IT Certifications Home > microsoft > mcse
MICROSOFT/MCSE
MCSE INTRODUCTIONMCSE BOOT CAMPSFREE MCSE PRACTICEMCSE BOOKS |
110 Tips for Passing the
Microsoft Windows Professional
70-220 Exam
1. A Remote Access Policy defines actions that can be undertaken for a user or
group of users that connect.
2. A Virtual Private Network (VPN) is an extension of the physical network. Rather
than restricting the network to local cabling, it uses the Internet as a segment
backbone.
3. Acquisition plans - is the company you are designing a solution for actively
seeking acquisitions (meaning you must plan for future growth), or are they a
likely acquisition target?
4. Administration type - This can be centralized or decentralized.
5. All processes employed by the company should be documented and diagrammed.
Of key importance are company processes related to: Information flow,
Communication flow, Service/Product lifecycles, and Decision-making.
6. Branch office model - You must go to lengths to verify that solutions
implemented here work with technologies employed throughout the rest of the
company.
7. Branch offices are wholly controlled by other entities (corporate offices).
8. By definition, all sites within the National Model must be contained within a
single nation.
9. Certificate mapping is used to map a third-party CA to a user account in Active
Directory.
10. Certificate requests to a stand-alone CA are always set to pending status first and
have to be approved by an Administrator.
110 Tips for Passing the 70-220 Exam
1
http://www.CertificationCorner.com
11. Certificate Services are included with Windows 2000 for securing intranet and
extranets communications.
12. Certificate Services utilize public keys (known by all) and private keys (known
only by you). The two keys work with each other to encrypt (scramble) and
decrypt (unscramble) data, or sign the data.
13. Change management - Is there a structure in place or not? When changes occur,
what is the procedure followed? If there is no procedure, chaos can result. If there
is too much of a procedure, no change will ever occur.
14. CHAP authentication (Challenge Handshake Authentication Protocol) is one-step
above PAP in that it does not use clear-text passwords.
15. Communication flow - Rather than being how the information is disseminated, it
focuses more on how the information is used. Does a customer hear something to
make them want to buy more of your product, or less? Does a customer tell you
something they heard about your company that makes you want to send out a
resume?
16. Communication flow differs from Information flow in that it often lacks formal
structure and comes about as a result of communication with others (customers,
vendors, etc.).
17. Company organization - some organizations are divided by products
(transmissions in one division, four-wheel-drive axles in another, etc.), while
other organizations divide operations and responsibilities purely on geographic
terms.
18. Company priorities - never assume these are constant. They can change with
management teams, market shifts, etc. During the design process, find out what
the priorities are, and where interest is.
19. Company's tolerance for risk - how does the company weigh risk against profit:
vulnerability against value? Do they employ basic security devices on sites? Do
they employ physical security at the facility?
20. Connections are configured to use MPPE (PPTP) or IPSec (L2TP) through the
Network and Dial-up Connections applet.
21. Decentralized management should be considered for IT whenever possible. By
assigning control to a member of a group, you can lessen the burden on the
centralized IT staff.
110 Tips for Passing the 70-220 Exam
2
http://www.CertificationCorner.com
22. Decision-making - can follow the organizational chart, or be completely dispersed
if the company practices empowerment.
23. Decision-making process - Does the Chief Technology Officer need to approve
all expenditures, or can they be signed-off on at a lower level?
24. Default gateways are traditionally the first valid IP address within a subnet (such
as 192.168.0.1). This need not always be the case, but traditionally is.
25. Delegated zones require all queries on the existing domain to go to one server for
resolution. In all cases, the delegated domain must be a sub-domain of the domain
performing the delegation.
26. Demand Dial Routing (also known as Dial on Demand: DoD) is used to send
packets across a dial up link between two routers that have Routing and Remote
Access Services installed. The connection can be made through a modem, ISDN
line, or direct (serial/parallel) connection.
27. Demand Dial Security allows the administrator to add features such as
authentication, encryption, callback, caller ID, etc.
28. Different risk models can be associated with different management models. One
of the most common management models is departmental, where each department
is geared around a function (sales, research, etc.) Other models include project-
based, and cost center-based.
29. DNS is integrated into Active Directory in Windows 2000 and AD handles the
zone replication.
30. During the design phase, it is important to ask such questions as: Who is in charge
of each department? Who manages user accounts (are central polices used)? Who
manages resource accounts? How is administration divided? Who must sign-off
on purchases and policies?
31. EAP (Extensible Authentication Protocol) has the client and the server negotiate
the protocol that will be used, in much the same way that networking protocols
are determined. Possible choices include one-time passwords, username/password
combinations, or access tokens.
32. EFS requires NTFS to be available.
33. Encrypting File System (EFS) encrypts data locally and requires a private key to
access the data.
110 Tips for Passing the 70-220 Exam
3
http://www.CertificationCorner.com
34. Factors that can influence company strategies include company priorities,
projected growth and strategy, relevant laws and regulations, the company's
tolerance for risk, and the total cost of operations.
35. Filters can be set for TCP, UDP, or IP protocol numbers, and can be universal (for
all adapters), or individual. The filter can accept, deny, or accept within specified
conditions (always respond using IPSec, use Perfect Forward Secrecy, etc.).
36. For an Enterprise CA, Active Directory must be there, while it is not required on a
Standalone CA.
37. For true security, the EFS keys should be stored on are removable media (such as
a floppy) and stored away from the computer.
38. Funding model - Funding can be crucial in implementing technologies. If the IT
department is run as a profit center, then departments they administer are charged
for services provided.
39. Group Policies can be assigned at any level: local, site, domain, or OU.
40. Hybrid administration has most of the functions performed at a central location,
but one or more key contact people are on site for handling lesser responsibilities.
41. IAS can be used to enforce (through policies) such issues as: RADIUS clients
allowed, Incoming phone numbers to accept, Type of media being used to
establish the connection, User membership in security groups, Time of allowed
access (day, hour, etc.)
42. IAS is used for centralized administration, and enforcement of access policies. It
works with PAP, CHAP, MS-CHAP, and EAP.
43. IAS is useful for centralized auditing, scaling systems for growing demand,
remote monitoring of usage, and working with a graphical interface through an
MMC snap-in.
44. Identifying the business model is necessary because similar businesses often have
similar needs and requirements.
45. If an EFS key is lots, the recovery agent administrator can open the data, save it as
text, and send it back to the user.
46. If you extrapolate, within each category, a CA can be a root or
intermediate/subordinate, meaning there are four possible roles: 1. Enterprise root
CA, 2. Stand-alone root CA, 3. Enterprise subordinate CA, 4. Stand-alone
subordinate CA
110 Tips for Passing the 70-220 Exam
4
http://www.CertificationCorner.com
47. In addition to Kerberos, IPSec also supports certificates, and the use of reusable
passwords (pre-shared keys).
48. In Windows 2000, the Routing and Remote Access Service (RRAS) is installed
automatically, though not activated.
49. Information flow - How information moves throughout the company. This
typically follows the organization chart, but can differ with geographic breaks
50. International model - By definition, international boundaries are crossed.
Importance must be paid to languages/translations, regulations, laws, time zones,
and representatives from all countries should be involved in IT decision-making
processes.
51. Internet Connection Sharing (ICS) is a service that allows you to provide
automated demand-dial capabilities on a small network, such as a home office.
This can be used for any number of processes, including: DNS Proxy, DHCP,
NAT
52. IPSec is used to negotiate the secure connection utilizing DES (Data Encryption
Standard/ 56-bit), and 3DES (Triple DES).
53. IPSec is used to secure packets between two hosts and cannot be used locally,
while EFS is used locally and does not encrypt data on a network.
54. It is important to analyze existing and planned organizational structures when
deciding business requirements. These categories can break down into the
following key areas: Management model, Company organization, Acquisition
plans.
55. Kerberos and IPSec protocols do not work with NAT.
56. Kerberos V5 Authentication is in place on Windows 2000 domains and can be
configured to interact with other MIT-based operating systems (allowing other
clients access to active directory resources).
57. Knowing the geographic scope can help define the infrastructure employed by the
IT department.
58. Management model - when analyzing, determine if you are dealing with a family-
owned, privately held business, or a public company with a CEO and Board of
Directors.
110 Tips for Passing the 70-220 Exam
5
http://www.CertificationCorner.com
59. Microsoft Certificate Server is installed through the Windows Components
section of the Add/Remove Programs utility.
60. Microsoft uses seven categories to group budgeted costs: Hardware and software
costs, Management costs, Development costs, Support costs, Communication
costs, End-user costs, and Downtime costs.
61. MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) requires
the client to be using a Microsoft operating system (version 2), or a small handful
of other compatible OSes (version 1).
62. NAT translates between two different networks, allowing you to have a private
scope internally and still communicate with the Internet.
63. NAT will not run on Windows 2000 Professional (requiring Windows 2000
Server or Windows 2000 Advanced Server), while ICS will run on all three
platforms.
64. NAT works by having at least two different IP addresses - the valid one for the
Internet, (it can even support more than one), and an internal one for the network
you are running.
65. National model - Of a grander scale than regional, you can still often overlook
many factors such as international regulations, but now must consider time zones,
local laws, and such.
66. No Callback is the default callback option per user. The other two options are: 1.
Set by Caller (Routing and Remote Access Service only), 2. Always Callback to
(wherein you must specify the number).
67. NTLM is the authentication protocol that can be used in mixed mode to
communicate with NT servers.
68. Of key importance during the creation of the Remote Access Dial-in Profile is the
Advanced tab, which allows you to add connection attributes to be used with
RADIUS (Remote Authentication Dial-In User Service).
69. Only one IPSec policy can be in use at a time. All policy settings can be made
using wizards. IPSECMON.EXE can be used to monitor and troubleshoot
operations.
70. Originally HOSTS files were used to translate all host names to IP addresses.
Static flat files, they had to exist and be updated, on every host connected to the
network. As this became impossible, DNS (Domain Name System/Service)
became the replacement.
110 Tips for Passing the 70-220 Exam
6
http://www.CertificationCorner.com
71. Outsourcing is often used because certain needs must be met that cannot be done
internally.
72. PAP (Password Authentication Protocol) uses a plain-text password
authentication method and should only be used if the clients you support cannot
handle encryption.
73. Projected growth and growth strategy - how is expansion accomplished
(acquisition, divestiture, franchises, and so on). Do you need to include plans for
growth, or will conditions be stagnant for a while? Are there seasonal variables?
Is there a documented goal for growth?
74. Regional model - When implementing technologies that are within companies
restricted to regional boundaries, you can often pay less attention to such things as
international translations than you would with different models.
75. Relevant laws and regulations - these are always subject to change, and must be
watched carefully. Is the company in a high-profile position to be greatly affected
by new legislation? Do they work with encryption? Are there local laws, or
international laws, that can affect the organization?
76. Remote Access Dial-in Profiles allow you to define: Dial-in Constraints, IP
Address Assignment Policy, Multilink (aggregation of multiple analog phone
lines through multiple modems for greater bandwidth), Authentication, and
Encryption (No Encryption, Basic or Strong).
77. Remote Access Dial-in Profiles can be configured and govern security in much
the same way group policies do.
78. RIS (Remote Installation Service) is used to install Windows 2000 on remote
machines.
79. Root CAs can issue certificates to other CAs (intermediaries), users, servers, or
other entities. Intermediate CAs can then only issue certificates to other CAs.
80. Service/Product lifecycles - the lifespan of the product. Services can have lengthy
or short lifespans and can encompass leases from DHCP, authentication from a
domain controller and so on.
81. SNMP (Simple Network Management Protocol) is used to monitor the network
via agents that report to a manager.
82. SPAP (Shiva Password Authentication Protocol) is a shade above PAP, and is
only there for backward-compatibility and is not favored for new installations.
110 Tips for Passing the 70-220 Exam
7
http://www.CertificationCorner.com
83. SSL (Secure Socket Layer) is used for secure communications between a web site
and a browser.
84. Stand-alone Certificate Authority (CA) servers can work with or without Active
Directory and are based upon Public Key Encryption (PKI).
85. Subsidiary model - By definition, subsidiaries are part of a larger company, but
function independently. When working with a subsidiary of a larger
conglomerate, make certain that approval for the solution generated will be
acceptable to the parent company if there is a complex relationship between the
two.
86. TCP/IP packet filters can be used to prevent types of packets from reaching your
network server. These are configured through the Advanced button on the TCP/IP
protocol properties.
87. Terminal Services can encrypt transmissions as Low, Medium, or High and
connections can be managed via Terminal Services user profiles.
88. The Certificate Revocation List (CRL) can either be published automatically or
manually through the snap-in.
89. The five possible geographic models are: Regional, National, International,
Subsidiary, and Branch Office.
90. The IP Security Policy Management MMC console is used to manage IPSec.
91. The key to the Regional Model is that all sites must be within a single, well-
defined geographic area.
92. The owner of a file or the recovery agent can decrypt a file that has been
encrypted with EFS.
93. The purpose of a digital signature is to guarantee that data is from the user it is
supposed to be from and it has not been altered. Signing uses encryption but adds
origin and authenticity as well.
94. The structure of IT management should weigh heavily in the analysis of business
requirements. Factors that help understand the management structure include
Administration type, Funding model, outsourcing, decision-making process, and
change management.
95. The three types of remote access permissions available to a user are: 1. Allow
access, 2. Deny access, and 3. Control access through Remote Access Policy.
110 Tips for Passing the 70-220 Exam
8
http://www.CertificationCorner.com
96. Total costs of operations - when computing, consider the value of the company's
data; of the IT staff's budget; of having server access 24 hours a day versus 8,
etc.? Where does the funding come from?
97. Vendor/partner/customer relationships - know the contact points and whether web
presence is offered on an Internet, intranet, and/or extranet basis.
98. Vendors can be external (the traditional model) or internal if each department acts
as a cost center.
99. When a user dials in, you can choose to verify caller-ID, assign a static IP address
to the connection, and/or apply static routes.
100.
When installed, ICS sets the IP address of the LAN interface to
192.168.0.1. It also installs AutoDHCP, DNS Proxy, and a WAN interface
(modem) for a demand-dial router to your ISP.
101.
When the EFS key is stored locally, then to the user it looks as if the data
is in normal form - but if someone without the proper key attempted to view the
date, it would appear scrambled and unusable.
102.
While outsourcing is a good way to solve short term issues, it can present
problems down the road when you cannot find the group who implemented a
solution because they have moved on, and the solution now has problems.
103.
Windows 2000 has two main encryption protocols that are used with the
Virtual Private Network: MPPE (Microsoft Point-to-Point Encryption) is used
with PPTP (Point-to-Point Tunneling Protocol), and IPSec (IP Security Protocol)
- an open protocol suite that relies on L2TP (Layer 2 Tunneling Protocol) for
encrypting user names, passwords, and data.
104.
With publicly held companies, operations and ownership become separate,
and can be driven by the need for profit and quick solutions versus long-term
planning.
105.
With RADIUS, all authentication requests heard by a server are sent to a
RADIUS server for approval/denial. RADIUS is an open standard.
106.
Within PKI, there are the following elements: Certificate authorities - who
issue and revoke certificates, Certificate publishers - who make what the CA has
issued available.
110 Tips for Passing the 70-220 Exam
9
http://www.CertificationCorner.com
107.
Within Windows 2000, CAs are divided into different roles: Enterprise
CA - requires Active Directory, and Stand-alone CA - works in the absence of
Active Directory (the only real reason to employ)
108.
You can remove the EFS recovery keys from the system through the
Group Policy Editor snap-in.
109.
You can right-click on the IP Security Policies folder for the popup menu
that contains the choice New IP Security Policy to create a new policy.
110.
You cannot combine encryption with compression in Windows 2000.
Choosing to encrypt a file (by clicking a checkbox on the properties attributes)
prevents you from compressing the file (also accomplished by a checkbox).
110 Tips for Passing the 70-220 Exam
10
http://www.CertificationCorner.com
Document Outline
|