Like this article? We recommend
Trouble Spots
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Exam Objectives
This exam is broken up into five different categories. We will look at what you have to know in each category to pass the exam.
Implementing, Managing, and Maintaining IP Addressing
Configure TCP/IP addressing on a server computer.
Manage DHCP.
- Manage DHCP clients and leases.
- Before DHCP can lease addresses to clients, it must be authorized and the scope must be activated.
- Manage DHCP Relay Agent.
- Since a router does not forward broadcasts, a client on the other side of the router from the DHCP server will not be able to get a lease.
- Manage DHCP databases.
- Be sure to understand how to backup, restore and reconcile a DHCP database.
- Manage DHCP scope options.
- There are many DHCP scope
options, but some of
the most common are:
- 003[md]Default router IP address for client use
- 006[md]DNS Name server to provide a client
- 015[md]DNS Domain Name
- 044[md]WINS server to provide to client
- 046[md]WINS node type
- There are many DHCP scope
options, but some of
the most common are:
- Manage reservations and reserved clients.
Troubleshoot TCP/IP addressing.
- Diagnose and resolve issues related to Automatic Private IP Addressing (APIPA).
- Certain IP address are private and not routable over the Internet. They are 10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, 192.168.0.0 – 192.168.255.255
- Diagnose and resolve issues
related to incorrect TCP/IP
configuration.
- Subnetting is the process of dividing the total available IP addresses for a network into subnetworks, or subnets. On the exam, you may have several questions about subnetting, so you will have to understand it. You will need to be able to calculate them quickly in order to save time. There are many methods for figuring subnets and hosts, but one of the simplest and quickest ways is to memorize the table below. It is not as hard to memorize as it looks, because all you have to do is double the number and add two in order to get the next one above it. My wife, who is a pastry chef, was able to look at the example problems and get the correct answer quickly while looking at the table.
- You have 50 subnets on your network and expect it to expand to 56 subnets within a year. Each subnet on your network will require up to 800 hosts. Which subnet mask should you use? Answer: 255.255.252.0.
- Your company has been assigned a network ID of 215.168.86.0. Each subnet will have a maximum of 45 host IDs. Which subnet mask should you use? Answer: 255.255.255.192
- Your company has a network ID of 208.172.20.0 and 4 subnets. Which subnet mask should you use? Answer: 255.255.255.224
- You company has been assigned a network ID 212.167.52.0. Each subnet will have between 20 and 25 IP hosts. Which subnet mask should you use? Answer: 255.255.255.224
- Which subnet mask should you apply if the network ID 134.114.0.0 with eight subnets of up to 2,500 hosts per subnet? Answer: 255.255.240.0
- Your company has been assigned a class A network address with 58 subnets. You expect to have 96 subnets within the year. Which subnet mask should you use? Answer: 255.254.0.0 (When choosing a subnet mask, you should plan for future expansion. A subnet mask of 255.252.0.0 would work for the 58 subnets, but not for the 96.)
Subnet Mask
Subnets
# Class A Hosts
# Class B Hosts
# Class C Hosts
192
2
4,194,302
16,382
62
224
6
2,097,150
8,190
30
240
14
1,048,574
4,094
14
248
30
524,286
2,046
6
252
62
262,142
1,022
2
254
126
131,070
510
NA
255
254
65,534
254
NA
Subnetting examples:
Troubleshoot DHCP.
- Diagnose and resolve issues
related to DHCP authorization.
- DHCP Servers must be authorized. You can use the DHCPLoc.exe command to check for unauthorized DHCP servers.
- Verify DHCP reservation configuration.
- To ensure that a client always gets the same IP address, you use a reservation.
- Examine the system event log
and DHCP server audit log files
to find related events.
- DHCP events are found in the Event Viewer under System.
- Diagnose and resolve issues
related to configuration of
DHCP server and scope options.
- Each remote subnet must have a scope.
- Verify that the DHCP Relay Agent is working correctly.
- Verify database integrity.
Implementing, Managing, and Maintaining Name Resolution
Install and configure the DNS Server service.
- Configure DNS server options.
- DNS is installed by using the Manage Your Server tool.
- You manage DNS by going to Start / Administrative Tools / DNS.
- Configure DNS zone options.
- Be sure you know how to create a forward and reverse lookup zone.
- Configure DNS forwarding.
- A DNS server that can resolve unresolved queries from other DNS servers is a DNS Forwarder.
Manage DNS.
- Manage DNS zone settings.
- The benefits of DNS delegation are reducing DNS network traffic, providing zone redundancy, and reduce the load from the primary server.
- Manage DNS record settings.
- The five main types of resource records are Host (A), Alias (CNAME), Mail Exchanger (MX), Pointer (PTR) and Service Locator (SRV)
- Manage DNS server options.
- Be familiar NSLookup, System Monitor, Event Viewer, Replication Monitor, and DNS debug logs.
Implementing, Managing, and Maintaining Network Security
Implement secure network administration procedures.
- IPV6 is supported by Windows 2003.
Implement security baseline settings and audit security settings by using security templates.
- A security baseline should be established so that you know what is normal for your network, and that you have standard from which to base changes to your network.
- Strong passwords include upper and lower character, numbers, and special characters.
Implement the principle of least privilege.
- This element means that you limit access to computer rooms, servers, wiring closets. If someone has physical access to your servers or wiring closets, your hardware can be destroyed, rebooted, etc.
Install and configure software update infrastructure.
- Install and configure software
update services (SUS).
- SUS is a free program from Microsoft that allows you to update and patch your workstations and servers from a single source.
- Install and configure automatic
client update settings.
- Using SUS, you have the ability to download updates just once to a server and then install the updates based on a schedule. Updates will install on the client PC even though an administrator is not logged onto it.
- Configure software updates
on earlier operating systems.
- If your client is not running Windows 2000 SP3 or Windows 2003 server, you must install the SUS Client Update.
Implementing, Managing, and Maintaining Routing and Remote Access
Configure Routing and Remote Access user authentication.
- Configure remote access authentication
protocols.
- Windows 2003 supports
the following routing
protocols:
- No Authentication
- Password Authentication Protocol (PAP)
- Shiva PAP (SPAP)
- Challenge-Handshake Authentication Protocol (CHAP)
- EAP MD5-CHAP
- MS-CHAP V1
- MS-CHAP V2
- EAP with Transport Layer Security (TLS)
- Windows 2003 supports
the following routing
protocols:
- Configure Internet Authentication
Service (IAS) to provide
authentication for Routing
and Remote Access clients.
- IAS can be used as a Remote Authentication Dial-In Service, allowing the user to use their Windows username and password to gain access remotely.
- Configure Routing and Remote Access policies to permit or deny access.
- Remote Access Policies are used to determine who can gain access remotely.
Manage remote access.
- Manage packet filters.
- Manage Routing and Remote Access routing interfaces.
- Manage devices and ports.
- Manage routing protocols.
- Manage Routing and Remote Access clients.
Manage TCP/IP routing.
- Manage routing protocols.
- RIP and OSPF are routing protocols. RIP is simple and used on smaller networks.
- Manage routing tables.
- The Route command is used at a command prompt to add, delete, and change routing table entries.
- Manage routing ports.
- Use the Route Print command at a command prompt to view the current routing table entries.
Implement secure access between private networks.
- You use a Virtual Private Network (VPN) to connect two private networks across the Internet.
Troubleshoot user access to remote access services.
- Diagnose and resolve issues
related to remote access VPNs.
- There are many reasons that can cause you not to connect to your VPN, such as incorrect user credentials, expired account, LAN protocols do not match, etc.
- Diagnose and resolve issues related to establishing a remote access connection.
- Diagnose and resolve user access to resources beyond the remote access server.
Troubleshoot Routing and Remote Access routing.
- Troubleshoot demand-dial routing.
- Troubleshoot router-to-router VPNs.
Maintaining a Network Infrastructure
Monitor network traffic. Tools might include Network Monitor and System Monitor.
- Be familiar with Task Manger, Network Monitor, System Monitor, and the commands Netstat and NBTstat.
Troubleshoot connectivity to the Internet.
- Be familiar with the Ping and IPconfig command. If you can Ping an Internet site such as Yahoo.com successfully, then you know you have connectivity to the far side of your router. Use the IPconfig command to ensure you have received a IP address from the DHCP server.
Troubleshoot server services.
- Diagnose and resolve issues related to service dependency.
- Use service recovery options to diagnose and resolve service-related issues.