6.2. Exam 70-291 Suggested Exercises Exam 70-291 expects you to know how to implement, manage, and maintain network infrastructure for Windows Server 2003. You'll need plenty of hands-on previous experience to pass the exam. You'll need to review the study guide closely and review closely any areas with which you are unfamiliar. This section provides a numbered list of exercises that you can follow to gain experience in the exam's subject areas. Performing the exercises will be useful for helping to ensure that you have hands-on experience with all areas of the exam. For this exam, I recommend setting up a three-computer test network with two servers running Windows Server 2003 and one workstation running Windows XP Professional. One of your servers should be configured as a domain controller with DNS. The other should be configured as your DHCP server and as your Routing and Remote Access Server (RRAS). The workstation will need to be used in several roles. You'll need to configure it to be a member of the domain when you test TCP/IP, DHCP, and DNS client configurations. When you test RRAS, you'll want to configure the workstation as a RRAS client. In addition to performing the exercises below, you should also have experience using each of the Windows Server 2003 administrative tools described in the Study Guide. 6.2.1. Installing and Configuring TCP/IP Configure a server so that it uses TCP/IP. If necessary, install TCP/IP. Specify a static IP address, subnet mask, default gateway, and other appropriate TCP/IP settings for use in a domain. Test the settings to ensure that the server can communicate on the network.
6.2.2. Installing DHCP Server Service Prior to installing the DHCP Server service, confirm that a server has a static IP address. Install the DHCP Server service on a server. Authorize the DHCP server in Active Directory. Configure the DHCP server so it can assign dynamic configurations to clients. Configure and activate a scope on the DHCP server.
6.2.3. Configuring Dynamic Addressing for Clients Configure a workstation so that it uses TCP/IP. If necessary, install TCP/IP. Configure the computer to use a dynamic IP address. Ensure the workstation's alternate configuration uses an Automatic Private IP address. Test the settings to ensure the server can communicate on the network.
6.2.4. Troubleshooting TCP/IP Addressing Disconnect a computer's network cable. Use the command line to diagnose the problem. Reconnect the computer's network cable. Configure invalid settings for TCP/IP. Use the command line to ping another computer on the network. Use netdiag to test the computer's configuration. Reconfigure the computer so it uses valid settings. Use netdiag to test the computer's configuration.
6.2.5. Authorizing DHCP Servers Open the DHCP console. Determine whether your DHCP server(s) is authorized.
6.2.6. Creating Scopes Using the DHCP console, create three normal scopes with private Class C IP addresses. Add the scopes to a superscope. Activate the superscope. Deactivate the superscope. Try to delete the superscope. Remove all three normal scopes from the superscope. Delete the superscope.
6.2.7. Configuring Scopes Using the DHCP console, create a normal scope with private Class C IP addresses. Exclude a range of IP addresses. Configure the TCP/IP options for DNS domain name, DNS servers, and router. Using the Scope Options node, modify the TCP/IP options for DNS domain name, DNS servers, and router.
6.2.8. Creating and Activating Multicast Scopes Open the DHCP console. Create a multicast scope and configure it so multicast traffic can pass through seven routers. Activate the multicast scope.
6.2.9. Using Dynamic DNS Updates with DHCP Using the DHCP console, ensure dynamic DNS updates are enabled on the DHCP server. Configure dynamic updates so the DHCP server can update both A and PTR records for Windows 2000 and later clients. Configure dynamic updates so the DHCP server can update both A and PTR records for Windows NT 4.0 clients.
6.2.10. Configuring DHCP Leases Using the DHCP console, create a normal scope with private Class B IP addresses. Activate the scope. Change the scope's lease duration to 30 days.
6.2.11. Creating Reservations Configure a workstation to use DHCP. Ensure the workstation connects to the DHCP server and obtains a valid lease. Use the client's lease entry to determine the MAC address of the workstation's network adapter. Use the command line to determine the MAC address of the workstation's network adapter. Create a reservation for the workstation. Using the command line, release the workstation's current lease and renew its TCP/IP settings so that it obtains the reserved IP address.
6.2.12. Setting the DHCP Database and Backup Paths Open the DHCP console. Configure the DHCP server to use an alternate DHCP database and backup path.
6.2.13. Manually Backing Up and Restoring the DHCP Database Open the DHCP console. Back up the DHCP database. Restore the DHCP database from backup.
6.2.14. Manually Compacting the DHCP Database Open a command prompt. Change the directory path to the directory containing the DHCP database. Type net stop dhcpserver. Type jetpack dhcp.mdb temp.mdb. Type net start dhcpserver.
6.2.15. Auditing DHCP Using the DHCP console, configure DHCP auditing to use an alternate logfile path. Enable auditing on your DHCP server. Examine the DHCP audit logs. Review the System event logs for DHCP-related events.
6.2.16. Configuring Primary and Alternate DNS Suffixes Using the System utility in Control Panel, determine a computer's name and domain. Determine the computer's primary DNS suffix. Ensure that the primary DNS suffix changes when domain membership changes. Check the Advanced TCP/IP Settings for DNS.
6.2.17. Configuring Advanced DNS Settings Ensure a computer has both a primary and an alternate DNS server configuration. Modify the computer's TCP/IP settings to use a connection-specific DNS suffix. Remove the connection-specific DNS suffix. Ensure that the computer's primary network adapter is configured to append the primary DNS suffix, and use the standard default options. Ensure that the computer is configured to use dynamic DNS updates.
6.2.18. Working with the Resolver Cache on DNS Clients Using the command line, examine the DNS resolver cache on a computer using ipconfig /displaydns. Clear a computer's resolver cache using ipconfig /flushdns. Force a computer to register its DNS records using ipconfig /registerdns.
6.2.19. Installing DNS Server Service Prior to installing the DNS Server service, confirm that a server has a static IP address. (Static IP addresses are not required for DNS servers, but are recommended.) Install the DNS Server service on a domain controller. Open the DNS Management console. Ensure the server responses on the appropriate interfaces and IP addresses. Configure event logging so only errors and warnings are tracked. Using standard monitoring testing, test the DNS server configuration.
6.2.20. Configuring DNS Zone Options Open the DNS Management console. Create a standard forward lookup zone for the domain or a child domain of the current domain. Create a standard reverse lookup zone for the domain or a child domain of the current domain. Modify the forward and reverse lookup zones so they are Active Directory-integrated. Configure replication so all DNS servers in the domain get updates. Configure the zones to use only secure dynamic updates.
6.2.21. Configuring Scavenging Options Using the DNS Management console, access the properties of a DNS zone. Enable aging of DNS records in the zone. Set the period after a timestamp that must elapse before a resource record can be refreshed to 10 days. Set the period after the no-refresh interval during which the timestamp can be refreshed to 14 days.
6.2.22. Configuring the Start Of Authority (SOA) Using the DNS Management console, access the properties of a DNS zone. Review the zone's SOA record. Increment the zone's serial number.
6.2.23. Configuring Name Servers for the Zone Using the DNS Management console, access the properties of a DNS zone. Review the name servers for the zone. Add name servers as necessary.
6.2.24. Configuring Zone Transfers Using the DNS Management console, access the properties of a DNS zone. Configure zone transfers for listed name servers only. Configure notification for listed name servers only.
6.2.25. Creating Records in a Zone View the records on a forward lookup zone. Create the A and PTR records for a host in the current domain. Create an alias for a host in the current domain.
6.2.26. Configuring and Managing DNS Forwarding Open the DNS Management console. Configure a forwarder for all other domains. Configure a forwarder for a specific domain.
6.2.27. Accessing the Security Tools Open a custom MMC. Add the Security Templates snap-in. Add the Security Configuration And Analysis snap-in.
6.2.28. Creating Security Templates Using the Security Templates snap-in, determine the currently available security templates. Create a copy of a hisecdc and hisecws templates. Review and modify the settings of your new templates.
6.2.29. Applying Security Template Settings and Analyzing Security Access the Security Configuration And Analysis snap-in. Open Database and create a database for your work. Import the hisecdc template. Compare the computer's current configuration to the hisecdc template. Import the hisecws template. Compare the computer's current configuration to the hisecws template.
6.2.30. Applying IP Security Access the IP Security Monitor and determine whether any IPSec policies are being applied to a computer. In Active Directory Group Policy, review the default IPSec policies. Assign and enforce the Server (Request Security) policy. Apply the new policy to the computer by typing gpupdate /refresh at a command prompt. Access the IP Security Monitor and determine the IPSec policy applied. Use the command line to determine the IPSec policy applied.
6.2.31. Monitoring and Troubleshooting Kerberos In Active Directory Group Policy, review Kerberos policy. Use the command line to determine whether Kerberos is working properly.
6.2.32. Implementing Routing And Remote Access Prepare the computer to use Routing And Remote Access Service by disabling the Windows Firewall/Internet Connection Sharing service. Enable and configure the Routing And Remote Access service for LAN and demand-dial routing as well as remote access. Add a routing interface for a network connection. Add a routing interface for a dial-up connection. Add a routing interface for a private-network to private-network VPN connection.
6.2.33. Managing Remote Access Security Configure the RRAS server to use Windows Authentication. Configure the RRAS server to use Windows Accounting. Set a preshared key for L2TP connections over IPSEC. Configure user authentication so EAP and MS-CHAP V2 only are allowed.
6.2.34. Managing IP Assignment Ensure that IP routing is enabled on the RRAS server. Configure RRAS to allow IP-based remote access and demand-dial connections. Configure RRAS so that IP assignment is handled by DHCP. Configure RRAS so that broadcast name resolution is not allowed.
6.2.35. Configuring DHCP Relay Agents Install the DHCP Relay Agent routing protocol. Configure the DHCP Relay Agent routing protocol. Enable the DHCP Relay Agent routing protocol. Verify the server bindings for the DHCP Server service.
6.2.36. Installing and Configuring RIP Install RIP as a new routing protocol. Specify the network interface or interfaces to be used with RIP. Configure RIP to log warnings and errors. Set the connection security to accept all incoming routes for a specific range. Set the connection security to accept all outgoing routes for a specific range. Configure the connection to use only broadcasts and multicasts.
6.2.37. Configuring OSPF Install OSPF as a new routing protocol. Specify the network interface or interfaces to be used with OSPF. Configure OSPF to log warnings and errors. Configure OSPF to accept all external routes except SNMP routes. Configure the connection to use NMBA as the network type. Configure neighbors for the router.
6.2.38. Configuring Routing Tables Create a static route using the Routing And Remote Access console. View the current routes using the Routing And Remote Access console. Create a static route using the route add command. View the current routes using the route print command.
6.2.39. Configuring Routing Ports Determine the routing ports available on a RRAS server. Configure the WAN Miniport for PPTP or L2TP to use at least 256 ports. Configure the WAN Miniport for PPTP or L2TP to accept remote access and demand-dial connections.
6.2.40. Configuring NAT and the Basic Firewall Install the NAT/Basic Firewall routing protocol. Specify the Network Interface to use. Configure the NAT/Basic Firewall routing protocol. Enable basic firewall and configure packet filtering.
6.2.41. Managing Remote Access Clients Check the status of RRAS clients. Disconnect an RRAS client. Send a message to all RRAS clients. Review remote access policies that might affect clients.
6.2.42. Configuring Internet Authentication Service (IAS) to Provide Authentication Install IAS on a designated server. Register the IAS server in Active Directory. Configure your RRAS servers as IAS clients. Configure your RRAS servers to use RADIUS. Review the dial-in properties of remote access client.
6.2.43. Monitoring Network Traffic Use Task Manager to monitor network traffic. In the Performance console, use the Network Interface performance object to monitor network traffic. Install the Network Monitor Tools. Use the Network Monitor to analyze network traffic.
6.2.44. Determining Service Dependency Determine which services the DNS Server service is dependent upon using the Service utility. Determine which services the DHCP Server service is dependent upon. Determine which services are dependent upon the Event Log service.
6.2.45. Configuring Services Determine the run-state of the Computer Browser service. Stop and restart the Computer Browser service. Configure the Computer Browser service to use manual startup. Stop the Computer Browser service. Configure the Computer Browser service to use manual startup. Configure the Computer Browser service to use automatic startup. Start the Computer Browser service.
|
