynamic updates are enabled when requested by the client (the 1st option underneath the checkbox).
Term
Where is the control for dynamic registration of a DNS client located?
Definition
Local Area Connection Properties -> TCP/IP properties -> Advanced button -> DNS tab
Term
How do you create a PTR record for an existing A record in a forward lookup zone?
Definition
Manually create PTR record in reverse lookup zone
Term
Which NetBIOS name resolution method is tried first?
Definition
Local cache
Term
What is the default replication setting for Active Directory Intergrated zones?
Definition
To all domain controllers in the domain
Term
Exam Tip: 
Name the 2 NetBIOS related commands that you need to know for the exam.
Definition
nbtstat -c
Lists the names in the NetBIOS name cache
nbtstat -R
Purges the local NetBIOS name cache
Term
Name 3 ways to clear the DNS server cache.
Definition
1. In the DNS Console, right-click the server node and select 'Clear Cache'.
2. In the Services MMC, restart the DNS Server service.
3. From the command line, use the dnscmd /clearcache command.
Term
Where can the DNS server cache be viewed?
Definition
Only in the DNS Console, by selecting the Advanced option from the View menu.
Term
When configuring Remote Access, what is the default dial-in permission for a user account?
Definition
Control access through remote access policy
Term
What option is selected in the RRAS configuration to make a Windows 2003 server a router?
Definition
LAN Routing
Term
Which routing protocol should be added if you want link state advertisements to go to other routers?
Definition
OSPF
Term
what do routers use to determine the destination of a packet?
Definition
Protocol addresses
Term
What option is configured in the properties of an RRAS server when you install a VPN?
Definition
Remote access and routing
Term
Which DHCP audit log event IDs indicate a dynamic update request is sent, fails or succeeds?
Definition
30 = request sent
31 = request failed
32 = request succeeded
Term
What is the default configuration for zone transfers when a DNS server has been installed using the Windows Components Wizard? Using the 'Manage Your Server' window?
Definition
Transfers are allowed only to authoritative servers. (Authoritative servers are only those servers whose IP addresses are listed on the Name Servers tab in the zone's properties.)

If the 'Manage Your Server' window is used to add the DNS Server role, the default is that zone transfers are completely disabled.
Term
List the 4 possible replication scopes for an Active Directory-integrated DNS zone.
Definition
1. All DNS servers in the forest
2. All DNS servers in the domain
3. All DCs in the domain
4. All servers designated in a custom Application Directory Partition
Term
On which zone types can secure updates be required?
Definition
Only on Active Directory-integrated zones.
Term
How can pre-Windows 2000 computers perform dynamic DNS updates? What is the caveat to this solution and how is it resolved?
Definition
DHCP servers can perform dynamic updates for pre-Windows 2000 computers.
The caveat is that a computer (the DHCP server in this case) takes ownership of the records it registers in DNS. This creates a problem if the zone is converted to Active Directory-integrated and secure updates are required. This is because only the owner of the record is allowed to update it.

The solution is to register the DHCP servers in the DnsProxyUpdate group.
Term
Which versions of BIND are compatible with the Fast Transfer Format?
Definition
Version 4.9.4 and later
Term
Which of the 9 DNS server Advanced Options are NOT enabled by default?
Definition
1. Disable Recursion
2. Fail On Load If Bad Zone Data
3. Enable Automatic Scavenging Of Stale Records
Term
Exam Tip: 5-48 
What is another name for Netmask Ordering?
Definition
Netmask ordering is often referred to as the LocalNetPriority setting on MCSE exams.
Term
On the General tab of a connection’s properties dialog box, what does the check box next to each component indicate?
Definition
Whether that component is bound to the connection.
Term
to which registry key must you add the entry 'IPAutoconfigurationEnabled' with a value of 0 to disable APIPA for a specific network interface?
Definition
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\Tcpip\Parameters\ Interfaces\
Term
What are the 5 subcomponents of the Windows Networking 'Management And Monitoring Tools' component?
Definition
Connection Manager Administration Kit
Connection Point Services
Network Monitor Tools
Simple Network Management Protocol
WMI SNMP Provider
Term
What are the 6 subcomponents of the Windows Networking 'Networking Services' component?
Definition
DNS
DHCP
Internet Authentication Service
RPC over HTTP Proxy
Simple TCP/IP Services
WINS
Term
Exam Tip:
What are the 3 subcomponents of the Windows Networking 'Other Network File And Print Services' component? What are their functions?
Definition
File Services For Macintosh: Enables Macintosh users to both store and gain access to files on a server running Microsoft Windows.
Print Services For Macintosh: Enables ables Macintosh users to send print jobs to a print spooler on a server running MS Windows.
Print Services For UNIX: Enables UNIX clients to print to any printer available to this computer. 
Term
What is the APIPA address range?
Definition
169.254.0.1 - 169.254.255.254
Term
What are the four layers of the TCP/IP reference model?
Definition
1. Network Interface
2. Internet
3. Transport
4. Application
Term

Exam Tip:

 

Know the following TCP/UDP Port Numbers/IP Protocols that you would apply packet filtering to on a router to block or allow traffic.

 

FTP
HTTP
HTTPS/SSL
PPTP
L2TP/IPSec

Definition
  • FTP - TCP ports 20 & 21
  • HTTP - TCP port 80
  • HTTPS/SSL - TCP port 443
  • PPTP - TCP port 1723 for the connection and IP protocol 47 for data
  • L2TP/IPSec - UDP ports 500 & 4500 for the connection and IP protocol 50 for data
Term
Network Interface layer
Definition
The bottom layer of the TCP/IP reference model.

Includes Ethernet, Token Ring, FDDI, ATM, etc.

NO TCP/IP PROTOCOLS!
Term
Internet layer
Definition
2nd layer up in the TCP/IP reference model

Includes the ARP, IP, and ICMP protocols.
Term
Transport layer
Definition
The 3rd layer up in the TCP/IP reference model

Includes the TCP & UDP protocols.
Term
Name 8 protocols that exist at the Application Layer of the TCP/IP 4 layer reference model.
Definition
HTTP, FTP, SMTP, DNS, SNMP, POP3, NNTP, Telnet
Term
Private IP address ranges
Definition
Class A: 10.0.0.0 - 10.255.255.254
Class B: 172.16.0.0 - 172.31.255.254
Class C: 192.168.0.0 - 192.168.255.254
Term
Which 6 features are not available in the version of Network Monitor included with Windows Server 2003?
Definition
1. The ability to edit and retransmit frames.
2. The ability to capture frames from a remote system.
3. Determining top user of network bandwidth.
4. Determining which protocol consumes the most bandwidth.
5. Determining which devices are routers.
6. Resolving a device name into a MAC address.
Term
Exam Tip:
What details can you find out with Network Monitor that might have been lost with documentation?
Definition
You can use Network Monitor to find out certain details—such as the MAC address of a network interface card (NIC), the globally unique identifier (GUID) of a client computer, or the port used by a protocol.
Term
Which command line network support utility would you use to determine if the RSVP protocol is supported?
Definition
pathping
Term
What must be true of the demand dial interface names for the respective routers?
Definition
The interface name for each router must match the user name for the calling router.
Term
How can you capture just the header information using Network Monitor?
Definition
Decrease the frame size setting.
Term
What protocol appears in the protocol column of Network Monitor to indicate that frames are being encrypted with IPSec?
Definition
ESP - Encapsulating Security Payload
Term
Which authentication protocol is required to support secure access for wireless clients?
Definition
EAP-TLS (it's enabled by default in Windows XP Professional for wireless clients)
Term
When is the Forwarder tab unavailable on a DNS server?
Definition
When it has a root zone configured.
Term
Exam Tip:
How do you add a parser to Network Monitor?
Definition
1. Add the parser dll to the WINDOWS\System32\Netmon\Parsers folder
2. Add an entry in the parser.ini file located in the WINDOWS\System32\Netmon folder.
Term
How can you determine if a host is configured with an IP address that has been duplicated on the network?
Definition
Using 'ipconfig /all' the Subnet Mask will be displayed as 0.0.0.0
Term
What is the default timeout period for the ping command?

What is the syntax for increasing the timeout period?

What is an example of when you might want to increase the timeout period?
Definition
1 second - expressed in milliseconds.

ping -w 2000 192.168.0.1 (increases the timeout period to 2 seconds

When you are pinging across a high-delay link such as a satellite link.
Term
Exam Tip: 
Know the difference between tracert and pathping.
Definition
Tracert is a route-tracing utility that allows you to track the path of a forwarded packet from router to router for up to 30 hops. Tracert is used to determine quickly where a break in network connectivity is occuring.

Pathping is a tool that detects packet loss over multiple-hop trips. Pathping is used when there is connectivity, but you are experiencing erratic packet loss or high delay.
Term
When would you use the ARP command to view the ARP cache?
Definition
When pinging the loopback address and the local IP address is successful, but you can't ping a machine on the local subnet.
Term
How do you access the Network Diagnostics tool?
Definition
Start>Help and Support>click 'Tools' under the 'Support Tasks' list>expand 'Help and Support Center Tools' in the left pane>click 'Network Diagnostics'
Term
What are the steps, in order, to troubleshoot a connection?
Definition
1. ping the loopback address
2. ping the local IP address
3. ping the gateway
4. ping a remote host by IP address
5. ping a remote host by name
Term
If you can ping a host on the local subnet by IP address and the ARP -a command reveals no errors in hardware address mappings, what it the next step?
Definition
Investigate the physical media (cabling, lan cards, hubs, etc.) for errors.
Term
When is a DNS server authoritative for a zone?
Definition
When it hosts the zone either as a primary or secondary DNS server.
Term
Which Windows version(s) will IP Security Monitor run on?
Definition
Only Windows XP and Windows Server 2003
Term
What is the default TTL for a DNS server record? Where can it be changed?
Definition
3600 seconds (1 hour)
It can be changed at the zone or record level.
Term
What are the most common DNS resource records and their abbreviations?
Definition
Host (A)
Alias (CNAME)
Mail exchanger (MX)
Pointer (PTR)
Service location (SRV)
Term
Exam Tip: 
What does it mean if you can ping a machine by its IP address but not by its name?
By what method can you attempt to remedy this if the target machine is running Windows 2000, XP or Server 2003?
Definition
It's missing a HOST (A) resource record in DNS.
You can run the ipconfig /registerdns command on it.
Term
What are alias (CNAME) resource records typically used for?
Definition
These records allow you to use more than one name to point to a single host. For example, the well-known server names (ftp, www) are typically registered using CNAME resource records.
Term
Exam Tip: 
Where are the 2 DNS Server tests found and what dp they do?
Definition
They are located on the Monitoring tab of the DNS servers' properties page.
The simple test is based on a reverse lookup of the loopback address 127.0.0.1. Therefore, if the simple test fails, you should verify that a record named 1 is found in the reverse lookup zone named 0.0.127.in-addr.arpa (visible only in the DNS console Advanced view).

Next, the recursive test verifies that the DNS server can communicate with other DNS servers and that the root hints are correctly configured.
Term
What characters are permissable for DNS names?
Definition
A-Z, a-z, 0-9 and hyphens (-)
Term
What must you do to allow your DNS names to be compatible with NetBIOS?
Definition
Restrict them to 15 characters.
Term
Exam Tip: 
What is the oldest version of BIND that will allow a UNIX-based DNS server to accept dynamic updates?
Definition
8.1.2
Term
Exam Tip: 
Name the 3 DNS-related commands that you need to know for the exam.
Definition
1. Ipconfig /displaydns - Displays the contents of the DNS client cache
2. Ipconfig /registerdns - Purges the contents of the DNS client cache
3. Ipconfig /flushdns - Refreshes all DHCP leases and reregisters DNS names with DNS zones configured to accept dynamic updates. (can only be used on Windows 2000, XP or Server 2003)
Term
Ipconfig /registerdns command can only be used on clients running which operating systems?
Definition
Windows 2000, Windows XP, and Windows Server 2003.
Term
What is the difference in how client with static IP addresses and those with dynamic IP addresses dynamically register their resource records in DNS?
Definition
Clients with static IP addresses register both their A & PTR resource records.
Clients with dynamically assigned IP addresses register only their A resource records - the DHCP server registers the PTR record when the IP address is leased.
Term
Exam Tip: 
What must you do to allow your NT4 RAS server to continue to function on your Active Directory network if you didn't select 'Permissions Compatible With Pre-Windows 2000 Operating Systems' during the Active Directory Installation Wizard?
Definition
You must add the Everyone group to the Pre-Windows 2000 Compatible Access domain local security group.

net localgroup "pre-windows 2000 compatible access" everyone /add
Term
Exam Tip: 
Review: Application Directory Partitions

Pg 5-25
Definition
done
Term
Creating custom application directory partitions
Definition
Create the partition:
dnscmd [servername] /createdirectorypartition FQDN

Enlist other DNS servers in the partition:
dnscmd servername /enlistdirectorypartition FQDN

Examples:
dnscmd server1 /createdirectorypartition SpecialDns.contoso.com
dnscmd server2 /enlistdirectorypartition SpecialDns.contoso.com
Term
When a triggering event occurs, which client service attempts to update the A resource record with the DNS server?
Definition
The DHCP Client service
Term
Exam Tip 
Expect to be tested on DnsUpdateProxy on the exam.
Definition
A security group to which DHCP servers can be added to prevent them from taking ownership of DNS records which they have been configured to update for pre-Windows 2000 clients. This allows secure updates for Active Directory-integrated zones to function.
Term
Exam Tip:
Zone Properties->General->Aging->Refresh Interval
Definition
Increasing this value decreases zone transfer traffic
Term
Exam Tip: 5-34a
By default, to which servers are zone transfers allowed for primary zones?
Definition
Only those specified on the Name Servers tab of the zone's Properties page. This restriction is new to Windows Server 2003.
Term
What are the 2 methods for adding the DNS server role to a server?

How does the method selected affect zone transfers?
Definition
1. Selecting the 'Add or remove a role' button in the 'Manage Your Server' applet. When using this method zone transfers are disabled completely. 2. Using the Windows Component Wizard. When using this method zone transfers are restricted to servers listed on the Name Servers tab of the zone's properties.
Term
In standard zones, which 3 events trigger a zone transfer?
Definition
 They can be triggered when the refresh interval of the primary zone's SOA resource record expires.
 They can be triggered when a secondary server boots up.

In these first two cases, the secondary server initiates an SOA query to find out whether any updates in the zone have occurred. Transfers occur only if the zone database has been revised.

 They are triggered when a change occurs in the configuration of the primary server and this server has specified particular secondary DNS servers to be notified of zone updates.
Term
Exam Tip: 5-66
What are the 3 benefits of a stub zone?
Definition
1. Improved name resolution
2. Keep foreign zone information current
3. Simplifies DNS administration

IMPORTANT!

Stub zones do not serve the same purpose as secondary zones and are not an alternative when planning for fault tolerance, redundancy, or load sharing.
Term
What happens if a DNS server hosting a stub zone can't find any of the authoritative servers listed in its stub zone?
Definition
It attempts standard recursion.
Term
Exam Tip: 5-70 
What is the difference between the following 3 stub zone (& secondary zone) update operations:

1. Reload
2. Transfer From Master
3. Reload From Master
Definition
1. Reload - This operation reloads the stub zone from the local storage of the DNS server hosting it.
2. Transfer From Master - The DNS server hosting the stub zone determines whether the serial number in the stub zone’s SOA resource record has expired and then performs a zone transfer from the stub zone’s master server.
3. Reload From Master - This operation performs a zone transfer from the stub zone’s master server regardless of the serial number in the stub zone’s SOA resource record.
Term
Exam Tip: 5-66,67,68
What is the most common use of a stub zone?
Definition
1. Stub zones are most frequently used by a parent zone to keep an updated list of NS resource records for delegated subdomains.
2. You can also use stub zones to facilitate name resolution across domains in a manner that avoids searching the DNS namespace for a common parent server.
3. Stub zones can be used to improve name resolution and eliminate the burden to network resources that would otherwise result from large zone transfers.
Term
051 Lease
Definition
An option in the predefined Default Routing And Remote Access class that allows you to assign shorter leases to remote access clients than to your other DHCP clients.
Term
What are the 3 levels at which DHCP options can be configured and what is the order of precedence?
Definition
1. Reservation level
2. Scope level
3. Server level

The precedence is in that order.
Term
network infrastructure
Definition
a set of physical and logical components that provide the basis for connectivity, security, routing, management, access, and other integral features on a network
Term
network connections
Definition
logical interfaces between software (such as protocols) and hardware (such as modems or network adapters)
Term
CIFS
Definition
Common Internet File System - an extension of SMB that is used with the NetBIOS naming system.
Term

Exam Tip:

 

Give an example of a session-layer interface in the OSI model and explain it's function.

Definition

NetBT (NetBIOS over TCP/IP)

 

Designed to connect the Transport Layer protocols of TCP/IP and UDP to the higher NetBIOS network programs, such as 'Client for Microsoft Networks'.

 

Term
IGMP
Definition
Internet Group Management Protocol - IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships.

It is an integral part of the IP multicast specification, operating above the network layer, though it doesn't actually act as a transport protocol.

Term
ICMP
Definition
Internet Control Message Protocol
Term

ARP Switches

-a           

-g

inet_addr

-N if_addr

-d 

-s

eth_addr

if_addr

Definition
-a: Displays current ARP entries by  interrogating  the current protocol data. 
-g: Same as -a.
inet_addr: Specifies an internet address.
-N if_addr: Displays the ARP entries for the network interface specified by if_addr.
-d: Deletes the host specified by inet_addr. Flushes entire cache if 'inet_addr' is not specified.
-s: Adds the host and associates the Internet address inet_addr with the Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent.
eth_addr: Specifies a physical address.
if_addr: If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used.
Term
UDP
Definition
User Datagram Protocol - used for connectionless network services such as DNS, L2TP & IPSec. UDP enables fast transport of datagrams by eliminating the reliability features of TCP such as delivery guarantees & sequence verification.
Term
IP-in-IP Tunnel
Definition
IP-in-IP tunnels are used to forward information between endpoints acting as a bridge between portions of an IP internetwork that have differing capabilities. A typical use for IP-in-IP tunnels is the forwarding of IP multicast traffic from one area of the intranet to another area of the intranet, across a portion of the intranet that does not support multicast forwarding or routing.
Term
NetBT
Definition
NetBIOS over TCP/IP
Appears as NBT in Network Monitor
An example of a Session layer interface in the OSI model (Application layer in the TCP/IP model)
Designed to connect the Transport layer protocols (TCP, UDP) to the higher NetBIOS network programs, such as Client for Microsoft Networks.
Term
SMB
Definition
Server Message Block
Renamed to CIFS - Common Internet File System
Traditionally runs on NetBIOS and allows files and folders to be shared.
Term
What would the 3 command line commands be to compact the DHCP database?
Definition
1. net stop dhcpserver
2. jetpack dhcp.mdb temp.mdb
3. net start dhcpserver
Term
Rebinding State
Definition
What a client that is no longer able to communicate with it's original DHCP server waits for before attempting to renew its lease with any available server. By default this occurs 7 days from the original lease.
Term
When is DHCP audit logging automatically halted?
Definition
When the free disk space on the server falls below 20MB. It resumes when the free space increases to > 20MB.
Term
What should you always do when a DHCP server stops providing leases to clients?
Definition
Check the DHCP log to determine whether an authorization failure has occurred.
Term
shutdown /i
Definition
Entering this command from the Start>Run menu invokes a graphical tool that lets you select and shutdown/restart multiple remote computers.
Term
Connection Status|Repair operations
Definition
1. Broadcast a DHCP Request message to renew the currently assigned client IP address.(ipconfig /renew)
2. Flush the ARP cache.(arp –d)
3. Flush the NetBIOS cache. (nbtstat –R)
4. Flush the DNS cache.(ipconfig /flushdns).
5. Reregister the client’s NetBIOS name and IP address with a WINS server(nbtstat –RR)
6. Reregister the client’s computer name and IP address with DNS. (ipconfig /registerdns)
Term
netsh dhcp show server
Definition
This command provides you with the names and addresses of all servers authorized in Active Directory.
Term
Exam Tip:
Shorten DHCP lease duration
Definition
Look for questions in which you need to shorten the lease duration within a scope to accommodate many users within an address space. Typically, these scenarios involve many users on laptops or telecommuters dialing in from remote locations.
Term
getmac /s | clip
Definition
Copies the MAC address of any computer on the network (even remote subnets) to the clipboard. Paste it into Notepad and then copy just the MAC address for use in configuring DHCP reservations.
Term
Troubleshooting DHCP
Definition
1. Determine whether the error is on the client, in the physical network, or on the server.
2. Use the connection status dialog box or the output from the Ipconfig /all command to determine whether a client address has been properly obtained from a DHCP server.
3. Verify that each client lies within broadcast range of a configured DHCP server, DHCP relay agent, or RFC 1542–compatible router.
4. To verify a DHCP server configuration, verify that the server has been properly installed, authorized, and bound.
5. To verify a scope configuration, verify that the scope is activated, and check the settings for the address range, subnet mask, exclusions, reservations, and superscopes.
Term
How do you determine which network adapter the DHCP server is bound to?
Definition
The Advanced tab of the Server Properties dialog box has a Bindings button
Term
In Routing and Remote Access, what are the 3 connection types that are considered 'Demand-Dial Interfaces'?
Definition
VPN - Virtual Private Network
PPP - Point to Point Protocol
PPPoE - Point to Point Protocol over Ethernet
Term
What are the 3 benefits of stub zones?
Definition
1. Improved name resolution
2. Foreign zone information kept current
3. Simplified DNS administration
Term
When should you use a stub zone? Where are stub zones usually hosted?
Definition
Stub zones are most frequently used to keep track of the name servers authoritative for delegated zones. Most often, stub zones are hosted on the parent DNS servers of those delegated zones.
Term
How does a server running Routing And Remote Access differentiate between another router dialing in and a remote access client?
Definition
If the username of the calling router doesn't exactly match the name of a demand-dial interface on the answering router, the call is assumed to be from a remote access client.
Term
Should demand-dial connections use static or dynamic routes?
Definition
static
Term
On which computers can you not use the DHCP Relay Agent?
Definition
Any computer running the DHCP service, NAT w/automatic addressing enabled, or ICS.
Term
Exam Tip:
Pg. 9-61 
What are the 4 security features available for the RIP protocol and where are they configured?
Definition
1. Authentication - checkbox on the General tab of the RIP interface properties dialog box. A password must be set that is sent in plain text.
2. Peer Filtering - on the Security tab of the global RIP properties dialog box
3. Route Filters - on the Security tab of the RIP Properties dialog box.
4. Neighbors - on the Neighbors tab of the RIP Properties dialog box.
Term
What are the ports and protocol numbers used by PPTP?
Definition
TCP port 1723 to create and maintain a VPN connection and IP protocol 47 to send data over that connection.
Term
What are the ports and protocol numbers used by L2TP/IPSec?
Definition
UDP ports 500 and 4500 to create and maintain the connection, and IP protocol 50 to send data.
Term
Which protocol is required for smart cards?
Definition
EAP-TLS
Term
Which protocol requires the use of certificates?
Definition
EAP-TLS
Term
What are the special configuration requirements for CHAP?
Definition
The group policy applied to accounts using this authentication method must be configured to store passwords using reversible encryption. (Passwords must be reset after this new policy is applied.)
Term
When is MS-CHAP v1 the best choice for authentication method?
Definition
When you need native support for Windows NT 4 remote access clients.
Term
Which authentication protocols support data encryption?
Definition
EAS-TLS, MS-CHAP v2, MS-CHAP v1
Term
Which protocol does not encrypt authentication data
Definition
PAP - Password Authentication Protocol
Term
Which protocols support mutual authentication?
Definition
EAP-TLS & MS-CHAP v2
Term
How can you prevent routing loops on a network using RIP?
Definition
On the Advanced tab of the RIP Properties - Local Area Connection Properties dialog box: make sure that the Enable split-horizon processing checkbox is checked (the default).
Term
Where do you configure which routers' announcements RIP will process?
Definition
On the Security tab of the RIP Properties dialog box.
Term
For a remote access authentication method to be used for a connection, where must that authentication method be enabled?
Definition
3 places:
1. The Remote Access Server
2. The Remote Access Client
3. The Remote Access Policy applied to the connection.
Term
Where is the callback feature for remote access connections configured?

What must be enabled in Routing And Remote Access server properties in order for callback to work?
Definition
The callback feature is configured on the Dial-in tab of the user's Properties page in Active Directory.

Link Control Protocol (LCP) extensions must be enabled (the default) in RRAS properties for the callback feature to work.
Term
Which security groups can serve as a remote access policy condition?
Definition
Only global groups
Term
Which encryption type is used with dial-up and PPTP-based VPN connections?
Definition
MPPE - based on the RSA RC4 family of algorithms.
Term
Which encryption type is used with L2TP/IPSec VPN connections?
Definition
DES (Data Encryption Standard)
Term
Basic Encryption
Definition
Dial-up and PPTP-based VPN connections: MPPE 40-Bit
L2TP/IPSec VPN connections: DES 56-Bit
Term
Strong Encryption
Definition
Dial-up and PPTP-based VPN connections: MPPE 56-Bit
L2TP/IPSec VPN connections: DES 56-Bit
Term
Strongest Encryption
Definition
Dial-up and PPTP-based VPN connections: MPPE 128-bit
L2TP/IPSec VPN connections: DES 168-Bit
Term
How is the Allow Access setting in the Dial-in Properties of a user account in Windows 2000 mixed-mode domains different than in the other functional levels?
Definition
In Windows 2000 mixed-mode domains, the Allow Access setting does not override the access permission set in the remote access policy. In other server environments, the Allow Access setting does override the access permission configured in the remote access policy.
Term
Exam Tip: GRE
Definition
Generic Routing Encapsulation:
For the exam, if you see the protocol GRE mentioned in an answer choice, remember that it is merely an indirect reference to PPTP.
Term
Exam Tip:
You need to understand VPN ports for the exam.
Definition
Expect to see questions indicating that VPN access is blocked only because too few ports are configured. Other questions will test your knowledge of how many ports can be created and how many simultaneous connections Windows Server 2003 can handle.
Term
ESP
Definition
Encapsulation Security Payload - an IPSec protocol that provides encryption for L2TP VPNs.
Term
What is the difference between the certificates used for the EAP-TLS authentication 10-67 protocol and those used for the L2TP/IPSec VPN protocol?
Definition
EAP-TLS relies on user certificates for user authentication. Certificate-based L2TP/IPSec relies on computer (machine) certificates for computer authentication.
Term
Why are pre-shared keys in IPSec not considered secure?
Definition
They are passed over the network in plaintext.
Term
MPPE
Definition
Microsoft Point-to-Point Encryption - used for PPTP
Term
What is the difference between PPTP and L2TP/IPSec authentication?
Definition
L2TP/IPSec requires computer authentication in addition to user authentication.
Term
From which 2 interfaces can most network security settings be managed? What is the preferred method for configuring security on multiple computers?
Definition
1. The Local Security Policy console and the Ip Security Policy Management snap-in.

2. You can develop a master security administration process by using security templates and the Security Configuration And Analysis snap-in.
Term
What are the 4 options available on a services Recovery tab for responding to a service failure?
Definition
1. Take no action
2. Restart the service
3. Run a program
4. Restart the computer
Term
mbsacli.exe
Definition
Microsoft Security Baseline Analyzer
Scans a Windows system and identifies any mis-configurations with the operating system that may impact local security. It also identifies any missing security updates.
Term
True or False?: Remote Access policies can be stored in Group Policy objects.
Definition
False. Internet Authentication Services (IAS) is used to centralize administration of policies, logging, and authentication services from a single location.
Term
What method(s) are available to modify a DHCP scope's subnet mask?
Definition
You cannot modify the subnet mask for a scope - you must delete and recreate it.
Term
What are the 3 settings that you can configure for each DNS zone but not for the DNS server itself?
Definition
TTL
Dynamic Updates
WINS Server lookup
Term
What Group Policy object can you use to determine who belongs or doesn't belong to a security-sensitive group?
Definition
You can use the Restricted Groups node (Windows Settings|Security Settings|Restricted Groups) to control who belongs and who does not belong to security-sensitive groups such as the Power Users group. You can also control what other groups the restricted group is a member of.
Term
What is the default authentication method for IPSec? What condition must clients meet to be able to authenticate using this method?
Definition
Kerberos
The clients must be part of the same Active Directory Forest (Kerberos Realm) as the computer they are connecting to.
Term
What tool would you use to determine what is causing the increase in DNS network traffic?
Definition
You should use System Monitor on the DNS server. Once DNS is installed on a computer, several DNS related counters are added. You can use several of these counters to identify what is causing the increase in DNS related traffic.
Term
PKI
Definition
Public Key Infrastructure: a system of digital certificates, certification authorities, and other registration authorities that authenticate each party involved in an electronic transaction.
Term
What is the default encryption method for PPTP VPN connections?
Definition
MPPE
However, you can use PPTP with a certificate infrastructure if you choose EAP-TLS as the authentication protocol.
Term
ESP
Definition
Encapsulation Security Payload - a protocol that provides encryption for L2TP/IPSec VPN connections. It is a feature of IPSec.
Term
What are IPSec filters used for?
Definition
To exclude specific protocols from IPSec encryption.
Term
What are autostatic routes?
Definition
A feature in which RIP does not send its usual announcements over a given link. Instead, routes are updated semiautomatically: either when an administrator chooses, or by a scheduled script.
Term
How must you configure an RRAS server to support Automatic Number Identification/Calling Line Identification (ANI/CLI)?
Definition
You should enable support for unauthenticated access on the Authentication tab of the remote access profile for the policy. Since a user name and password are not sent when an ANI/CLI connection is made, you must allow unauthenticated access. You also configure the User Identity setting for remote access policies in the registry to direct the remote access server or Internet Authentication Service (IAS) server to use the number from which the user is calling as the user identity.
Term
What happens when a DHCP option, such as the address of a DNS server, is configured both as a server option and as a scope option?
Definition
The value defined for the scope takes priority.
Term
How can you test to see if routers between 2 computers support RSVP?
Definition
At a command prompt at the source computer type: pathping -P
Term
Are secure DNS updates enabled at the server or zone level?
What other configuration is required to support secure updates?
Definition
At the zone level.
The zones must be configured as Active Directory Integrated.
Term
What feature is supported by RFC 1542-compliant routers?
Definition
BOOTP (Boot Protocol) forwarding. This allows DHCPDiscover packets to be forwarded to DHCP servers which are also notified of the originating subnet.
Term
When defining remote access policies for a VPN server, which 2 group types are not configurable as conditions for the Windows-Groups setting?
Definition
local groups
domain local groups
Term
By default which authentication protocols are supported for a VPN server?

Where else must they be enabled?
Definition
EAP, MS-CHAP v2, and MS-CHAP

It must also be enabled in the profile of the remote access policy.
Term
What is the default Group Policy Object refresh interval?
Definition
90 minutes, except for the Domain Controller OU which refreshes every 5 minutes.
Term
In an IPSec environment, what is the first step in troubleshooting unencrypted network traffic?
Definition
Verify the Security Associations within IP Security Monitor.
Term
What is the most efficient way of migrating a Windows Server 2003 DHCP database to a new Windows Server 2003 DHCP server?
Definition
netsh dhcp [export|import] C:\dhcp.txt all
Term
Exam Tip: 
True or False? Windows 95 does not support MS-CHAP v2.
Definition
False.

Windows 95 with the Windows Dial-Up Networking 1.3 Performance & Security Upgrade for Windows 95 supports MS-CHAP v2 for virtual private network (VPN) connections but not for dial-up connections.
http://technet2.microsoft.com/windowsserver/en/library/c4e4e462-050c-4c38-a355-d7743e0ed6811033.mspx?mfr=true
Term
What 2 pieces of information are required to create a DHCP reservation?
Definition
The clients IP and MAC addresses.
Term
What security group membership is required to authorize a DHCP server?
Definition
Enterprise Admins
Term
Quick Mode Active Security Associations statistic:
Definition
The number of successful logons since the IPSec process was started.
Term
Security Association
Definition
A connection between IPSec peers = a successful logon.
Term
Main Mode Active Acquire statistic
Definition
the number of pending and queued requests to establish a Security Association (connection) between IPSec peers.
Term
Main Mode IKE Quick Mode statistic
Definition
The total number of successful Security Associations created during Quick Mode operation since the IPSec service was last started.
Term
Main Mode IKE Main Mode statistic
Definition
The total number of successful Security Associations during Main Mode operations since the IPSec service was last started.
Term
Which secedit command is used to apply the settings ia a template to the computer the command is run on?
Definition
secedit /configure
Term
Main Mode Total Acquire statistic
Definition
The total number of requests to log on using IPSec using IKE since the last time the IPSec service was started.
Term
What will force the creation of SRV records in DNS?
Definition
Restarting the Net Logon service.
Term
Which security group must you be a member of in order to configure a service that may cross domain boundaries?
Definition
Enterprise Admins
Term
At which level in the DNS console tree are the recursive and simple queries run?
Definition
At the server level.
Term
What is Nslookup.exe?
Definition
Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. This tool is installed along with the TCP/IP protocol through Control Panel.
Term
For which Windows versions is the Automatic Updates Client available?
Definition
Windows ME
Windows 2000
Windows XP
Windows Server 2003
Term
List the 8 authentication protocols supported by W2K3 Routing And Remote Access in order of security level.
Definition
1. EAP-TLS (Extensible Authentication Protocol - Transport Level Security)
2. MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 2)
3. MS-CHAP v1
4. EAP-MD5 CHAP (Extensible Authentication Protocol-Message Digest 5, etc.
5. CHAP
6. SPAP (Shiva Password Authentication Protocol)
7. PAP (Password Authentication Protocol)8. Unauthenticated access
Term
EAP-TLS
Definition
Extensible Authentication Protocol - Transport Level Security
*certificate-based
*supports new auth methods
*typically uses smart cards
*encrypts authentication & connection data
*only available on domains
Term
MS-CHAP v2
Definition
Microsoft-Challenge Handshake Authentication Protocol version 2
* mutual authenticaion
* encrypts authentication & connection data
* New cryptographic key is used for each connection & each direction of transmission
* enabled by default in XP, W2K, & W2K3
Term
MS-CHAP v1
Definition
Microsoft Challenge Handshake Authentication Protocol version 1
* one-way authentication
* same cryptographic key is used in all connections
* supports Win 9x
Term
CHAP
Definition
Challenge Handshake Authentication Protocol
* offers only authentication data encryption
* uses MD5 hashing scheme for encryption
* supports non-Microsoft clients
* requires reversible password encryption through group policy (passwords must be reset after policy is applied)
Term
EAP-MD5 CHAP
Definition
Extensible Authentication Protocol-Message Digest 5 CHAP
* provides authentication encryption only
* uses MD5 hashing scheme
* supports non-Microsoft clients like Mac OSX
Term
SPAP
Definition
Shiva Password Authentication Protocol
* used with proprietary 'Shiva' remote networking products
* weak encryption scheme
* no connection data encryption
Term
PAP
Definition
Password Authentication Protocol
* no encryption
* password are sent over the wire in plain text
Term
What is the secedit switch for testing the syntax of a security template before applying it?
Definition
/validate
Term
What are the 12 contexts for the netsh command line tool?
Definition
aaaa
bridge
dhcp
diag
firewall
interface
ipsec
ras
routing
rpc
wins
winsock
Term
What are IPSec filters used for?
Definition
IPSec filters are used to exclude specific protocols from IPSec encryption.
Term
How would you delegate the ability to authorize a DHCP server?
Definition
Open the Active Directory Sites And Services MMC and open the Services node
Term
IKE
Definition
Internet Key Exchange - the protocol used to set up a security association (SA) in the IPsec protocol suite.
Term
What are the 2 default Application Directory Partitions?
Definition
DomainDnsZones and ForestDnsZones
Term
The option "Control access through Remote Access Policy" is available in all Active Directory functional levels except:
Definition
Windows 2000 Mixed
Term
In what 2 places are remote access restrictions configured?

Which takes precedence?
Definition
1. Dial-in tab of the User Properties in Active Directory Users and Computers
2. The Edit Profile button on the properties page for a particular Remote Access Policy

The restrictions configured on the Dial-in tab of the User Properties takes precedence.
Term
When is PPTP better than L2TP for a VPN connection?
Definition
When it will be used from a public computer such as at the library. Certificate-based authentication would be unfeasible.
Term
How can you migrate an IAS server?
Definition
First, use the Netsh aaaa show config >filename.txt command to dump the complete IAS server configuration into a script file. Then you can install the configuration included in this script file onto a particular IAS server by running the Netsh exec [path]\filename.txt command on the target server computer.
Term
What are the two basic types of RADIUS clients included with Windows Server 2003?
Definition
The first type is a network access server running Routing And Remote Access. The second type is a RADIUS proxy running IAS.
Term
For a computer running IAS, what is the difference between remote access policies and connection request policies?
Definition
Remote access policies are applied by IAS when it is functioning as a RADIUS server. In this case, policies apply permissions, constraints, or other attributes to these connections. Connection request policies are applied by IAS when it is functioning as a RADIUS proxy. In this case, the policies help sort connection requests so that these connections can be routed to an appropriate RADIUS server group.
Term
What are the 4 main switches for the SECEDIT command and what do they do?
Definition
/validate - verifies the syntax of the template prior to applying it.
/import - used to place the template in a database so the template can be compared or configured
/configure - used to apply the settings in the specified template to the computer
/analyze - used to compare the computer the command is run on to a predefined template
Term
What are the software requirements for WSUS 2.0 servers/clients?
Definition
Servers:
1. Windows 2000 Server(SP3)
2. IIS 5.0
3. .NET Framework 1.1 SP1
4. BITS 2.0
Clients:
Windows 2000(SP3) or later
Term
What are the hardware recommendations for a WSUS server with 500 clients?
Definition
• 1 gigahertz (GHz) processor
• 1 gigabyte (GB) RAM
• A minimum of 1 GB free space is required for the system partition.
• A minimum of 6 GB free space is required for the volume where WSUS stores content; 30 GB is recommended.
• Both the system partition and the partition on which you install WSUS must be formatted with the NTFS file system.
• A minimum of 2 GB free space is required on the volume where WSUS Setup installs Windows SQL Server 2000 Desktop Engine (WMSDE).
Term
What are the software requirements for the WSUS 2.0 client (Automatic Updates)?
Definition
• Microsoft Windows 2000 (Pro, Server or Advanced Server) with SP3 or SP4
• Microsoft Windows XP Professional
• Microsoft Windows Server 2003 (all editions)
Term
NetBIOS Node Types
Definition
Node TypeDescription

B-node(broadcast)

B-node uses broadcast NetBIOS name queries for name registration and resolution. B-node has two major limitations: (1) Broadcasts disturb every node on the network, and (2) Routers typically do not forward broadcasts, so only NetBIOS names on the local network can be resolved.

P-node (peer-peer)

P-node uses a NetBIOS name server (NBNS), such as a WINS server, to resolve NetBIOS names. P-node does not use broadcasts; instead, it queries the name server directly.

M-node (mixed)

M-node is a combination of B-node and P-node. By default, an M-node functions as a B-node. If an M-node is unable to resolve a name by broadcast, it queries a NBNS using P-node.

H-node(hybrid)

H-node is a combination of P-node and B-node. By default, an H-node functions as a P-node. If an H-node is unable to resolve a name through the NBNS, it uses a B-node to resolve the name.

Term
White Exclamation Mark in Blue Circle – DHCP Scope (Error 14)
Definition
Out of Addresses
Term
By default, which network client, network service and network protocol are installed and bound to all connections?
Definition
Client for Microsoft Networks
File And Printer Sharing for Microsoft Networks
TCP/IP
Term
What tool should you use to perform detailed analysis and troubleshooting of Active Directory replication?
Definition
REPADMIN
Replication Monitor provides a general means to monitor Active Directory replication and spot replication errors. To perform detailed analysis and troubleshooting of Active Directory replication, use the Repadmin command-line utility, also included in Windows Support Tools.
Term
DNSLint
Definition
A command-line utility in Windows Support Tools whose main function is to help resolve faulty DNS delegations.

DNSLint can also be used to verify DNS records used for Active Directory replication and to search for various record types on multiple DNS servers.
Term
How can you generate a report that lists all of the zones that are hosted on a DNS server?
Definition
dnscmd [servername] /unumzones
Term

What is the network address and subnet mask for for the class A public IP range?

Definition

Network Address: 10.0.0.0

 

Subnet Mask: 255.0.0.0

Term

What is the network address and subnet mask for for the class B public IP range?

Definition

Network Address: 172.16.0.0

Subnet Mask: 255.240.0.0

Term

What are the network addresses and subnet mask for the class C private IP range?

Definition

Network Address: 192.168.0.0 to 192.168.255.255

Subnet Mask: 255.255.0.0

Term

IP

Definition

primarily responsible for addressing and routing packets between hosts.

Term
Name the 4 layers of the TCP/IP Model and their corresponding layers in the OSI Model.
Definition
Term
Name the 4 layers of the TCP/IP Model and their corresponding OSI Model layers.
Definition
[image]
Term

Exam Tip:

 

What do connectionless services rely on as a transport?

 

Give an example of such a service.

Definition

UDP

 

DNS

Term

Exam Tip:

 

What should you do to minimize name resolution traffic across a WAN link without increasing zone transfer traffic?

Definition
Install a caching-only server.
Term

Exam Tip:

 

How can you deploy Active Directory with the “least

amount of administrative effort” in a multi-platform network (one that contains UNIX servers)?

Definition

By installing your network’s first DNS domains, along with its first Active Directory domains, on computers running Windows 2000 Server or Windows Server 2003.

 

This is because only in Windows environments are the many SRV records required for Active Directory created automatically. If you want to deploy DNS on a UNIX server and integrate the UNIX server into an Active Directory infrastructure,

configure the UNIX server as a secondary DNS server.

Term

Exam Tip:

 

What command do you sometimes need to run on a computer before you can see the benefit of having fixed a DNS problem somewhere else on the network?

Definition
ipconfig /flushdns
Term

Exam Tip:

 

What are the steps to migrate a standard primary server?

Definition

1. Configure a secondary server

2. Transfer the zone to the secondary server, and then promote the secondary server to a primary server.

3. After the secondary server has been promoted, you can delete the original primary server.

Term

Exam Tip:

 

What can you do to reduce name resolution traffic when you have deployed caching-only servers in your network?

Definition

Increase the minimum TTL for records.

Term

Exam Tip: 5-34b

 

What happens when you configure:

 

1. WINS lookup for a forward lookup zone?

 

2. WINS-R lookup for a reverse lookup zone?

Definition

1. A WINS resource record is created that points to the WINS server you specify on the WINS tab.

 

2. A corresponding WINS-R resource record is added to the zone database.

Term

Exam Tip: 5-44

 

Know the default DNS installation settings on the Advanced tab of the DNS server properties.

Definition

Property Setting 
Disable Recursion  Off  
BIND Secondaries  On  
Fail On Load If Bad Zone Data  Off  
Enable Round Robin  On  
Enable Netmask Ordering  On  
Secure Cache Against Pollution  On  
Name Checking  Multibyte (UTF8)   
Load Zone Data On Startup  From Active Directory And Registry  
Enable Automatic Scavenging Of Stale Records  Off 

Term

Exam Tip: 6-9

 

What do you need to remember when running the nslookup ls command?

Definition
Because the ls command simulates a zone transfer, you need to be sure to allow zone transfers to the computer on which you are running Nslookup.
Term

Exam Tip: 6-24

 

  1. What are the 2 tools for troubleshooting Active Directory replicaton?
  2. How do they differ?
  3. Where are they located?
Definition

1. Replication Monitor and Repadmin command-line utility.

2. Replication Monitor just lets you spot errors, Repadmin provides detailed analysis and troubleshooting.

3. They are both located in the Windows Support Tools.

Term

Exam Tip:

 

What is the command-line utility in Windows Support Tools whose main function is to help resolve faulty DNS delegations?

 

What other functions can it perform?

Definition

DNSLint

 

DNSLint can also be used to verify DNS records used for Active Directory replication and to search for various record types on multiple DNS servers.

Term

Exam Tip:

 

What command-line command can be used to clear the DNS server cache on a remote server?

Definition
dnscmd <remote server> /clearcache
Term

Exam Tip:

 

ICS & NAT

Definition

When assigning IP addresses, ICS does not check for conflicts with static addresses already owned by computers on the network. For this reason, you should not deploy ICS on a network whose essential servers are pre-configured with static addresses near the beginning of the 192.168.0.0/24 range. Note also that if essential servers are preconfigured with static addresses in a different logical address space (such as 192.168.1.0/24), deploying ICS might render those essential servers inaccessible. Consequently, if in a scenario on the exam, any essential network services stop functioning after ICS is installed, look for an option to replace ICS with NAT.

Term

Exam Tip:

 

Configuring special ports

Definition
To map an internal service (such as a Web, Telnet, or FTP

server) to the external interface of the NAT computer. This feature allows external requests for internal services to be forwarded to the proper computer. This is configured on the 'Services And Ports' tab of the NAT properties page.

Term

Exam Tip:

Pg 9-69

 

Watch for questions in which all packet filters are defined correctly, but whose filter action is improperly configured.

Definition
Term

Exam Tip:

 

Explain how an APIPA address on a Remote Access Client relates to the way RRAS obtains and distributes IP addresses.

Definition

The RRAS server obtains a block of 10 IP addresses from a DHCP server that is within broadcast range. If the DHCP server isn't within broadcast range a DHCP Relay Agent must be configured. If no DHCP server is deployed on the network, the RRAS server can be configured with an address pool that is in the same subnet as itself, but not overlapping existing assignments. An APIPA address on a RAS client can mean that the RRAS server wasn't able to obtain its block of 10 addresses from a DHCP server or that no DHCP server or Relay Agent exists.

Term

Which DHCP option ensures that pre-Windows 2000 client resource records are updated by the DHCP server?

Definition
Dynamically update Dns A and PTR records for DHCP clients that do not request updates
Supporting users have an ad free experience!