Windows 2000
Review: Application Directory PartitionsPg 5-25
What do connectionless services rely on as a transport?
Give an example of such a service.

Microsoft Challenge Handshake Authentication Protocol version 1* one-way authentication* same cryptographic key is used in all connections* supports Win 9x

Strong Encryption
Dial-up and PPTP-based VPN connections: MPPE 56-BitL2TP/IPSec VPN connections: DES 56-Bit

Which routing protocol should be added if you want link state advertisements to go to other routers?


Which protocol requires the use of certificates?

What is Nslookup.exe?
Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. This tool is installed along with the TCP/IP protocol through Control Panel.
There are ____ main categories of configuration settings that can be applied to either the computer or user section of a GPO.
Microsoft Windows Server 2003 DHCP Server supports both automatic and manual backups?a. Trueb. False
a. True
CHP 7 - Configuring Print Services
Standard Printer Permissions
Manage Printers
Manage Documents

Which secedit command is used to apply the settings ia a template to the computer the command is run on?

secedit /configure

What are the 12 contexts for the netsh command line tool?

You can refresh Group Policy settings manually by running ____ from the command prompt.
What is chained installation?
With chained installation, all updates that require a computer restart are applied before the computer is restarted. This eliminates the need to restart the computer more than once.
CHP 5 - Routing and Remote Access and Wireless Networking
3 compontents of NPS Ntwk policy

Security Association

A connection between IPSec peers = a successful logon.

Network Interface layer

The bottom layer of the TCP/IP reference model.Includes Ethernet, Token Ring, FDDI, ATM, etc.NO TCP/IP PROTOCOLS!
Name the 4 layers of the TCP/IP Model and their corresponding OSI Model layers.
2.Which of the following tools can be used to create new user accounts?a. DSADDb. DSMODc. DSQUERYd. DSMOVE
If an original package and its updated package are both native Windows installer files, the update automatically knows that it is to ____ the original package.
Answer: replace
The ____ administrative tool monitors and controls client access to one or more terminal servers.
Answer: Terminal Services Manager

By default, which network client, network service and network protocol are installed and bound to all connections?

Client for Microsoft Networks
File And Printer Sharing for Microsoft Networks

What are the 6 subcomponents of the Windows Networking 'Networking Services' component?

DNSDHCPInternet Authentication ServiceRPC over HTTP ProxySimple TCP/IP ServicesWINS
What should you do to minimize name resolution traffic across a WAN link without increasing zone transfer traffic?
Install a caching-only server.
____ must be installed on a print server for it to take advantage of Internet Printing Protocol.
Answer: IIS
DHCP is based heavily on which protocol?a. Address Resolution Protocol (ARP) b. Reverse Address Resolution Protocol (RARP) c. Bootstrap Protocol (BOOTP)d. Domain Name System (DNS)
c. Bootstrap Protocol (BOOTP)EXPLANATION: Dynamic Host Configuration Protocol (DHCP) is based heavily on Bootstrap Protocol (BOOTP).
CHP 10 - Maintaining Network Health
Network Access Protection - NAP
controls access to corporate ntwk resources based on the id of a computer attempting to connect to the resource, and the connecting computers compliance w/ corporate policies and standards.
CHP 6 - Configuring File Services
Disk Management views
- can show 2 at time.
- disk list
- volume list
- graphical view

What are the four layers of the TCP/IP reference model?

1. Network Interface
2. Internet
3. Transport
4. Application

What is the most efficient way of migrating a Windows Server 2003 DHCP database to a new Windows Server 2003 DHCP server?

netsh dhcp [export|import] C:\dhcp.txt all

How can pre-Windows 2000 computers perform dynamic DNS updates? What is the caveat to this solution and how is it resolved?

DHCP servers can perform dynamic updates for pre-Windows 2000 computers.The caveat is that a computer (the DHCP server in this case) takes ownership of the records it registers in DNS. This creates a problem if the zone is converted to Active Directory-integrated and secure updates are required. This is because only the owner of the record is allowed to update it.The solution is to register the DHCP servers in the DnsProxyUpdate group.
IPP can provide users with a method to easily gain access to remote printers using the standard ____ protocol.
Answer: HTTP
Which DHCP management process is used to recover unused space in the DHCP database?a. Reconcilingb. Compactingc. Restoringd. Removing
b. CompactingEXPLANATION: To recover used space in the Dynamic Host Configuration Protocol (DHCP) database, the DHCP database is dynamically compacted.
You are a network administrator and have been asked to configure a DHCP relay agent. What option in Administrative Tools would you use to complete this task?a. DHCP management console b. DHCP relay manager c. Routing And Remote A
c. Routing And Remote AccessEXPLANATION: To configure the Dynamic Host Configuration Protocol (DHCP) relay agent, use Routing And Remote Access in Administrative Tools.

When is the Forwarder tab unavailable on a DNS server?

When it has a root zone configured.
Configuring special ports
To map an internal service (such as a Web, Telnet, or FTP server) to the external interface of the NAT computer. This feature allows external requests for internal services to be forwarded to the proper computer. This is configured on the 'Services And Ports' tab of the NAT properties page.
Which of the following is NOT one of the processing elements a network print server uses to receive and process a print file?
Answer: print manager
A DHCP database is a distributed database similar to a DNS database?a. Trueb. False
b. FalseEXPLANATION: A Dynamic Host Configuration Protocol (DHCP) database is a dynamic database that is updated as clients are assigned or as they release Transmission Control Protocol/Internet Protocol (TCP/IP) configuration parameters.
As a network administrator, you are deploying DHCP on your Microsoft Windows Server 2003 network. You want to ensure that all of your print devices receive the same IP address each time they initialize. What step should you take to ensure that DHCP assig
a. Configure client reservations for each print device interface.EXPLANATION: Client reservations map a specific IP addresses to a specific hardware address. Dynamic Host Configuration Protocol (DHCP) then assigns the same IP address to each print device for each mapping. (Discussion starts on page 18.)
CHP 9 - Securing Data transmission and Authentication
IPSec modes
Transport mode:
use when require pkt filtering and when require end to end security. both host must support IPSec with same authentication protocols and compatible IPSec filters.
Tunnel Mode:
for site to site communication that cross internet (or other public ntwk). Provides gateway to gateway protection.

For a computer running IAS, what is the difference between remote access policies
and connection request policies?

Remote access policies are applied by IAS when it is functioning as a RADIUS server. In this
case, policies apply permissions, constraints, or other attributes to these connections. Connection
request policies are applied by IAS when it is functioning as a RADIUS proxy. In this
case, the policies help sort connection requests so that these connections can be routed to an
appropriate RADIUS server group.

What is another name for Netmask Ordering?
Netmask ordering is often referred to as the LocalNetPriority setting on MCSE exams.
Name 8 protocols that exist at the Application Layer of the TCP/IP 4 layer reference model.
From a DHCP server, a client receives an address that has a lease period of 6 days. At what point will the client first attempt to renew the lease?a. 1 day b. 5 days c. 2 days d. 3 days
d. 3 daysEXPLANATION: Dynamic Host Configuration Protocol (DHCP) clients will attempt to renew the lease with the DHCP server that originally provided the lease when 50 percent of the lease duration has expired.
Your Microsoft Windows Server 2003 network has 100 clients and uses DHCP with a scope that is configured to issue an internal address in the range of through You have been asked to set the DCHP lease period to the longest possib
c. Set the DHCP lease period to unlimited.EXPLANATION: The Dynamic Host Configuration Protocol (DHCP) lease period can be set to intervals between 1 minute and 999 days, or it can be set to unlimited. In this case, you would set the lease period to unlimited. (Discussion starts on page 5.)
What do you need to remember when running the nslookup ls command?
Because the ls command simulates a zone transfer, you need to be sure to allow zone transfers to the computer on which you are running Nslookup.
When DHCP audit logging ends at 12:00 A.M. and there is a current log file with the same name that has been modified within the last 24 hours, what action will DHCP take in regards to the current log file?a. The log file is overwritten.b. A n
c. New logging activity is appended to the current log file.EXPLANATION: When Dynamic Host Configuration Protocol (DHCP) logging detects a log file with the same name that has been modified within the last 24 hours, the new logging information will be appended to the current file.
You must deploy DHCP on your network. The network has three physical segments that are separated by a Microsoft Windows Server 2003 server that is configured to act as a router. You configure three subnets, ormultinets, using the following range of
b. Define a superscope that includes a separate scope for each address range.EXPLANATION: A superscope is an administrative grouping of multiple DHCP scopes or multinets. Creating a scope for each subnet is incorrect because each scope must contain separate address spaces. Configuring DHCP on three computers, one for each subnet, would not allow the DHCP server to use multiple scopes.

What are the 2 methods for adding the DNS server role to a server?How does the method selected affect zone transfers?

1. Selecting the 'Add or remove a role' button in the 'Manage Your Server' applet. When using this method zone transfers are disabled completely.
2. Using the Windows Component Wizard. When using this method zone transfers are restricted to servers listed on the Name Servers tab of the zone's properties.
You must perform a manual backup on a DHCP server named DHCP1. You would like the backup file to be stored on a computer named Server1. Which of the following steps must you take to complete this task?a. In the Advanced tab of the DHCP server
b. In the DHCP server properties page, specify a local path to initially store the back-up, and then copy the backup file to the correct location on the remote server.EXPLANATION: When you perform a manual backup, you must specify a location that is local to the Dynamic Host Configuration Protocol (DHCP) server to store the backup. The backup file can then be copied to a remote location.

What must you do to allow your NT4 RAS server to continue to function on your Active Directory network if you didn't select 'Permissions Compatible With Pre-Windows 2000 Operating Systems' during the Active Directory Installation Wizard?
You must add the Everyone group to the Pre-Windows 2000 Compatible Access domain local security localgroup "pre-windows 2000 compatible access" everyone /add
For a zone in which only secure dynamic updates are allowed, you have configured your DHCP server to perform dynamic updates on behalf of Microsoft Windows NT 4 clients. All other dynamic DNS settings on the DHCP server have the default settings. After y
b. The DHCP server is not a member of the DnsUpdateProxy security group.EXPLANATION: When secure dynamic updates are enabled, only the owner of the record can update the Domain Name System (DNS). In this scenario, the Dynamic Host Control Protocol (DHCP) server notified DNS of the server with the initial records for the Windows NT 4 clients and is therefore the owner of the record. After the computers are upgraded from Windows NT 4 to Windows XP, the Windows XP clients would attempt to update address (A) resource records but would be unsuccessful. Adding the DHCP server to the DnsUpdateProxy security group eliminates this problem by preventing the DHCP server from becoming the owner of the records.

Microsoft-Challenge Handshake Authentication Protocol version 2* mutual authenticaion* encrypts authentication & connection data* New cryptographic key is used for each connection & each direction of transmission* enabled by default in XP, W2K, & W2K3

Server Message Block
Renamed to CIFS - Common Internet File SystemTraditionally runs on NetBIOS and allows files and folders to be shared.


Encapsulation Security Payload - a protocol that provides encryption for L2TP/IPSec VPN connections. It is a feature of IPSec.
What command do you sometimes need to run on a computer before you can see the benefit of having fixed a DNS problem somewhere else on the network?
ipconfig /flushdns
The Microsoft Standard Installation format of client Terminal Services connection software comes in a file called ____.
Answer: msrdplci.msi
shutdown /i

Entering this command from the Start>Run menu invokes a graphical tool that lets you select and shutdown/restart multiple remote computers.

Exam Tip: GRE

Generic Routing Encapsulation: For the exam, if you see the protocol GRE mentioned in an answer choice,
remember that it is merely an indirect reference to PPTP.
Applications can only be published to
Answer: users

Which protocols support mutual authentication?

Zone Properties->General->Aging->Refresh Interval
Increasing this value decreases zone transfer traffic
A(n) ____ automatically replaces the old version of the software with the new version that is being deployed.
Answer: mandatory upgrade
Using Windows Server 2003 Group Policy, applications can be deployed by
Answer: assigning applications

What are the 2 default Application Directory Partitions?

DomainDnsZones and ForestDnsZones
Troubleshooting DHCP

1. Determine whether the error is on the client, in the physical network, or on the server.2. Use the connection status dialog box or the output from the Ipconfig /all command
to determine whether a client address has been properly obtained from a
DHCP server.3. Verify that each client lies within broadcast range of a configured DHCP server, DHCP relay agent, or RFC 1542–compatible router.4. To verify a DHCP server configuration, verify that the server has been properly installed, authorized, and bound.5. To verify a scope configuration, verify that the scope is activated, and check the settings for the address range, subnet mask, exclusions, reservations, and superscopes.
Connection Status|Repair operations

1. Broadcast a DHCP Request message to renew the currently assigned client IP
address.(ipconfig /renew)
2. Flush the ARP cache.(arp –d)
3. Flush the NetBIOS cache. (nbtstat –R)
4. Flush the DNS cache.(ipconfig /flushdns).
5. Reregister the client’s NetBIOS name and IP address with a WINS server(nbtstat –RR)
6. Reregister the client’s computer name and IP address with DNS. (ipconfig /registerdns)
Which type of user profile does not save user settings when the user logs off?a. localb. Roamingc. Nulld. mandatory
d. mandatory
The ____ administrative tool stores and tracks Terminal Services client access licenses.
Answer: Terminal Services Licensing

What are the hardware recommendations for a WSUS server with 500 clients?

• 1 gigahertz (GHz) processor
• 1 gigabyte (GB) RAM
• A minimum of 1 GB free space is required for the system partition.
• A minimum of 6 GB free space is required for the volume where WSUS stores content; 30 GB is recommended.
• Both the system partition and the partition on which you install WSUS must be formatted with the NTFS file system.
• A minimum of 2 GB free space is required on the volume where WSUS Setup installs Windows SQL Server 2000 Desktop Engine (WMSDE).

Rebinding State

What a client that is no longer able to communicate with it's original DHCP server waits for before attempting to renew its lease with any available server. By default this occurs 7 days from the original lease.
What type of user profile us used by default when a user logs on to a Windows XP system in an Active Directory domaina. localb. roamingc. Nulld. mandatory
a. local
Which of the following could cause possible changes to a network’s security policy?
Answer: group membership changes
You can configure a policy using the ____ option if you want a particular GPO’s settings to always be enforced.
Answer: No Override

How do you access the Network Diagnostics tool?

Start>Help and Support>click 'Tools' under the 'Support Tasks' list>expand 'Help and Support Center Tools' in the left pane>click 'Network Diagnostics'

What is the default configuration for zone transfers when a DNS server has been installed using the Windows Components Wizard? Using the 'Manage Your Server' window?

Transfers are allowed only to authoritative servers. (Authoritative servers are only those servers whose IP addresses are listed on the Name Servers tab in the zone's properties.)If the 'Manage Your Server' window is used to add the DNS Server role, the default is that zone transfers are completely disabled.
Ipconfig /registerdns command can only be used on clients running which operating systems?

Windows 2000, Windows XP, and Windows Server 2003.
Which of the following is NOT part of the correct syntax when you wish to access a VBScript file from the command line?
Answer: Wscript command
You have not modified the default settings for DNS on the DHCP server that is running the Microsoft Windows Server 2003 operating system. Which of the following client records will be updated in DNS by the DHCP server? (Assume that the clients are runnin
a. The PTR resource recordEXPLANATION: A Windows Server 2003 server with Dynamic Host Configuration Protocol (DHCP) configured with default settings will dynamically update the client’s pointer (PTR) record in the Domain Name System (DNS). The Windows XP client will contact the DNS server directly to update the address (A) resource record. (Discussion starts on page 32.)
What should you consider before installing a SUS server?
You should not have any virus-scanning software installed on the server. Virus scanners can mistake SUS activity for a virus.

In an IPSec environment, what is the first step in troubleshooting unencrypted network traffic?

Verify the Security Associations within IP Security Monitor.
What are the 2 tools for troubleshooting Active Directory replicaton?
How do they differ?
Where are they located?
1. Replication Monitor and Repadmin command-line utility.
2. Replication Monitor just lets you spot errors, Repadmin provides detailed analysis and troubleshooting.
3. They are both located in the Windows Support Tools.
Exam Tip: You need to understand VPN ports for the exam.

Expect to see questions indicating
that VPN access is blocked only because too few ports are configured. Other questions will test your knowledge of how many ports can be created and how many simultaneous connections Windows Server 2003 can handle.
If you plan to set up an application server, then one Windows Server 2003 server on the network must also be configured as a(n) ____ server.
Answer: Terminal Services licensing
Your Microsoft Windows Server 2003 domain has Microsoft Window XP and Microsoft Windows 98, Second Edition clients. Your network runs DHCP and DNS. You notice that none of the Windows 98 clients can be contacted using their host names. What change should
d. Choose the DHCP option to dynamically update DNS A and PTR records for DHCP clients that do not request updates.EXPLANATION: Pre–Windows 2000 clients do not have the capability to update their own address (A) records or to request Dynamic Host Configuration Protocol (DHCP) to update their pointer (PTR) resource records. You must choose the DHCP option to dynamically update Domain Name System (DNS) A and PTR records for clients that do not request updates.
With Windows server 2003, all domain controllers within the domain replicate their information to each other automaticaly. How is this described?
This is a multi-master replication model.

In Routing and Remote Access, what are the 3 connection types that are considered 'Demand-Dial Interfaces'?

VPN - Virtual Private Network
PPP - Point to Point Protocol
PPPoE - Point to Point Protocol over Ethernet

How would you delegate the ability to authorize a DHCP server?

Open the Active Directory Sites And Services MMC and open the Services node
What happens when you configure:
1. WINS lookup for a forward lookup zone?
2. WINS-R lookup for a reverse lookup zone?
1. A WINS resource record is created that points to the WINS server you specify on the WINS tab.
2. A corresponding WINS-R resource record is added to the zone database.
In Windows Server 2003, configuration of computer startup and shutdown scripts is handled by ____.
Answer: the computer section of a GPO
What is the default lease period for a DHCP server running on Microsoft Windows Server 2003?a. 24 hours b. 3 days c. 8 daysd. 5 days
c. 8 daysEXPLANATION: The default lease period for a Dynamic Host Configuration Protocol (DHCP) server running on Windows Server 2003 is 8 days.
What are pros and cons of RAID 0 ("Striped set without parity" or "Striping".)
Provides improved performance and additional storage but no fault tolerance. Any disk failure destroys the array, which becomes more likely with more disks in the array. A single disk failure destroys the entire array because when data is written to a RAID 0 drive, the data is broken into fragments.
Know the following TCP/UDP Port Numbers/IP Protocols that you would apply packet filtering to on a router to block or allow traffic.
FTP - TCP ports 20 & 21
HTTP - TCP port 80
HTTPS/SSL - TCP port 443
PPTP - TCP port 1723 for the connection and IP protocol 47 for data
L2TP/IPSec - UDP ports 500 & 4500 for the connection and IP protocol 50 for data

What should you always do when a DHCP server stops providing leases to clients?

Check the DHCP log to determine whether an authorization failure has occurred.
A DHCP server that is located on a member server and that is a member of a workgroup must be authorized before it can respond to DHCPDISCOVER messages?a. Trueb. False
b. False EXPLANATION: Dynamic Host Configuration Protocol (DHCP) servers that are part of an Active Directory domain must be authorized. There is no authorization process for DHCP servers that are members of a workgroup.
List the common IRQ Assignments from 1 thru 15?
0 - System Timer1 - Keyboard2 - Reserved3 - COMs 2,44 - COMS 1,35 - LPT26 - Floppy disk controller7 - LPT18 - Real-time clock9 - Redirected to IRQ210 - Available11 - Available12 - PS2 or bus mouse port13 - Math coprocessor14 - Hard disk controller15 - Available

Why are pre-shared keys in IPSec not considered secure?

They are passed over the network in plaintext.
You are the network administrator for Wingtip Toys. Your network consists of 85 desktop client computers and 55 portable computers, all of which run on Microsoft Windows XP Professional. Only 20 of the users of the portable computers are ever in the offi
c. Create one scope that has two user classes, each with different lease durations.EXPLANATION: Creating one scope with two user classes will allow an administrator to assign different configuration parameters to each user class. User classes are administrative groupings created by the network administrator. Thus, the group of portable computer users could be assigned a shorter lease duration than the clients that use desktops.
How do you add a parser to Network Monitor?
1. Add the parser dll to the WINDOWS\System32\Netmon\Parsers folder2. Add an entry in the parser.ini file located in the WINDOWS\System32\Netmon folder.
