IT Certifications Home > microsoft > mcse
MICROSOFT/MCSE
MCSE INTRODUCTIONMCSE BOOT CAMPSFREE MCSE PRACTICEMCSE BOOKS |
174 Tips for Microsoft MCSE Certification Exam 70-216:
174 Tips for 70-216 MCSE Exam: 70-216
Implementing and Administering a
Microsoft
Windows 2000 Network Infrastructure
1. A
DNS client is any computer that can query a DNS server
(through a
resolver).
2. A
DNS server is any computer running
the DNS Server service. DNS servers
perform name-to-IP mapping and attempt
to resolve client queries.
3. A
remote access policy defines
actions that can be undertaken for a user or
group of users who connect
remotely. They can employ specific authentication
and encryption methods.
4. A
resolver is the DNS client program that is used to query DNS
name
information.
5. A
scope is a range of IP addresses that
can be issued to DHCP clients on a
single subnet by the DHCP server. Only
one scope can be created for each
subnet, and a single DHCP server can
manage several scopes.
6.
DHCP scopes are created with the New Scope
Wizard, which also allows you
to add exclusions, configure the router,
define Domain Name and DNS Server
options, and specify WINS settings.
7.
A virtual private network (VPN) is an extension of the physical network.
Rather than restricting the network to local cabling, it uses a public
network
(i.e. the Internet) as a segment backbone.
8.
After
installing the DHCP service, you gain the DHCP snap-in and must define
at
least one scope on the server. Only one scope can be created for each
subnet.
9.
An individual host can have its data packet sent in one
of the following three
ways:
By looking at the default gateway address
in the IP configuration
By using Internet Control Message Protocol (ICMP)
redirects to find a
route to a destination host
By listening to traffic
between routers utilizing RIP (Routing
Information Protocol) or Open
Shortest Path First (OSPF)--known as
dynamic routing.
10.
Authentication can be accomplished through the use of the following (which
can be used in conjunction with one another):
174 Tips for Exam 70-216
1
©2002 Mercury Technical Solutions All
Rights Reserved
http://www.CertificationCorner.com
CHAP (Challenge Handshake Authentication Protocol)
EAP
(Extensible Authentication Protocol)
MS-CHAP (Microsoft Challenge Handshake
Authentication Protocol)
versions 1 and 2
PAP (Password
Authentication Protocol)
SPAP (Shiva Password Authentication Protocol)
11.
Automatic Private IP Addressing (APIPA) is used if TCP/IP values are
not
manually entered, and no DHCP server is found. This assigns values in
the
169.254.x.x range with a subnet of 255.255.0.0. Turning this feature off
requires editing the Registry.
12.
Before manually compacting the
WINS server database, you must first stop
the services. Following the
operation, you must restart the service. To
distinguish between dynamic
database compaction and manually compacting
the database offline, see
http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/
windows2000/en/advanced/help/sag_WINS_und_Database.htm.
13.
By default, the authentication provider is Windows
authentication, but it can
be changed to RADIUS authentication by using
Internet Authentication
Service (IAS). Kerberos v5 is W2k's default
authentication scheme.
14.
By default, the Authenticated Users group has
only Enroll and Read
Configuration permissions.
15. Certificate
requests
to
a stand-alone CA (certificate authority) are always set
to pending status first and have to be approved by an administrator.
16.
Certificate Services is included with Windows 2000 for securing intranet and
extranet communications. CS is the W2k service that issues certificates for
a
particular CA.
17.
Certificate Services uses public keys (known by
all) and private keys (known
only by you). The two keys work with each other
to encrypt (scramble) and
decrypt (unscramble) data, or to sign the data.
18.
CHAP authentication is one-step above PAP in that it does not use
clear-text
passwords.
19.
Common TCP ports to allow/deny include:
20-FTP (data), 21-FTP (session),
23-Telnet, 25-SMTP, 80-HTTP, 110-POP3, and
143-IMAP
20.
Complete data backups within WINS are done every three
hours, by default.
21.
Configuration of NAT (Network Address
Translation) is done through the
Routing and Remote Access MMC snap-in
(meaning that RRAS must be
activated before NAT can be employed).
22.
Connections are configured to use MPPE (running with PPTP) or IPSec
(running with L2TP) through the Network and Dial-up Connections applet.
23.
Default gateways traditionally are the first valid IP address within
a subnet
(such as 192.168.0.1). Although this need not always be the case,
it
traditionally is the case.
174 Tips for Exam 70-216
2
©2002 Mercury Technical Solutions All Rights Reserved
http://www.CertificationCorner.com
24.
Delegated zones require that all queries on the
existing domain go to one
server for resolution. In all cases, the delegated
domain must be a sub-
domain of the domain performing the delegation.
25.
Demand-dial routing (also known as dial-on-demand routing) is
used to send
packets across a dial-up link between two routers that have
Routing and
Remote Access Services (RRAS) installed. The connection can be
made
through a modem, ISDN line, or direct (serial/parallel) connection.
26.
Demand-dial security allows the administrator to add features such
as
authentication, encryption, callback, caller ID, etc.
27.
DHCP
(Dynamic Host Configuration Protocol) allows you to dynamically
distribute
IP addresses and all associated configuration data through an open
standard.
28.
DHCP clients are given leases to define the amount of time their
address
information is valid. Every client automatically attempts to extend
the lease
when half the time of the lease has expired. If it fails, it keeps
trying for the
duration of the lease.
29.
DHCP does not only issue
addresses from the address pool/scope, but also
issues lease information and
other IP configuration data (default gateway,
subnet mask, etc.).
30.
DHCP is installed as a service on Windows 2000 through the use of wizards
that follow the networking services subcomponent of the Add/Remove
Programs applet.
31.
Distance vector routing is the oldest and
most-common method of dynamic
routing, building the routing tables on
information learned from other routers.
32.
DNS is a server service
consisting of a hierarchical, distributed database with
built-in redundancy
and caching capabilities. DNS translates domain names
into IP addresses.
33.
DNS is installed as a service within Windows 2000 through the use of
wizards.
If you have installed Active Directory (via the Active Directory
Installation
Wizard) but cannot find a DNS server, the ADI wizard will
attempt to install
the DNS service for you.
34.
DNS management can
be performed with the DNS Manager snap-in.
35.
DNS monitoring can be
done with the Performance tool on counters such as
Caching Memory, IXFR
Counters, TCP/IP, and Zone Transfer.
36.
DNS uses resource records to
perform translations. Resource records are
entries in the zone database
file; each resource record identifies a particular
resource within the
database.
37.
DNS resource records include:
A (Address)
CNAME
(Canonical Name)
MB (Mailbox)
MG (Mail Group)
MINFO (Mail
Information)
174 Tips for Exam 70-216
3
©2002
Mercury Technical Solutions All Rights Reserved
http://www.CertificationCorner.com
MX (Mail Exchanger)
NS (Name Server)
PTR (Pointer)
RT (Route Through)
SOA (Start of Authority)
SRV (Service)
TXT
(Text)
38.
A (Address) resource records are used to map a DNS name to an
IP address.
39.
CNAME (Canonical Name) resource records represent an
alias name for a
name already specified as another resource type in the
zone.
40.
MINFO (Mail Information) resource records hold Mailbox or
mailing list
information - usually used to specify a mailbox for error
messages.
41.
MX (Mail Exchanger) resource records detail message
routing to a mail
exchange host.
42.
PTR (Pointer) resource records
are used for reverse lookups.
43.
RT (Route Through) resource records
detail intermediate-route-through
binding for hosts that do not have their
own WAN address.
44.
The SOA (Start of Authority) resource record is the
first record in the DNS
database, and contains a serial number, the primary
server (and responsible
person), and information on intervals for secondary
servers to update.
Secondary servers update their databases through zone
transfers.
45.
SRV (Service) resource records are used by Windows 2000
for Active
Directory and Dynamic DNS (DDNS). Active Directory can work with
non-
Windows 2000 DNS servers provided that those DNS servers can support the
use of SRV records.
46.
TXT (Text) resource records can hold
descriptive text.
47.
DNS zone transfers can be all (AXFR), or
incremental (IXFR).
48.
If necessary, you can manually add resource
records into DNS through the
DNS snap-in.
49.
Round robin is a
method of load-balancing DNS servers by rotating type A
resource records.
50.
Configuring a zone for dynamic updates within the zone properties
dialog box
(obtainable from the DNS Management Console) allows DNS clients
to update
their resource records dynamically with the server anytime a
change occurs.
This can be enabled or disabled on a per-zone basis.
51.
The DNS root name server of a domain is the name server that is acting as
the Start of Authority for that zone.
52.
The first division of DNS
is into domains. The InterNIC (Internet Network
Information Center) controls
top-level domains (com, edu, etc.).
53.
During WINS replication, data is
replicated at the record level using an
incremental version ID.
174 Tips
for Exam 70-216
4
©2002 Mercury Technical
Solutions All Rights Reserved
http://www.CertificationCorner.com
54.
Dynamic DNS (DDNS) is simply the marriage of DHCP and
DNS. Whenever a
client interacts with DHCP (new lease, renewal, etc.), the
fully qualified
domain name (FQDN) of the client is registered with DNS
through the DHCP
server. This registration can be done manually using the
REGISTERDNS
parameter with the IPCONFIG.EXE utility.
55.
Dynamic
routing can use either distance-vector routing protocols or link-state
routing protocols.
56.
Link-state routing protocols differ from
distance-vector protocols in that they
send information only about routes
that have changed via link-state
advertisements (also known as
flooding).
57.
With link-state routing protocols, knowledge is
obtained first hand, not passed
on through other routers.
58.
EAP
(Extensible Authentication Protocol) has the client and the server
negotiate
the authentication protocol that will be used between them, in much
the same
way that networking protocols are determined. Possible choices
include
one-time passwords, username/password combinations, or access
tokens.
59.
EnableProxy is a DWORD value in the Registry that can be used to
configure
the WINS server for interoperability.
60.
The Encrypting
File System (EFS) encrypts data locally and requires a private
key to access
the data.
61.
Tombstoned WINS records are not immediately removed, but
instead are
flagged for later deletion (via an extinction interval) and
replicated.
62.
Even manually tombstoned WINS records remain in the
database until a
scavenge operation is undertaken.
63.
Filters can
be set for TCP, UDP, or IP protocol numbers, and can be universal
(for all
adapters) or individual. The filter can accept, deny, or accept within
specified conditions (always respond using IPSec, use Perfect Forward
Secrecy, etc.).
64.
For automatic configuration, every WINS server
announces its presence with
broadcasts. If one is found without a push/pull
partner, it gets added into the
replication list of an existing server. For
manual configuration, choose the
New Replication Partner option from the
Replication Partners node of the
server.
65.
For optimization
purposes, the binding order should be from the most-often-
used protocol to
the least so that a common language can be found quickest.
66.
For true
security, the EFS keys should be stored on removable media (such as
a
floppy) and away from the computer.
67.
FQDNs (fully qualified domain
names) specify the host name, the domain or
subdomain to which the host
belongs, and any domains above that in the
hierarchy until the root domain
in the organization is specified.
68.
Gateway Services for NetWare
(GSNW), and File and Print Services for
NetWare (FPNW) can be installed on a
server running NWLink to provide full
connectivity with the NetWare network.
174 Tips for Exam 70-216
5
©2002 Mercury
Technical Solutions All Rights Reserved
http://www.CertificationCorner.com
69.
IAS (Internet Authentication Service) can be used to
enforce (through
policies) issues such as: RADIUS clients allowed, incoming
phone numbers to
accept, the type of media used to establish the connection,
user membership
in security groups, and the time of allowed access (day,
hour, etc.).
70.
IAS is used for centralized administration and to
enforce access policies. It
works with PAP, CHAP, MS-CHAP, and EAP.
71.
IAS is useful for centralized auditing, scaling systems for growing demand,
monitoring usage remotely, and working with a graphical interface through an
MMC snap-in.
72.
If an EFS key is lost, the recovery agent
administrator can open the data,
save it as text, and then send it back to
the user.
73.
If you extrapolate, within each category, a CA can be a
root or
intermediate/subordinate, meaning there are four possible roles: 1.
Enterprise root CA, 2. Stand-alone root CA, 3. Enterprise subordinate CA, 4.
Stand-alone subordinate CA
74.
In addition to Kerberos, IPSec also
supports certificates, and the use of
reusable passwords (pre-shared keys).
75.
In Windows 2000, a DHCP server cannot provide services to clients
until it
has been authorized.
76.
In Windows 2000, the Routing and
Remote Access Service (RRAS) is installed
automatically, though not
activated.
77.
In Windows 2000, a DHCP server cannot provide services to
clients until it
has been authorized.
78.
In Windows 2000, the
Routing and Remote Access Service (RRAS) is installed
automatically, though
not activated.
79.
Internet Connection Sharing (ICS) is a service that
allows you to provide
automated demand-dial capabilities on a small network,
such as a home
office. This can be used for any number of processes,
including DNS Proxy,
DHCP, and NAT.
80.
IPSec is used to negotiate
the secure connection utilizing DES (Data
Encryption Standard/ 56-bit), and
3DES (Triple DES).
81.
IPSec is used to secure packets between two hosts
and cannot be used
locally, whereas EFS is used locally and does not encrypt
data on a network.
82.
Just as HOSTS files could be used in place of DNS
on a small network,
LMHOSTS files can be used in place of WINS on a very
small network.
83.
Kerberos and IPSec protocols do not work with NAT.
84.
Kerberos v5 authentication is in place on Windows 2000 domains and
can be
configured to interact with other MIT-based operating systems
(allowing other
clients access to Active Directory resources).
85.
Local subnets are prioritized within DNS by default. This is done so that
the
client finds a local resource first rather than a remote resource.
86.
MADCAP (Multicast Address Dynamic Client Allocation Protocol) works
like
DHCP, but is used to issue multicast addresses only.
174 Tips for
Exam 70-216
6
©2002 Mercury Technical Solutions
All Rights Reserved
http://www.CertificationCorner.com
87.
Microsoft Certificate Server is installed through the
Windows Components
section of the Add/Remove Programs utility.
88.
Monitoring remote access is done through counters in the Performance
utility;
the RRAS MMC console can be used to configure incoming connections
and
other features.
89.
MS-CHAP (Microsoft Challenge Handshake
Authentication Protocol) requires
the client to be using a Microsoft
operating system (for MS-CHAP version 2),
or a small handful of compatible
operating systems (for MS-CHAP version 1).
90.
Multicasting involves
sending a message to a select group of recipients
through the use of class D
IP addresses. This is useful for conserving
bandwidth. If you need to send a
data packet to 300 out of 600 users, for
example, you need to send it only
once (to the class D address) rather than
the 300 times unicasting would
require.
91.
Multicast addresses must fall within the Class D range of
224-239.
92.
Multilink is supported for both incoming and outgoing
communications.
93.
Multiple WINS servers use a push/pull relationship
between them, wherein
one can push or pull from another. Windows 2000 has a
new feature that
allows one server to be manually or automatically linked in
a push/pull
relationship with another WINS server in the network.
94.
Windows 2000 includes the following NAT editors: FTP, ICMP, PPTP, and
NetBIOS over TCP/IP.
95.
NAT interfaces define connection properties
for network address translation.
They define what constitutes the internal
network and what constitutes the
external network.
96.
NAT
translates between two different networks, allowing you to have a
private
scope internally and still communicate with the Internet.
97.
NAT will
not run on Windows 2000 Professional (requiring Windows 2000
Server or
Windows 2000 Advanced Server). ICS will run on all three
platforms.
98.
NAT works by having at least two different IP addresses: a valid Internet
address (it can even support more than one), and an internal network
address.
99.
Netsh is a command-line scripting tool that can be used
to configure RAS
features.
100. NetWare integration can use the NWLink
protocol for IPX/SPX-compatibility
needed by NetWare servers that do not use
TCP/IP.
101. Network bindings represent the order in which protocols are
tried as clients
and servers attempt to communicate. Communication will be
tried in the
binding order until a common protocol is found between both the
client and
server.
102. Network Monitor is a subset of the fuller
version in SMS. It can be used to
capture real-time activity, to create
filters, and to view and save data to a
file.
174 Tips for Exam 70-216
7
©2002 Mercury Technical Solutions All
Rights Reserved
http://www.CertificationCorner.com
103. No Callback is the default callback option per user. The
other two options are
Set by Caller (RRAS only) and Always Callback To
(wherein you must specify
the number).
104. Of key importance during the
creation of the Remote Access Dial-in Profile is
the Advanced tab, which
enables you to add connection attributes to be used
with RADIUS.
105.
Only one IPSec policy can be in use at a time. All policy settings can be made
using wizards. IPSECMON.EXE can be used to monitor and troubleshoot
operations.
106. Originally, HOSTS files were used to translate all host
names to IP addresses.
Static flat files, they had to exist and be updated
on every host connected to
the network. As this became impossible, DNS
became the replacement.
107. OSPF is a link state routing protocol that uses
link state advertisements
(LSAs) to communicate. OSPF has more features and
functionality than RIP
and is considered "loop-free," with a maximum metric
limit of 65,535.
108. PAP
(Password
Authentication Protocol) uses a
plain-text password
authentication method and should be used only if the
clients you support
cannot handle encryption.
109. PATHPING is a new
Windows 2000 utility that adds additional information to
the PING utility
and is used to verify that a remote host is accessible.
110. Persistent
connections between WINS servers increase replication efficiency
by not
needing to establish temporary connections for every update.
111. PPTP,
developed
by Microsoft and others, has not been widely adopted by
most of the Internet community. MPPE, which runs across PPTP, can use
40-
bit, 56-bit, and 128-bit (North America only) encryption.
112. Push
partners should be used across fast links, whereas pull partners should
be
used on slow links.
113. QoS allocates bandwidth for multimedia
applications.
114. A red arrow on the icon of a DHCP server indicates that
it is not authorized.
Once the DHCP server is authorized, the arrow changes
to green.
115. Remote Access Dial-in Profiles allow you to define the
following:
Dial-in Constraints
IP Address Assignment Policy
Multilink (aggregation of multiple analog phone lines through multiple
modems for greater bandwidth)
Authentication
Encryption (No
Encryption, Basic or Strong)
116. Remote Access Dial-in Profiles can be
configured and govern security in much
the same way group policies do.
117. RIP is a distance-vector protocol using hop count as the metric for
measuring
the number of routers that must be crossed to reach a network. The
maximum number of hops in a path is 15.
174 Tips for Exam 70-216
8
©2002 Mercury Technical Solutions All
Rights Reserved
http://www.CertificationCorner.com
118. RIPv2 can use multicasting of routing tables and supports
variable-length
subnet masks.
119. Root CAs can issue certificates to
other CAs (intermediaries), users, servers,
or other entities. Intermediate
CAs can then only issue certificates to other
CAs.
120. RRAS routing is
installed/configured through the RRAS MMC snap-in by right-
clicking on the
server and choosing Configure and Enable Routing and Remote
Access on the
popup menu. This starts the RRAS Setup Wizard.
121. RRAS includes support
for RIP for IPX and SAP for IPX.
122. RRAS supports the following protocols:
AppleTalk, IPX, NetBEUI, and TCP/IP.
123. Because so many Windows 2000
features depend on TCP/IP, it is installed by
default. In addition to
TCP/IP, you can install other protocols for compatibility
with other
operating systems and other services, as necessary.
124. SPAP (Shiva
Password Authentication Protocol) is a shade above PAP. It is
there only for
backward-compatibility and is not favored for new installations.
125.
Stand-alone CA (certificate authority) servers can work with or without Active
Directory and are based on public key infrastructure.
126. Static
routing uses a routing table that does not change. It is configured by
the
administrator and must be manually updated, as needed.
127. Superscopes are
used to support a supernetted network (multiple network
addresses or subnets
running on the same segment) with a Windows 2000
DHCP server. This is
accomplished through the New Superscope command
that appears on the popup
menu after you right-click a DHCP server within
the DHCP snap-in.
128.
TCP/IP packet filters can be used to prevent types of packets from reaching
your network server. These are configured through the Advanced button on
the TCP/IP protocol properties.
129. The caching-only server does not
have a copy of the zone table and is used
merely to speed up client queries
by storing the results of cached queries.
130. The Certificate Revocation
List (CRL) can be published automatically or
manually through the
appropriate MMC snap-in.
131. The DHCP Allocator in NAT supports only one
scope. If you need more than
one scope, you must use true DHCP, not NAT's
Allocator feature.
132. DHCP servers can be configured to use DDNS (Dynamic
DNS) at the scope
level or server level.
133. The DHCP snap-in enables
you to manage and monitor DHCP. For example,
you can work with the database
files, remove leases, and modify scopes.
134. The FQDN (fully qualified
domain name) is read from left to right, with each
host name or domain name
separated by a period.
135. The IP Security Policy Management MMC console is
used to manage IPSec.
136. The primary troubleshooting tool for working with
DNS is NSLOOKUP,
although IPCONFIG and Event Viewer also can be helpful.
174 Tips for Exam 70-216
9
©2002 Mercury
Technical Solutions All Rights Reserved
http://www.CertificationCorner.com
137. The properties of the NAT interface allow you to map
special ports and add
reserved addresses and address pools.
138. The
purpose of a digital signature is to guarantee that data is from the user it
is supposed to be from, and that it has not been altered. Signing uses
encryption as its main tool but also adds origin and authenticity
information
as well.
139. The
route command is used to
configure static routes and for troubleshooting.
The route -p command
lists all the routes the computer knows about.
140. The Address Resolution
Protocol (ARP) resolves IP addresses to hardware
addresses (MAC addresses).
141. The Routing and Remote Access Manager (under the Routing and Remote
Access portion of Administrative Tools) is used to configure Routing and
Remote Access for DHCP Integration, as well as remote access security.
142. The Routing and Remote Access Server Setup Wizard can assist with the
configuration and setup of parameters.
143. The three types of remote
access permissions available to a user are:
Allow access
Deny access
Control access through Remote Access Policy
144. The WINS MMC snap-in is
used to interact with the WINS service and to view
WINS statistics.
145.
A number of features within ICS are not available in the full-blown NAT:
Directplay Proxy (for playing games across a router), H.323 Proxy (for
Microsoft NetMeeting Calls), and LDAP Proxy (to register with an Internet
Locater Service server for NetMeeting).
146. There are four components
to WINS:
WINS servers (the main component)
WINS clients (use directed
communication with the WINS servers)
Non-WINS clients (use broadcasts to
WINS proxy computers that
communicate with the WINS servers)
WINS
proxies (intercept broadcasts on their subnet and communicate
with a WINS
server on behalf of a client)
147. To refer to a host in a domain, use a
fully qualified domain name (FQDN),
which, in essence, specifies the actual
location of the host.
148. TRACERT is an enhancement over PING in that it
not only shows whether a
host is accessible, but the route taken to reach
it.
149. UDP does not require a connection, whereas TCP does. Removing this
requirement, and the overhead, allows UDP to be faster.
150. You should
remove unneeded network protocols to reduce traffic.
174 Tips for Exam
70-216
10
©2002 Mercury Technical Solutions
All Rights Reserved
http://www.CertificationCorner.com
151. Utilizing NAT, only one machine (the NAT) needs to have a
valid IP address
for the Internet; all the internal clients can have private
addresses (10.0.0.0
for Class A, 172.16.0.0. for Class B, 192.168 for Class
C).
152. When a DNS server cannot resolve a query, it moves (escalates) it
up to a
root server that is authoritative for a zone.
153. When a user
dials in, you can choose to verify caller-ID, assign a static IP
address to
the connection, and/or apply static routes.
154. When installed, ICS sets
the IP address of the LAN interface to 192.168.0.1.
It also installs
AutoDHCP, DNS Proxy, and a WAN interface (modem) for a
demand-dial router to
your ISP.
155. When mixing Windows 2000 with older NetBIOS systems, the
Windows
Internet Naming Service (WINS) can be used to resolve "computer"
names to
IP addresses.
156. When the EFS key is stored locally, then to
the user it looks as if the data is in
normal form - but if someone without
the proper key attempted to view the
date, it would appear scrambled and
unusable.
157. Whereas ICS is intended for small networks, NAT is for large
networks
concerned with conserving IP addresses and/or security.
158.
Windows 2000 uses two main encryption protocols with VPNs (virtual private
networks): MPPE is used with PPTP, and IPSec, an open protocol suite that
relies on L2TP, is used to encrypt user names, passwords, and data.
159.
Windows 2000 includes the NAT DHCP service, which is used in place of the
standard Windows 2000 DHCP service.
160. Windows 2000 supports five
frame types: 802.2, 803.3, 802.5, SNAP, and
Ethernet II.
161. Windows
2000 uses RRAS, which is truly a multi-protocol router. It is capable
of
working with static routing, dynamic routing, and demand-dial routing.
162.
WINS employs several different broadcast/traffic types:
B-node (broadcast
node) is used by older clients.
P-node (point-to-point node) is used by
newer clients.
H-node (hybrid node) first attempts to use P-node resolution,
then
attempts B-node resolution.
M-node (modified node) is a hybrid that
first tries B-node resolution,
and then tries P-node resolution.
163.
WINS is installed as a service on a Windows 2000 server, using the Windows
Components section of the Control Panel's Add/Remove Programs applet.
164. WINS replication occurs on a regular basis, but can be forced at any
time by
right-clicking a partner and sending an immediate trigger to the
partner.
165. WINS-R records can be used in DNS to configure reverse lookups
for WINS
resolution.
166. DNS queries can be either recursive or
iterative.
174 Tips for Exam 70-216
11
©2002
Mercury Technical Solutions All Rights Reserved
http://www.CertificationCorner.com
167. With RADIUS, all authentication requests heard by a
server are sent to a
RADIUS server for approval/denial. RADIUS is an open
standard.
168. Within PKI are the following elements: certificate
authorities, which issue and
revoke certificates, and certificate
publishers, which make what the CA has
issued available.
169. CAs are
divided into different roles: An enterprise CA requires Active
Directory,
and a stand-alone CA works in the absence of Active Directory (the
only real
reason to employ).
170. Windows 2000 supports the following zone types:
Active Directory (integrated)
Standard Primary (the owner of the zones
within its database and able
to make changes)
Standard Secondary (has
read-only copies of the database and cannot
make changes or updates)
Caching-only (a non-authoritative server confined to resolving cached
queries)
171. You can remove the EFS recovery keys from the system by
using the Group
Policy Editor snap-in.
172. To create a new policy,
right-click the IP Security Policies folder for the popup
menu that contains
the New IP Security Policy option.
173. You cannot combine encryption with
compression in Windows 2000. Choosing
to encrypt a file (by clicking a
checkbox on the properties attributes) prevents
you from compressing the
file (also accomplished by a checkbox).
174. DNS zones are created with the
New Zone Wizard and can be used for
forward-lookup or reverse-lookup.
174 Tips for Exam 70-216
12
©2002 Mercury
Technical Solutions All Rights Reserved
http://www.CertificationCorner.com
Document Outline
|