Windows Server Flashcards

IP address
Terms Definitions

Internet Control Message Protocol

Microsoft Security Baseline AnalyzerScans a Windows system and identifies any mis-configurations with the operating system that may impact local security. It also identifies any missing security updates.

Password Authentication Protocol* no encryption * password are sent over the wire in plain text


Public Key Infrastructure: a system of digital certificates, certification authorities, and other registration authorities that authenticate each party involved in an electronic transaction.
Internet Group Management Protocol - IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It is an integral part of the IP multicast specification, operating above the network layer, though it doesn't actually act as a transport protocol.
CHP 6 - Configuring File Services 
Factors for planning file sharing on a lg ntwk 
- Scalability
- Navigation
- Protection
- Abuse
- Diversity
- Fault Tolerance
Snails Never Pack Art Down Flying Ants
NetBIOS over TCP/IPAppears as NBT in Network MonitorAn example of a Session layer interface in the OSI model (Application layer in the TCP/IP model)Designed to connect the Transport layer protocols (TCP, UDP) to the higher NetBIOS network programs, such as Client for Microsoft Networks.
User Datagram Protocol - used for connectionless network services such as DNS, L2TP & IPSec. UDP enables fast transport of datagrams by eliminating the reliability features of TCP such as delivery guarantees & sequence verification.
When configuring Folder Redirection settings, the ____ tab has a number of options that control the behavior of folder redirection.
Answer: Settings
CHP 6 - Configuring File Services
DFS replication
multiple master replication engine that can create and maintain copies of shared folders on different servers throughout an enterprise
What is the APIPA address range? -
The main requirement for redeployment of a package is that the patch has to come with a(n) ____.
Answer: MSI file
CHP 7 - Configuring Print Services
Print permission

- connect to printer
- print doc
- pause, resume, restart and cancel users own doc
Special Permissions:
- Print
- Read Permissions
Default Assignments:
Applied to Everyone special identity

What are the software requirements for WSUS 2.0 servers/clients?

1. Windows 2000 Server(SP3)
2. IIS 5.0
3. .NET Framework 1.1 SP1
4. BITS 2.0
Windows 2000(SP3) or later
Name the 4 layers of the TCP/IP Model and their corresponding layers in the OSI Model.

netsh dhcp show server

This command provides you with the
names and addresses of all servers authorized in Active Directory.
The command to start applications under the administrator account is ____.
Answer: runas /user: cmd
CHP 10 - Maintaining Network Health
PKI Common Terms:
Certification Authority (CA)
Hierarchical structure with an authoritative root CA responsible for all CA's in a ntwk that are subordinate and issuing CA's. Safer to have a standalone offline CA.

What are the special configuration requirements for CHAP?

The group policy
applied to accounts using this authentication method must be configured to store
passwords using reversible encryption. (Passwords must be reset after this new
policy is applied.)

How can you generate a report that lists all of the zones that are hosted on a DNS server?

dnscmd [servername] /unumzones
Windows Server 2003 lets you determine the printer permissions in effect for a given user via the ____ tab in the Advanced Security Settings of a printer.
Answer: Effective Permissions
To allow connections to occur, an administrator only needs to change a single setting in the ____ program.
Answer: Control Panel System
Which command should you use to force a client to renew its DNS registration?a. Ipconfig /renewb. Ipconfig /renewdnsc. Ipconfig /alld. Ipconfig /registerdns
d. Ipconfig /registerdns

At which level in the DNS console tree are the recursive and simple queries run?

At the server level.
Which authentication protocol is required to support secure access for wireless clients?
EAP-TLS (it's enabled by default in Windows XP Professional for wireless clients)

What are IPSec filters used for?

To exclude specific protocols from IPSec encryption.

What are the most common DNS resource records and their abbreviations?

Host (A)Alias (CNAME)Mail exchanger (MX)Pointer (PTR)Service location (SRV)
When a new user account is created in Active Directory Users and Computers, which group is it a member of by default?a. Domain Adminsb. domain usersc. Domain guestsd. Users
b. domain users
When a Microsoft Windows XP client that is configured to use a DHCP server initializes, what type of message will it broadcast first?a. DHCPREQUESTb. DHCPINFORM c. DHCPDISCOVER d. DHCPNACK
c. DHCPDISCOVER EXPLANATION: A DHCP-enabled client will broadcast a DHCPDISCOVER message in an attempt to locate a Dynamic Host Configuration Protocol (DHCP) server. DHCPREQUEST messages are sent to the DHCP server to request parameters from one server while declining a lease offer from another server.
Can we map an ntfs volume to an empty folder on another ntfs volume?
What feature is supported by RFC 1542-compliant routers?
BOOTP (Boot Protocol) forwarding. This allows DHCPDiscover packets to be forwarded to DHCP servers which are also notified of the originating subnet.
By default, what is the dynamic update setting for an Active Directory Integrated zone?
Allow only secure dynamic updates

Which Windows version(s) will IP Security Monitor run on?

Only Windows XP and Windows Server 2003

What method(s) are available to modify a DHCP scope's subnet mask?

You cannot modify the subnet mask for a scope - you must delete and recreate it.

Exam Tip: 
Name the 2 NetBIOS related commands that you need to know for the exam.

nbtstat -c
Lists the names in the NetBIOS name cache

nbtstat -R
Purges the local NetBIOS name cache

Exam Tip: 5-66
What are the 3 benefits of a stub zone?
1. Improved name resolution2. Keep foreign zone information current3. Simplifies DNS administrationIMPORTANT!
Stub zones do not serve the same purpose as secondary zones and are not an alternative when planning for fault tolerance, redundancy, or load sharing.
You suspect that the DHCP database has become inconsistent on one of the scopes. Which tool can you use to check database integrity and reconcile the database for that scope?a. The DHCP consoleb. The Netdiag command-line utilityc.
a. The DHCP consoleEXPLANATION: The administration tools that are included in the Dynamic Host Configuration Protocol (DHCP) console offer the ability to check integrity and reconcile either all scopes configured on the DHCP server or individual scopes. (Discussion starts on page 42.)
A valid range of addresses and associated configuration options that a DHCP server is configured to assign to DHCP-enabled clients is referred to as a what?a. DHCP scopeb. Client reservation c. Client lease d. Scope option
a. DHCP scopeEXPLANATION: A Dynamic Host Configuration Protocol (DHCP) scope is a set of Internet Protocol (IP) addresses and associated configuration information that can be supplied to DHCP clients. A client reservation is a DHCP scope option that provides the same IP address to a client each time based on the client’s hardware address. A client lease contains the addressing information provided by the DHCP server to a DHCP client. Scope options are optional configuration parameters that can be configured and associated with a DHCP scope.
What are the hardware requirements of Windows 2003 Server Datacenter Edition?
Enterprise Edition: Min. 512MB RAM (rec. 1GB), Max. 64GB for X86, 512GB for Itanium, Min. CPU 400/733MHz (x86/itanium (rec. 733MHz), Multiprocessor Support: Minimum of 8, maximum of 32 for 32-bit version, 64 for Itanium based computer, Free disk storage for setup: 1.5GB for x86 and 2GB for Itanium, up to 8 cluster nodes
CHP 5 - Routing and Remote Access and Wireless Ntwking
authentication protocols supported by RRAS
cert based authentication used with smart cards. Supports authentication data and connection data. Not supported by stand alone servers, and server must be domain member.
mutual authentication method with encryption of authentication and connection data. new cryptographic key for each connection and transmission direction.
one way authenticatioin method with encryption of authent and conn data. Same cryptographic key for all connections
"Extensible Authentication Protocol-Msg Digest 5 CHAP"
Challenge Handshake Authentication Protocol
- Shiva pswd authentication protocol (SPAP)
- Pswd Authentication Protocol (PAP)
- Unauthenticated success

Which 6 features are not available in the version of Network Monitor included with Windows Server 2003?

1. The ability to edit and retransmit frames.
2. The ability to capture frames from a remote system.
3. Determining top user of network bandwidth.
4. Determining which protocol consumes the most bandwidth.
5. Determining which devices are routers.
6. Resolving a device name into a MAC address.

Which DHCP audit log event IDs indicate a dynamic update request is sent, fails or succeeds?

30 = request sent
31 = request failed
32 = request succeeded

What is the default Group Policy Object refresh interval?

90 minutes, except for the Domain Controller OU which refreshes every 5 minutes.
While reviewing DHCP server logs, you notice several entries with event ID 15, which indicates that a lease was denied. You would like to determine how long this has been occurring and what is causing this error. The DHCP server has been online for only
c. A DHCP server with default configuration keeps logs for only seven days.EXPLANATION: When you enable logging, the Dynamic Host Configuration Protocol (DHCP) server creates log files named DhcpSrvLog-day.log, where day is a three-letter abbreviation that represents the day the log was created; for example, a log created on Sunday would be named DhcpSrvLog-Sun.log. For this reason, the default configuration will keep only seven days of DHCP logs. For example, on Sunday the DHCP log from the previous Sunday is overwritten.
If a client on a routed network is not on the same segment as the DHCP server, which of the following can be configured to allow the client to obtain DHCP addressing information from the DHCP server?a. DHCP helper address b. Def
d. DHCP relay agentEXPLANATION: Dynamic Host Configuration Protocol (DHCP) relies heavily on broadcast messages that are not typically allowed to pass through a router. A DHCP relay agent can be configured with the address of the DHCP server. The DHCP relay agent will listen for DHCPDISCOVER, DHCPREQUEST, and DHCPINFORM messages. The DHCP relay agent will forward the messages across the router to the DHCP server as a unicast packet.
CHP 9 - Securing Data transmission and Authentication
IPSec policy component:
Authentication Method
one of the security algorithms and types used for authentication and key exchange:
Kerberos v5 protocol
default authent. method used by IPSec policies deployed w/i AD domain.
PKI cert from cert authority (CA)
provides ability to deploy IPSec securely in non AD enviro.

What are the 4 options available on a services Recovery tab for responding to a service failure?

1. Take no action2. Restart the service3. Run a program4. Restart the computer
What happens when a DHCP option, such as the address of a DNS server, is configured both as a server option and as a scope option?

The value defined for the scope takes priority.

In standard zones, which 3 events trigger a zone transfer?

 They can be triggered when the refresh interval of the primary zone's SOA resource record expires.
 They can be triggered when a secondary server boots up.
In these first two cases, the secondary server initiates an SOA query to find out whether any updates in the zone have occurred. Transfers occur only if the zone database has been revised.
 They are triggered when a change occurs in the configuration of the primary
server and this server has specified particular secondary DNS servers to be notified
of zone updates.
When would a client computer receive a DHCPNACK message?a. When a DHCP server receives a request from a client to renew a lease and is in the process of completing the renewal b. When a DHCP server receives a request from a client to r
b. When a DHCP server receives a request from a client to renew a lease but cannot renew the leaseEXPLANATION: The DHCPNACK is used to inform a client that its request for lease renewal cannot be fulfilled. The DHCPOFFER is used to answer a DHCPDISCOVER message.

What must be true of the demand dial interface names for the respective routers?

The interface name for each router must match the user name for the calling router.
Your Microsoft Windows Server 2003 network is set to allow only secure dynamic updates. Your network clients were running Microsoft Windows NT 4 until you upgraded them to Microsoft Windows XP two days ago. DHCP is set to dynamically update DNS on behalf
b. The DHCP server is not a member of the DnsUpdateProxy security group.EXPLANATION: Only the owner of a resource record has permission to update it when using secure dynamic updates. When the Dynamic Host Configuration Protocol (DHCP) server initially updated the address (A) records of the Domain Name System (DNS) server, it became the owner of those records, making the DNS server incapable of future updates. Making the DHCP server a member of the DnsUpdateProxy security group prevents the DHCP server from taking ownership and thus avoids the problem.
Steps to replace a failed drive in a raid 5 set
Replace the failed disk. Initialize the disk, convert into dynamic volumes. Right click on the region of the failed raid 5 volume and select repair volume.

How can you test to see if routers between 2 computers support RSVP?

At a command prompt at the source computer type: pathping -P
Which action must be taken if you want to configure a DHCP server to update both A resource records and PTR resource records on behalf of a Microsoft Windows NT 4 client?a. No action is required.b. In the DNS tab of the DHCP server prop
b. In the DNS tab of the DHCP server properties dialog box, select c. Dynamically Update DNS A And PTR Records For DHCP Clients That Do Not Request Updates.EXPLANATION: For the Dynamic Host Configuration Protocol (DHCP) server to dynamically update address (A) and pointer (PTR) resource records for Windows NT 4 clients, the DHCP server must be configured with the Dynamically Update DNS A And PTR Records For Clients That Do Not Request Updates option. Only Microsoft Windows 2000 and later client operating systems can request that the DHCP server update records on their behalf.
Shiva Password Authentication Protocol* used with proprietary 'Shiva' remote networking products* weak encryption scheme* no connection data encryption

Should demand-dial connections use static or dynamic routes?

A command-line utility in Windows Support Tools whose main function is to help resolve faulty DNS delegations.DNSLint can also be used to verify DNS records used for Active Directory replication and to search for various record types on multiple DNS servers.
When configuring the connection settings of a Terminal Server, ____ connection object exist(s) by default.
Answer: 1

What is the secedit switch for testing the syntax of a security template before applying it?


What security group membership is required to authorize a DHCP server?
Enterprise Admins
Creating a mandatory user profile involves renaming which file?a. NTUSER.DATb. NTUSER.MANc. NTUSER.PROd. NTUSER.SET

to which registry key must you add the entry 'IPAutoconfigurationEnabled' with a value of 0 to disable APIPA for a specific network interface?

051 Lease
An option in the predefined Default Routing And Remote Access class that allows you to assign shorter leases to remote access clients than to your other DHCP clients.
The Default Domain Policy specifies that a user password must be how long by default? a. Five Charactersb. Six Charactersc. Seven charactersd. eight characters
c. Seven characters
White Exclamation Mark in Blue Circle – DHCP Scope (Error 14)
Out of Addresses

Internet layer

2nd layer up in the TCP/IP reference modelIncludes the ARP, IP, and ICMP protocols.
Exam Tip:
Give an example of a session-layer interface in the OSI model and explain it's function.
NetBT (NetBIOS over TCP/IP)
Designed to connect the Transport Layer protocols of TCP/IP and UDP to the higher NetBIOS network programs, such as 'Client for Microsoft Networks'.
.After how many days must a domain user change their password by default?a.30b. 10c. 42d. 34
c. 42
.Which of the following tools can be used to modify the properties of existing user accounts from the command line?A. DSADDB. DSMODC. DSQUERYd. DSRM
How often will Microsoft Windows Server 2003 perform an automatic backup of the DHCP database if the default settings are not altered?a. Every 24 hoursb. Every 30 minutesc. Every 120 minutesd. Every 60 minutes
d. Every 60 minutes

Quick Mode Active Security Associations statistic:

The number of successful logons since the IPSec process was started.

What is the difference between PPTP and L2TP/IPSec authentication?

L2TP/IPSec requires computer authentication in addition to user authentication.
For which Windows versions is the Automatic Updates Client available?
Windows MEWindows 2000Windows XPWindows Server 2003
If there is no conflict in the settings between policies when multiple policies are involved, then ____ is/are applied.
Answer: both policies
The term GUID refers to a(n)
Answer: globally unique identifier

By default which authentication protocols are supported for a VPN server?Where else must they be enabled?

EAP, MS-CHAP v2, and MS-CHAPIt must also be enabled in the profile of the remote access policy.

What are the 5 subcomponents of the Windows Networking 'Management And Monitoring Tools' component?

Connection Manager Administration KitConnection Point ServicesNetwork Monitor ToolsSimple Network Management ProtocolWMI SNMP Provider

What tool should you use to perform detailed analysis and troubleshooting of Active Directory replication?

REPADMINReplication Monitor provides a general means to monitor Active Directory replication
and spot replication errors. To perform detailed analysis and troubleshooting of Active Directory
replication, use the Repadmin command-line utility, also included in Windows Support Tools.
Which of the following is NOT one of the main phases a company goes through when deploying new software?
Answer: Software renewal
Which of the following client operating systems have the capability of dynamically registering their A records with DNS?A Microsoft Windows NT Workstation 4B Microsoft Windows 2000 ProfessionalC Microsoft Windows XP Professional
B Windows 2000 ProfessionalC Windows XP ProfessionalEXPLANATION: Only Windows 2000 and later operating systems have the ability to dynamically update Domain Name System (DNS) address (A) records.
What are the hardware requirements for Windows Server 2003 Standard Edition
Standard Edition: Min. 128MB RAM (rec. 256), Max. 4GB, Min. CPU 133MHz (rec. 550MHz), Multiprocessor Support: Up to 4, Free disk storage for setup: 1.5GB, no cluster nodes

How can you capture just the header information using Network Monitor?

Decrease the frame size setting.

What is the default replication setting for Active Directory Intergrated zones?

To all domain controllers in the domain
Which of the following is not a required element in a complex password?a. minimum of six charactersb. minimum of eight charactersc. cannot include the user named. must include three or four defined character types
b. minimum of eight characters
Your DHCP database is corrupt, and you are forced to perform a manual restore. The database restore was successful. The week after the restore, you ask one of your junior administrators to make a change to the DHCP server. The junior administrator is not
a. Security credentials are not backed up by DHCP. After you perform a restore, you must reconfigure security credentials associated with the DHCP database.EXPLANATION: When the Dynamic Host Configuration Protocol (DCHP) database is backed up either manually or automatically, the security credentials are not saved and must be reconfigured if a restore is required.
A network administrator configures a DHCP server that has a scope of addresses through The first 10 addresses in this range were previously assigned to servers and print devices that require static IP address configuration. What
B Configure an exclusion range for the addresses that have been assigned previously. EXPLANATION: To prevent the Dynamic Host Configuration Protocol (DHCP) server from assigning addresses that have been statically assigned and included in the address pool, you must configure an exclusion range that includes the statically assigned addresses.

What are the 3 levels at which DHCP options can be configured and what is the order of precedence?

1. Reservation level
2. Scope level
3. Server levelThe precedence is in that order.

How do you determine which network adapter the DHCP server is bound to?

The Advanced tab of the Server Properties dialog box has a Bindings button

On the General tab of a connection’s
properties dialog box, what does the
check box next to each component indicate?

Whether that component is bound to the
You administer a network that has 75 client computers configured to dynamically receive IP address configuration. The DHCP server has been configured using a DHCP scope with a configured IP address range of to and a 24-bit mask.
a. Activate the scope.EXPLANATION: A scope must be activated before it can be used to assign addresses, and a Dynamic Host Configuration Protocol (DHCP) server must be authorized if it is part of an Active Directory domain. Increasing the lease duration or re-creating the scope does not affect this situation.
What are some RAID 1 facts? ('Mirrored set without parity' or 'Mirroring')
Provides *fault tolerance* from disk errors and failure of all but one of the drives. *Increased read performance* occurs when using a multi-threaded operating system that supports split seeks, very small performance reduction when writing. Array continues to operate so long as at least one drive is functioning. Using RAID 1 with a separate controller for each disk is sometimes called duplexing.

Exam Tip 
Expect to be tested on DnsUpdateProxy on the exam.
A security group to which DHCP servers can be added to prevent them from taking ownership of DNS records which they have been configured to update for pre-Windows 2000 clients. This allows secure updates for Active Directory-integrated zones to function.
When is the 2nd configured DNS server used?
When the 1st DNS server is down.
You are a network administrator of a Microsoft Windows Server 2003 network. Your network is configured to use secure dynamic updates. Users complain that they cannot communicate with one of the Microsoft Windows XP clients on your network using the clien
a. Type ipconfig /registerdns at the command prompt on the Windows XP client computer.EXPLANATION: Typing ipconfig /registerdns on the client will force that client computer to attempt to register an address (A) resource record with the Domain Name System (DNS) server.
While creating a DHCP scope, you create an exclusion range for the printers on your network. You also create client reservations for each printer. None of the printers receives an IP address from DHCP. How should you resolve the problem?a. R
b. Remove the exclusion range for the printers.EXPLANATION: Addresses that are excluded could not be leased under client reservations. In this scenario, you should configure client reservations but not exclusions.
Are secure DNS updates enabled at the server or zone level?What other configuration is required to support secure updates?
At the zone level.The zones must be configured as Active Directory Integrated.
What 6 things happen when you repair a network connection? What are their command-line equivalents?
1. Broadcasts a DHCP request to renew current IP address (ipconfig /renew)2. Flushes the ARP cache (arp -d)3. NetBIOS name cache is flushed (nbtstat -R)4. Flushes the DNS cache (ipconfig /flushdns)5. Reregisters the client's NetBIOS name & IP address with a WINS server if present (nbtstat -RR)6. Client name is re-registered with DNS (ipconfig /registerdns)
Can roaming profiles locations be configured by Group Policy?
No. A quick way to do it is to select multiple users in active directory users and computers and specify the location of the user profiles on the properties page of the user accounts.
/ 99

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})


{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online