Apply Your Knowledge

You are a network consultant and have been hired by Fruity Flavor Beverage Distribution Group, Inc. You have been brought in to determine what protocols are running on the network that do not need to be running. What should be the first tool that you use to determine what network protocols are and are not required on the Fruity Flavor Beverage Distribution Group network?

You are the systems administrator for Bob's Boom Shack, a stereo retailer. You have recently completed a network capture using the Network Monitor. You did not set any capture filters before beginning the capture, and now you have more than 100,000 packets of capture data. You need to be able to quickly discard all packets except those related to AppleTalk. What can you do?

You are an assistant network technician for Joe's Jackhammer, Ltd. For some time now, you have been collecting reports about a general slowdown in network performance. You suspect that some of your legacy Windows 95 and Windows 98 workstation computers may be flooding the network with broadcast traffic. What tools could you use to determine how much broadcast traffic is being seen at specific Windows Server 2003 computers on the network? (Choose two.)

You are an assistant network technician for Joe's Jackhammer, Ltd. You have decided that you will use the Network Monitor to gather information about why one of the network's Windows Server 2003 computers seems to be responding slowly despite showing no memory or CPU problems. You suspect that the cause of the problem is a flood of broadcast traffic from some of the Windows 95 computers located on the same subnet as the Windows Server 2003 computer. From where do you need to perform the installation of the Network Monitor?

You are the systems administrator for Not Quite Evil Enough Enterprises, Inc. You have just completed a 30-minute Network Monitor capture on one of the network's Windows Server 2003 computers. During this time, you have accessed several Internet Web sites, performed file transfers, and pinged this server from another workstation. You are trying to monitor DNS and browser traffic to and from this server, but when you look at the capture log, you see nothing for these two protocols. What is the most likely reason for this problem?

You are the third-shift systems administrator for Bob's Bull Riding College. You have just completed the installation and configuration of a new Windows Server 2003 file server. What should you do on this new computer over the next day or so to provide troubleshooting guidance in the future should network traffic problems occur?

You are trying to monitor the performance statistics of your Windows Server 2003 computer's network interface. You have only one network interface installed on the computer. After you have selected the desired counters from the Network Interface object and returned to the System Monitor, you see no performance statistics displayed for the selected counters, even though you have been accessing Internet Web sites and transferring files across the network. What is the most likely cause of this problem?

You have recently completed the configuration of a baseline counter log that you will use to collect data about the performance of a new server you have just placed on the network. You configured a maximum log file size of 1MB. You let the counter log run for approximately six hours before stopping it. When you look at the data you have collected, you see only a fraction of this total time displayedthe last 45 minutes or so that you had the counter log catching data. What is the most likely reason for this problem?

You are configuring a counter log that is to run automatically each day and collect information about the performance of the network interface installed in your file server. Which of the following log numbering systems would most likely make the resulting counter logs easy to track back to the date and time they were created?

You are the systems administrator for Joe's Crab Shack, a regional restaurant chain. Your in-house development team is currently developing a new Point of Sale (POS) application that operates in a client-server arrangement. Because the application is still in development, the developers want to be informed every time one of the application's services stops. What can you do to ensure the developers are automatically informed of service failures?

You are the systems administrator for Widgets and Hammerstein, LLC. You have a 10-node Windows Server 2003 Web cluster that provides a Web-based application to your internal network. The Web-based application is a custom-developed application that sometimes causes the SNMP service on the servers to stop. In the past, this service has been very difficult to restart after a failure caused by this application. You need the SNMP Service running to facilitate status monitoring on your server. How can you configure the service to ensure it will be restarted after a failure occurs?

You are a network consultant hired by Claire's Clown Colleges, Inc. Claire, the owner, has asked you to help her systems administrators determine what, if any, servers on their network are transmitting usernames and passwords in clear text during FTP sessions. Which tool should you use to collect the information you need to provide Claire with her answer?

D. The first tool you would normally use to analyze the network for nonrequired, and usually troublesome, networking protocols is the Network Monitor. Recall that the version supplied in Windows Server 2003 can be used only to capture traffic sent to or from the computer on which it is running. The System Monitor, and any Counter Logs it might create, would not be useful in troubleshooting unneeded network services; thus Answers A and C are incorrect. The kerbtray.exe tool is useful for monitoring and troubleshooting Kerberos ticket issues; thus Answer B is incorrect. For more information, see the section "Using the Network Monitor."

C. In this case, the best option is to create a display filter that shows only AppleTalk-related protocols. You will not actually be losing any datajust filtering it out. You've already run the capture; thus there is no real reason to do it again. Therefore, Answer A is incorrect. Sorting will not eliminate any data; thus Answer B is incorrect. There is no need to use the Network Monitor included in SMS, as you have already performed the capture; thus Answer D is incorrect. For more information, see the section "Interpreting Captured Data."

B, C. You can use both the Network Monitor and the System Monitor to determine how much broadcast traffic a particular server is being subjected to. The Network Monitor also allows you to determine the source and contents of the broadcast traffic, which can be helpful when you're performing additional troubleshooting. The Application Log in the Event Viewer is not going to have any useful information about what you need to see; thus Answer A is incorrect. The pathping and nslookup tools won't help you determine how much traffic a server is receiving; thus Answers D and E are incorrect. For more information, see the sections "Using the Network Monitor" and "Using the System Monitor."

B. The scaled-down version of the Network Monitor that is included in Windows Server 2003 can be installed from the Windows Components Wizard under the Management and Monitoring option group; thus Answers A, C, and D are all incorrect. For more information, see the section "Installing Network Monitor."

B. The most likely reason that you are not seeing any DNS or browser traffic in the capture logs is that you inadvertently filtered (excluded) the logs from being captured through a capture filter. Capture filters capture only protocol types that are enabled; thus Answer A is incorrect. Conversely, a display filter can be used after a capture has been completed to display only specific protocols; thus Answer C is incorrect. The buffer may dump some traffic if it becomes full, but certainly not all of the traffic you're looking for in most cases; thus Answer D is incorrect. For more information, see the section "Interpreting Captured Data."

B. The best thing for you to do at this time would be to configure a counter log that collects information about the performance of the server over the next day or so to use as a baseline for future troubleshooting efforts. This baseline log should contain counters for any pertinent objects that you will likely want to monitor and troubleshoot later, including network, memory, and other objects. In addition, you should consider creating a document that lists all applications and services that are running on the server. This can be helpful later, when you are trying to determine what might be causing changes in performance over time. Removing any unneeded protocols is never a bad idea, but won't accomplish the goal stated here; thus Answer A is incorrect. Checking the event logs is also a good idea, but doesn't help for future troubleshooting; thus Answer C is incorrect. Configuring IPSec is not mentioned in the question and has no value in future troubleshooting efforts; thus Answer D is incorrect. For more information, see the section "Creating Baseline Counter Logs."

C. The most likely reason for this problem is that you have mistakenly selected the internal loopback interface instead of the actual network interface that the computer is using. By default, the loopback interface is selected if the name of the network interface starts with a letter after I. Although certainly possible, having the network interface disabled is not the most likely reason for this problem; thus Answer A is incorrect. Any network interface that is installed and operating properly in Windows can be monitored by the System Monitor; thus Answer B is incorrect. The problem statement indicates that you did in fact add counters and are seeing no activity on the counters; thus Answer D is incorrect. For more information, see the section "Monitoring Performance by Using the System Monitor."

C. Configuring the counter log file format as binary circular causes the log file to overwrite older information when it has reached its maximum allowed size; thus Answers A, B, and D are incorrect. For more information, see the section "Creating Baseline Counter Logs."

D. The yyyymmddhh log numbering format would provide the easiest method of determining the data and time each counter log was created. Using the nnnnnn format will produce logs that are sequentially numbered, but do not readily indicate the date and time they were created; thus Answer A is incorrect. Using the yyyymm format will only indicate the year and month the log was created; thus Answer B is incorrect. Using the mmddhhmm format is not a bad choice, but it does not indicate the year the log was created; thus Answer C is incorrect. For more information, see the section "Creating Baseline Counter Logs."

B. Because you need to provide the developers with notification each time a service fails, but you'd probably rather not manually inform them once you detect a service failure, your best course of action is to configure the services to run a program upon failure. As an example, many command-line SMTP mailers exist that can be called from a DOS batch (.bat) file that can send a notification to your Exchange server, and thus to your developers; thus Answers A, C, and D are incorrect.

C. Because the service is prone to failures caused by your Web-based application and the service is often difficult to restart after a failure, you should configure the service to restart the server upon a failure of the service; thus Answers A and B are incorrect. Because the servers are part of a 10-node Web cluster, they should be able to be safely restarted in the event of a failure of the service. Using a different logon account won't help if the service is running and then stopping due to another application; thus Answer D is incorrect. For more information, see the section "Configuring Service Properties."

B. You will need to use the Network Monitor, installed on each server, to collect network traffic. Once you have performed your captures (using no capture filters), you can configure display filters to include only TCP/IP and FTP traffic. The user names and passwords for the FTP sessions will be very easy to find after the filter is in place. The Application Log in the Event Viewer will not contain the information you need; thus Answer A is incorrect. The System Monitor and any counter logs it creates will not help you determine what you need to know; thus Answers C and D are incorrect. For more information, see the section "Using the Network Monitor."