This action might not be possible to undo. Are you sure you want to continue?
Preparing for MTA Certiﬁcation
M I C R O S O F T T E C H N O LO G Y A S S O C I AT E
Student Study Guide
IT Pro Edition
Windows Server Administration Fundamentals Networking Fundamentals Security Fundamentals
EXAM 98-366 EXAM 98-367
IT PRO EDITION
Preparing for MTA Certiﬁcation for Cert ca n Certiﬁcation
MICROSOFT TECHNOLOGY ASSOCIATE (MTA TECHNOLOGY ASSOCIATE (MTA) ECHNOLOGY C (MTA A) STUDENT STUDY GUIDE F UDY FOR IT PROS
98-365 98-366 98-367
Windows Server Administration Fundamentals Networking Fundamentals Security Fundamentals
This content is only for use by or provision to students for their personal use. Some examples depicted herein are provided for illustration only and are ﬁctitious. No real association or connection is intended or should be inferred. Microsoft and other trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US .aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. © 2010 Microsoft Corporation. All Rights Reserved. This content is provided “as-is” and Microsoft makes no warranties, express or implied.
. . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Understand Web services . . . . . . . . . . . . . . . . . . . . . .3 2. . . 17 Understand server virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 CHAPTER 2 Understanding Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . .1/1/2 Understand device drivers. . . . . . . . xi Value of Certiﬁcation . . . . . . . . . . . . . . . . viii Career Planning . . . . . . . . . . . . . . . . . xiii 98-365 CHAPTER 1 WINDOWS SERVER ADMINISTRATION FUNDAMENTALS Understanding Server Installation . . . . . . . . . . . . . . . . . . . . . .3 Understand server installation options . .1 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. . . . . . . . . 15 Understand ﬁle and print services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Identify application servers. . . . . . . . . . . . Understand services . ix Exploring Job Roles . . . . . . . . . . . . . . . . 9 2. . . . . . .2 2. . . . . . 19 . 13 Understand remote access .
. . . . . . . . . . . . . . . . . . . .3 Identify major server hardware components. . . . .1/4. . . . . . . . . . . .1 Understand the concepts of the internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3. . . . . . . . . .3 Identify storage technologies. . . . . . . . . . .2 Understand organizational units (OUs) and containers . . . . . . . . . . .4 Understand accounts and groups . . .4 Identify steps in the startup process . . . . . . . . . . . . . . . . . . . . . . . . 23 Understand Active Directory infrastructure . . . . . . and extranet. . . . .2 4. . . . . . 35 CHAPTER 5 Understanding Server Performance Management . . .1 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 6. . . 31 4. . . . . . . . . . . . . . . . . . . . . 41 Understand logs and alerts . . . . . . . . . . . . . . . . 57 1. . . . . . . . . . . . . . . . . . . .1 6. . . . . . . 37 5. . . . . . . . . . . . . . . . . . . . . . . 51 Understand troubleshooting methodology. . . . 33 Understand disk types. . 27 Understand group policy . . . . . . . . . . . . 21 3. . . . . . . . . . . . . . 43 CHAPTER 6 Understanding Server Maintenance . . . .2 6. . . . . . . . . . . . . . . . . . . . 49 Understand updates . . . 53 NETWORKING FUNDAMENTALS 98-366 CHAPTER 1 Understanding Networking Infrastructures .3 3. . . . . . . . . 39 Understand performance monitoring . . . . . 25 CHAPTER 4 Understanding Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understand RAID . . . . . . . . . . . . . .1 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 5. . 47 Understand business continuity .CHAPTER 3 Understanding Active Directory . . . . . . . . . . . . . . . . . . . . 59 iv Contents . . . . . . . .3 6. . . . . . intranet. . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 CHAPTER 2 Understand wireless networking . . . . . . . . . . . . . . . . . . . 77 Understand routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 1. . . . . . . 97 Understand networking services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 3. . . . . . . . . . .4 3. . 87 3. . .3B Understand switches . . 71 Understanding Network Hardware . . . . . . . . . . . . . . . . . .2A Understand local area networks (LANs) . . . . . . . . . . . . . . . . . . . .3A Understand IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3B Understand wide area networks (WANs) . . . . . . . .1A Understand switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 1. . . 79 Understand media types . . . . . . . . . . . . . . . . . . .3B Understand IPv6 . . . . . .1A Understand the OSI model . . . . . . . 91 3. . . . . . . . . . . . . .1B 2. . . . . . . . . . . . . . . . . . . . . . . . . 61 1. . . . . . . . . . . . . . . . . . . . . . . .3A Understand wide area networks (WANs) . 99 Understand TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 1. . . .2B Understand local area networks (LANs) . . . .5 3. . .2 Understand IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Contents v . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 2. . . . . . 67 1. . . . . . . . . 75 2. . . . . . . . . . . . . . . . . . . . 73 2. . . . . . . . . . . . 69 Understand network topologies and access methods . . . . . . . . .3A Understand media types . . . . . . . . . . . . .1B Understand the OSI model. . . . . . . 85 3. . . . . . .2 2. . . . . . . . . . . . . . . . . .1. . .6 Understand names resolution . . . . . . 93 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 CHAPTER 3 Understanding Protocols and Services . . . . . . . 89 3. . . . . . . . . .
. . . . . . . . . . 139 3. . . . . . . . . .98-367 CHAPTER 1 SECURITY FUNDAMENTALS Understanding Security Layers . . . . . . . . . . .3 1. . . . . . . . . . . . 135 Understand Network Access Protection (NAP). . . . . . . . . . . . . . . 105 1. . . . . . . . . . . . . . . 119 Understand permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 CHAPTER 2 Understanding Operating System Security . . . . . . . . 123 Understand audit policies . . . . . . . . . . . . .2 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 CHAPTER 3 Understanding Network Security . . . . . . 117 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3B Understand Network Isolation . . . . . . . . . . . .2 2. . . . 115 2. . . . . . . 143 vi Contents . . . . . . . . . . . . . . . . . . . . . . . . 137 3. . . . . . . . . . . . . . . . . . 141 3. . . . . . . . . .1 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Understand encryption . . . . . . . . . . . . . 111 Understand wireless security . . . . . . . . . 125 Understand encryption . . . . .6 Understand user authentication .4 Understand core security principles . . . . . . . . . . . . . . 107 Understand physical security .3 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Understand protocol security . . . . . .2 Understand dedicated ﬁrewalls . . . . . . . . 133 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . .5A 2. . .1B 2. . . . . . . . . . . . . . . . . . . . .4 2. . . . . . . . . . .3A Understand Network Isolation . . . . . . . . . . . . . . .5B 2.1 1. . . . . . . . . . . . . . 109 Understand Internet security . . . . . . . . . . 121 Understand password policies . . . . . . . . . . . .1A Understand user authentication . . . . . . . . . . . . . . . . . 129 Understand malware . .
. . . . . . . . . 147 Understand email protection. .3 Understand client protection . . . . . . 151 Contents vii . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .CHAPTER 4 Understanding Security Software . . . . . . . . .1 4. . . . . . .145 4. . . . . . . . . . . . . . 149 Understand server protection . . . . . . . . . .2 4. . . . . . . . . . . . . . . . . . . . . . . . . .
Although successful completion of the study guide exercises does not guarantee that you will pass your MTA exam. I wish you all the best as you prepare for a successful career in technology! Victoria Pohto Victoria Pohto MTA Product Marketing Manager viii Introduction . MTA shows your commitment to technology while connecting you with a community of more than ﬁve million Microsoft Certiﬁed Professionals. It can also help you compete on college admissions and jumpstart your IT career planning! Empower yourself As the ﬁrst step toward becoming an MCTS. Explore IT career options without committing a lot of time and resources MTA exams validate the core technology knowledge that is in demand today by businesses around the world. MTA gets you started on the right path. or database analyst. this new. software engineer. discover and pursue successful careers in Information Technology (IT) in an exciting and rewarding way! As the ﬁrst step in the Microsoft Technology Certiﬁcation Series. it is an excellent way to gauge your readiness to take the exam and build conﬁdence that you know your stuff on exam day. credibility. Prepare to compete A little investment in IT can go a long way in today’s job market. web developer. Students are challenged with real-life situations for each of the major topics covered in the exam. Learn from them and show them what you know by becoming MTA certiﬁed! This MTA Student Study Guide serves as a study tool to help students prepare for their MTA certiﬁcation exam. Whether you want to explore becoming a network administrator. entry-level certiﬁcation provides students with conﬁdence.Introduction M TA validates building-block technology concepts and helps students explore. Becoming MTA certiﬁed helps you build a solid foundation to prepare for intermediate technology studies and for Microsoft Certiﬁed Technology Specialist (MCTS) certiﬁcations. and differentiation.
Moreover. When you ﬁnd a path that is right for you. be sure that you are equipped with an MCTS credential—the intermediate level certiﬁcation that validates Microsoft product and technology skills. MTA preparation and certiﬁcation is the recommended entry point. providing aspiring technologists with the fundamental knowledge essential to succeed with continued studies and a successful career with technology. often referred to as “The Microsoft Stack.” meaning that employers recognize you as “job ready.Career Planning M ost IT solutions or infrastructure built on Microsoft technologies require proﬁciency with one or all of the following products. Microsoft learning products and certiﬁcation can help you prepare and guide your longer-term career planning. MTA is not a “career certiﬁcation. Becoming MTA certiﬁed shows that you have a ﬁrm working Career Planning ix . Microsoft certiﬁcations demonstrate an individual’s commitment of selfinvestment and conﬁdence to take his or her knowledge and skills to the next level with an industry-recognized credential. MTA is the starting point of Microsoft technology certiﬁcations. MCTS.” • Microsoft Windows® Server® as the data center or development platform • Microsoft SQL Server® as the data and business intelligence (BI) platform • Microsoft Visual Studio® as the suite of application life-cycle management tools knowledge of the fundamental IT concepts critical for success with intermediate learning and certiﬁcations such as Microsoft Certiﬁed Technology Specialist (MCTS). If you already know that you want to start building a career in technology. The MTA Certiﬁcation path on the next page shows you the MTA exams that are recommended prior to taking on some of Microsoft’s intermediate technology certiﬁcation. Preparing for and becoming MTA certiﬁed helps you explore a variety of career paths in technology without investing a lot of time and money in a specialized career path. As you prepare for your ﬁrst job focusing on technology.” but it is the ﬁrst step toward that career goal and can help differentiate you for an internship or to college admissions committees.
x Career Planning .
and you have an in-depth understanding of network protocols.Exploring Job Roles C hoosing a career path is a big decision and it’s not always easy. To chart your career with Microsoft technology. virus. and hardware support issues. Exploring Job Roles xi . Server Administrator As a server administrator. you are in charge of important databases that span multiple platforms and environments. The site also connects you with learning resources. You are an expert in Active Directory®. and highavailability solutions.microsoft. You’ll typically ﬁnd this position in small to medium-sized organizations. maintaining. and much more to help you prepare for a career in technology. data distribution. You use extensive monitoring and proﬁling tools to manage the network and tune systems so they perform at optimal levels. Database Administrator As a database administrator. but you’re not alone! Microsoft created a career site to help students understand the options and possibilities of pursuing a career in IT.com/learning/career/en/us/ career-org-charts. student techie communities. you are in charge of implementing and managing some of the most important technology in your organization—the servers. You don’t need any formal work experience. and ﬁle and directory security. and troubleshoot operating systems in a home network environment that has desktop computers. malicious software. and printers. but also in designing archival. highly scalable databases that meet business needs and security requirements. you’ll also handle network. Computer Support Technician Consider starting your IT career by becoming a consumer support technician. You build complex. laptops. As a consumer support technician. and troubleshooting databases. visit www. administer. but a company might require that you know how to install. You are a strong team player who thrives in a fast-paced environment. You are an expert in optimizing.aspx.
and ﬁnd efﬁcient clientserver solutions. and n-tier applications. and deploy Windowsbased applications that run on both corporate servers and desktop computers.Exploring Job Roles Web Developer As a web developer. test. applications. and security principles. and knowing how to work with object-oriented programming. As a web developer. you are an expert in using the dynamic programming tools and languages that fuel the web. develop. algorithms. Your key talents include understanding multiple Windows application models xii Exploring Job Roles .microsoft.microsoft. Competitions include Software Design. Game Design. and multithreading. which means developing web applications and testing them on various browsers. and change the world.com/beginner http://msdn. Embedded Development. issues. But you also know how to use Microsoft Visual Studio® and the Microsoft . You must have an in-depth understanding of the software development life cycle and be able to communicate project status.com/rampup Imagine Cup The Imagine Cup is the world’s premier student technology competition where students from around the world can learn new skills.NET framework to design. and services for both internal and public sites.com Windows Developer As a Windows client developer. design data-driven applications. you might also architect websites. software life cycles. You might work independently or be part of a team that builds and integrates interactive web sites. The brightest young minds harness the power of technology to take on the world’s toughest problems. and resolutions. enhancing and modifying them as necessary to ensure the best experience for the user. knowing how to optimize Windows code and track bugs is a given. data structures.imaginecup. Your role is to make it work. make new friends. Windows developers have an in-depth understanding of software engineering principles. Additional Online Resources for New Developers: http://msdn. Digital Media and Windows Phone 7. www.
Value of Certiﬁcation
echnology plays a role in virtually everything we do. In the 20-plus years since Microsoft has been certifying people on its products and technologies, millions of people have gained the knowledge, expertise, and credentials to enhance their careers, optimize business solutions, and create innovation within just about every business and social sector imaginable. Today’s Information Technology (IT) hiring managers are more often using professional credentials, such as Microsoft certiﬁcation, to identify properly skilled IT candidates. Certiﬁcation becomes a way to easily differentiate qualiﬁed candidates in a sea of resumes. The job outlook for IT professionals, as reported in a study prepared by the U.S. Department of Labor’s Bureau of Labor Statistics (BLS), is positive! The BLS indicates an increase that will be “faster than the average for all occupations through 2014” for Computer Support Specialists, Systems Engineers, Database Administrators, and Computer Software Engineers. One signiﬁcant message resulting from this study is that information and communications
technology (ICT) skills are the entry ticket to the job market, regardless of the country, industry, or job function. Information Technology is clearly an area worth investing time, resources, and education in – and technology certiﬁcation is a key part of the education process, validating product and technology expertise as a result of their learning experiences. Microsoft IT Certiﬁcations provide objective validation of the ability to perform critical IT functions successfully for worldwide IT professionals, developers, and information workers. Microsoft certiﬁcations represent a rich and varied spectrum of knowledge, job roles, and responsibilities. Further, earning a speciﬁc certiﬁcation provides objective validation of the candidate’s ability to perform critical IT functions successfully. Embraced by industry professionals worldwide, Microsoft certiﬁcation remains one of the most effective ways to help reach long-term career goals.
Value of Cer tification
WINDOWS SERVER ADMINISTRATION FUNDAMENTALS
1/1.2 Understand device drivers.3 Understand server installation options .1 Understanding Server Installation IN THI S C HAP TE R ■ ■ 1. Understand services 1.
and he realizes that he’ll be in big trouble if he doesn’t secure the web server by forgetting to turn on the ﬁrewall service. Maurice installed an incompatible or corrupted video driver c. write a batch program to start the service as a scheduled task c. the video adapter is not properly seated on the system board a. He knows this won’t be acceptable.msc b. configure the service to restart after first failure Understand device drivers. Maurice can start it manually after he logs in. What could be a possible reason for Maurice’s video problems? a. Understand services SCENARIO: Maurice Taylor is the network administrator for Fabrikam. Maurice also is having an issue with the ﬁrewall service on his Windows® Server® 2008 R2 Web server. Disk Management c. After applying several system and driver updates. Maurice installed the wrong video driver b. the video has degraded to standard VGA 640x800 and performance has really stunk. configure a delayed startup for the web service through the services. The service fails to start when the system starts. however. 1. The display worked initially when he ﬁrst set up the system. Event Viewer b. Device Manager 2. What can Maurice do with the web service to ensure that it will start after the other system services finish their startup? a.OBJECTIVE U N D E R S TA N D I N G S E RV E R I N S TA L L AT I O N 1 . 3. Inc. A workstation that he plans to image and roll out to production is having issues with the video display. Where should Maurice check to verify if he has a proper driver installed? Performance suffers if a service is failing to start. Understand ser vices 5 . 1 / 1 . 2 Understand device drivers. Maurice does not want to manually start that service every time maintenance on the web server is required.
Maurice should investigate what possible services would be causing these issues.microsoft.aspx • http://technet.microsoft.mspx • http://technet. Maurice installed an incompatible or corrupted video driver 2.10). Maurice can open services. • A service is a long-running executable that performs specific functions and that is designed not to require user intervention.com/en-us/library/cc732482. FAST TR ACK HELP • http://www. Driver problems can be found in the: c.Answers 1. The interim solution to the web service is: a. Device Manager 3.com/whdc/driver/install/drvsign/default. Essential details • A device driver is a software component that permits an operating system to communicate with a device.microsoft. Maurice’s video problem occurred because: b.msc.aspx _______ /3 6 CHAPTER 1: Understanding Ser ver Installation .msc and configure the service for a delayed start for the startup type. This will allow the remaining services to finish starting. configure a delayed startup for the web service through the services.com/en-us/library/dd919230(WS.
and he doesn’t want to do that because he has plans to go to a concert with some friends. Pat is aware that if he sets up each one individually.OBJECTIVE U N D E R S TA N D I N G S E RV E R I N S TA L L AT I O N 1 . What can Pat do to make sure he can make it to the concert this weekend? a. Pat would like to automate these installations with as little human interaction as possible. a system imaging software that takes a “snapshot” of an existing. Pat knows the company uses Windows Deployment Services whenever a new workstation or server is rolled out. 3. he will be at work through the weekend. a personal image enhancement service c. setup and configuration of a server and a workstation and use those two copies to image the remaining systems using Windows Deployment Services and ImageX c. What is ImageX? a. have a robot do the installations b. 1. which requires as little human interaction as possible? a. configured server or workstation and creates an “imaged” or “cloned” version of that system and saves it to a file Answer ﬁles have a variety of features that can be used through Windows Deployment Services to create a custom installation DVD. start his installations manually and hope they finish in time b. 3 Understand server installation options SCENARIO: On Thursday. sell his tickets to his buddy—it’s not going to happen 2. a picture editing utility b. use Windows System Image Manager to create an answer file that will automatically provide the answers to the setup questions throughout installation as well as configure and install any necessary software during the installation c. Pat was tasked with setting up 10 servers and 20 workstations per speciﬁcation. create a DVD that will contain all of the necessary software that will be installed on the servers and workstations Understand ser ver installation options 7 . What can Pat use to solve the last part of his problem. create one completed installation.
Creating the two images or clones will allow Pat to duplicate those installations by “pushing” those files (images) onto the hard drives of the remaining systems. Essential details • An unattended installation is a process of automating operating system installations by providing the setup/install file with a configuration file or “answer file” to perform and answer normal install tasks and questions.com/en-us/library/cc749317(WS.aspx • http://technet. configured server or workstation and creates an “imaged” or “cloned” version of that system and saves it to a file. uses Windows System Image Manager to create an answer file that will automatically provide the answers to the setup questions throughout installation as well as configure and install any necessary software during the installation. • An answer file is an XML-based file that contains setting definitions and values to use o during Windows Setup. Pat can complete the installs if he: b. ImageX can be copied to a bootable CD/DVD/USB and used to create image files of an existing system for duplicating or backup purposes. FAST TR ACK HELP _______ /3 • http://technet.10).aspx • http://technet. the location of the Windows image to install. setup and configuration of a server and a workstation and use those two copies to image the remaining systems using Windows Deployment Services and ImageX. and the product uct t key to apply.aspx 8 CHAPTER 1: Understanding Ser ver Installation . 2.com/en-us/library/cc785644(WS. creates one completed installation. Pat can eliminate interactions during the installs if he: b.microsoft.10). In an answer file.com/en-us/library/cc771670(WS.microsoft. ImageX is: c. a system imaging software that takes a “snapshot” of an existing. including ding how to partition disks.microsoft. you specify various setup options.Answers 1. 3.10).
2 Understand Web services 2.5 Understand server virtualization .4 Understand ﬁle and print services 2.2 Understanding Server Roles IN THI S C HAP TE R ■ ■ ■ ■ ■ 2.1 Identify application servers 2.3 Understand remote access 2.
include Microsoft Exchange Server 2010 c. Ltd. Intranet collaboration server? updating b. create a Microsoft Word document and send a link to it throughout the company and call it their messaging board a. implement SharePoint® Portal Server 2010 which uses Microsoft SQL as an option to support dynamic 3. Contoso. Identif y application ser vers 11 .OBJECTIVE U N D E R S TA N D I N G S E R V E R R O L E S 2 . The collaboration server should support dynamic updating from the employees of Contoso. 1 Identify application servers SCENARIO: Cari is a systems administrator for Contoso. She needs to develop a systems design so her company can use an email messaging system that allows for message and calendar collaboration. Company ofﬁcers would like to have the intranet monitored and protected with a threat management solution. recommend Microsoft’s Threat Management Gateway. Ltd. Her company also wants a collaboration server for their intranet. What can meet the needs of the Contoso. 1. use a third party email provider and a custom developed calendaring program b. Ltd. not recommend any solution because of the potential loss of production with an email messaging system 2. have all employees sign an internet usage contract and document the sites they visit and promise not to install any malicious software onto their systems b. uses Microsoft® Ofﬁce 2010 as their mainline ofﬁce production suite. What would be Cari’s best solution for their messaging system? a. only allow internet access from one computer that employees can sign up to use in 30-minute 0 i increments Providing integrated solutions that will also integrate with existing applications provides fewer potential compatibility issues. What would be the best fit to meet the company’s needs so that they can manage their employees’ internet access through Active Directory? a. solicit bids from various web development firms to meet their intranet needs c. Ltd. which provides integration with h Microsoft Forefront® antivirus and can grant or deny various types of internet behavior or either by user name or group c.
• SharePoint provides a turnkey solution that will integrate with the existing core production suite as well as a communications server.aspx _______ /3 12 CHAPTER 2: Understanding Server Roles . 2. implementing SharePoint Portal Server 2010 which uses Microsoft SQL as an option to support dynamic updating 3.microsoft.com/forefront/threat-management-gateway/en /us/overview. Data will be stored with the inherent SQL application incorporated. FAST TR ACK HELP • http://www.Answers 1.microsoft.com/en-us/Pages/default.microsoft. Existing core production suite with reduced learning curves for their employees. Microsoft Exchange will integrate with the Contoso.microsoft. and information about all of the objects that are stored within your forest.com/en-us/sharepoint-server-help /CH010030543. include Microsoft Exchange Server 2010. which provides integration with Microsoft Forefront antivirus and can grant or deny various types of internet behavior either by user name or group Essential details • Active Directory® is the central location for configuration information.aspx • http://www. The collaboration server needs can be met by: a. authentication requests.com/exchange/2010/en/us/default.aspx • http://sharepoint.aspx • http://office. The best fit to meet the company’s needs so they can manage their employee’s internet access through Active Directory is: b. Ltd. Microsoft’s Threat Management Gateway. The best solution for their messaging system is to: b.
a. FTP is File Tuning Package. Alicia responds that two of her three servers require perimeter access: First. They want to know which servers will have access from beyond the perimeter security appliance so that they can accommodate the incoming and outgoing trafﬁc. FTP is a proprietary file protocol that only allows the transmission of encrypted files to and from remote df systems and uses port 20. 2 Understand Web services SCENARIO: Alicia is a server administrator for Tailspin Toys. application-level protocol widely Understand Web ser vices 13 . c. which is running SharePoint. It communicates on ports 20 and 21 b. will need SSL access for the remote toy salespeople. SSL b. 443 c. What security You can assume you are using SSL if your web address starts with https://. FTP is File Transport Protocol. where online customers can buy their toys from the comfort of their own homes. such as the internet. What will her response be? a. 445 b.OBJECTIVE U N D E R S TA N D I N G S E R V E R R O L E S 2 . What does is FTP and what port(s) does it communicate on? used for copying files to and from remote computer systems on a network using TCP/IP. Their web developers also request FTP access to the web server so that they can upload and download updated content. which tunes the file packages and communicates on port 3399. 80 protocol encrypts web traffic? a. 3. Central Intelligence Agency. Her second server is the company’s web server. a fast. the intranet server. Secure Socket Layer. PPTP c. Customer transactions must be secured in some fashion. Security personnel have contacted her to provide them with security information regarding her web exposed servers. Point to Point Tunneling Protocol. The security people have asked for the ports Alicia wants available for the intranet server running Microsoft SharePoint. Alicia wants all transactions to the storefront on their web server to be encrypted. CIA 2. which is typical when performing any online transactions or authentications. 1.
File Transport Protocol.com/en-us/Pages/default.AnAnswers 1.microsoft. 443 2. the IP address with which it is associated. as well as encryptions during a communications session. Secure Socket Layer. SSL 3.aspx _______ /3 14 CHAPTER 2: Understanding Server Roles . Essential details • A port is an application-specific communications endpoint used by Transport Layer protocols of the Internet Protocol Suite. It is a fast. The security protocol that encrypts web traffic is: a.iis. server. A specific port is identified by its number. FTP is: a. such as the internet. • SSL supports authentication of client. application-level protocol widely used for copying files to and from remote computer systems on a network using TCP/IP. It communicates on ports 20 and 21.net • http://sharepoint. commonly known as the port number. and the protocol used for communication. or both. FAST TR ACK HELP • http://www. The port Alicia needs open for SharePoint is: b.
What is the most cost-effective and efficient method to provide remote support for their sales force? while they are logged on and simultaneously troubleshoot or monitor their activities. By default. Remote Assistance is already a feature of Windows 7 at no additional cost. which will enable Craig to remote into their systems 2. to be able to have access to their enterprise resource management application so that they can update their sales numbers regardless of where they are located.OBJECTIVE U N D E R S TA N D I N G S E R V E R R O L E S 2 . have their sales people email all sales data three times a day to the corporate Remote Desktop Services is an inherent application in Microsoft Windows Server 2008 R2 and the Remote Desktop Client is an inherent service on Microsoft R2 Windows 7 Professional. make sure all salespeople have their own mobile phones so that Craig can provide phone support for the salespeople c. a. enable Remote Assistance for all of the salespeople. Fourth Coffee provides coffee and coffee-making products throughout the United States. 443 b. This access needs to be secured. 1. install a third-party remote server on top of Windows Server 2008 with additional licensing a. 445 c. 3. 3 Understand remote access SCENARIO: Craig works for Fourth Coffee as their network administrator. b. What can Craig do to provide secure access to Fourth Coffee’s enterprise software? headquarters where the data can be input b. enable and configure Remote Desktop Services for Microsoft Windows Server 2008 R2 through Virtual Private Network (VPN) tunnel and push the enterprise software as a Remote Application c. 3389 Understand remote access 15 . Fourth Coffee’s server infrastructure is predominantly Microsoft Server® 2008 R2 and their salespeople use Microsoft Windows® 7 Professional on their laptops. This would require Craig to retrieve all remote laptops for installation and training purposes. Fourth Coffee wants their salespeople. what communication port does Remote Desktop Protocol communicate on? a. Craig also needs to provide remote support for their sales force. purchase a third-party remote support software license for each laptop. who manage their own regions of the country.
mspx • http://technet. enable Remote Assistance for all of the salespeople.com/systemcenter/appv/default. Remote desktop is available on Windows 7 and Server 2008 R2 by enabling it through Advanced System Settings.microsoft. To provide secure access Craig can: b.aspx 16 CHAPTER 2: Understanding Server Roles . It allows a user to remote into a system when enabled and take control. By default. _______ /3 FAST TR ACK HELP • http://www. which will enable Craig to remote into their systems while they are logged on and simultaneously troubleshoot or monitor their activities 2. Remote Desktop Protocol communicates on port: c. • Right-click Computer->Properties • Select Remote Settings on the left • Click the radio button to Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication as shown here: • Remote Assistance is a technology in Windows that enables Windows users to help elp each other over the internet.com/en-us/windowsserver/ee236407. 3389 Essential details • Remote Desktop is used for administration. enable and configure Remote Desktop Services for Microsoft Windows Server 2008 R2 through Virtual Private Network (VPN) tunnel and push the enterprise software as a Remote Application 3.microsoft. The most cost-effective and efficient method is to: a.Answers 1.
and manage print queues The Print Management console is a single landing zone for all print management needs. Yes. Kern must secure both the shares and folders using the appropriate rights and permissions. 4 Understand ﬁle and print services SCENARIO: Kern Sutton is the regional systems administrator for Wingtip Toys. Yes. What Role(s) are required for Kern to accomplish his task? a. update drivers. deploy printers and print servers. Microsoft File and Printer sharing b. What tasks can be accomplished through the Print Management console? b. File Services for MacIntosh 2. through a separate download from Microsoft a. the Role will be added automatically c. They also want Kern to conﬁgure the new server to support print sharing as well. Is there an alternate method to install the File Services Role? a. 3. The company has asked Kern to upgrade their existing ﬁle server to Microsoft Windows Server 2008 R2. manage print queues only c. remove a printer from a user’s desktop Understand file and print ser vices 17 . No. the role must be installed through the Add Roles Wizard b.OBJECTIVE U N D E R S TA N D I N G S E R V E R R O L E S 2 . manage printers. Kern eagerly accepts the challenge as he is excited to work with the new operating system. File Services Role and Print and Document Services Role c. when Kern initially shares a folder. Kern discovers that this isn’t an old-time Windows Server! 1.
Adding the Role through the Add Role Wizard is a preferred method of installation 3.10). FAST TR ACK HELP • http://technet. • NTFS rights apply to a folder or file regardless of how it is being accessed. update drivers. • The effective right of a resource being accessed over the network is based on the most restrictive permission or right that is applied.microsoft. There is an alternate method: b. manage printers. deploy printers and print servers. The tasks that can be accomplished include: a.microsoft. 2. The print server can be any station on the network. Microsoft File and Printer service has now been split into separate roles.Answers 1.com/en-us/library/cc770906(WS. and manage print queues Essential details • A print server is a workstation that is dedicated to managing printers on a network. the Role will be added automatically. yes.aspx _______ /3 18 CHAPTER 2: Understanding Server Roles .aspx • http://technet. Share permissions apply to the resource when it is being accessed over the network. Required Roles include: b.com/en-us/library/dd759058. when Kern initially shares a folder. File Services Role and Print and Document Services Role.
no additional benefits will be realized by using server virtualization b. soon-to-be legacy employer 2. only upgrade the hardware the applications are running on and install the legacy operating system b. What are the additional benefits that Northwind Traders will realize when they implement virtual technologies? a. What appears to be Molly’s best solution for the legacy applications? a. can’t help simplify her situation—it will only complicate her procedures c. How can virtualization help simplify Molly’s disaster recovery needs? a. can help simplify her procedures—there isn’t a need for disaster recovery when utilizing virtualization technologies because they perform virtual backups 3. Molly is considering virtualization to address these various needs. Costs are added if the user requires additional management features.OBJECTIVE U N D E R S TA N D I N G S E R V E R R O L E S 2 . Northwind Traders. which would ensure her legacy at this current. has more than 50 servers that are due to be upgraded. Molly also has a desire to simplify her backup and disaster recovery procedures. they will not benefit from server virtualization but rather lose out as the costs of virtualization are dramatically underestimated c. Understand ser ver vir tualization 19 . Molly must determine the most cost-effective method of upgrading these servers. keep the legacy systems running on their legacy operating systems on the legacy hardware. Northwind Traders has several older applications that are part of the problem because they are only supported on the existing legacy operating systems. 5 Understand server virtualization SCENARIO: Molly Dempsey’s company. allows for application portability and flexibility across hardware platforms b. 1. virtualize the legacy systems by performing a physical to virtual migration and run these systems on a host Microsoft Hyper-V solution c. they will be able to consolidate their servers and reduce the number of physical computers they will have to support Most entry-level server virtualization platforms are free to the end user. She has several options that she must consider to make her decision.
aspx 20 CHAPTER 2: Understanding Server Roles .com/en-us/library/cc816638(WS. The virtual system is not dependent on the hardware platform it is running on. Essential details • Server virtualization is the ability to run a full operating system on a platform so that the operating system performs as though it were a real system. • Physical to virtual (P2V) is a process in which an existing physical computer is converted into a virtual machine. making their company a greener company.microsoft. they will be able to consolidate their servers and reduce the number of physical computers they will have to support. allowing for application portability and flexibility across hardware platforms.aspx • http://technet. Virtual to physical (V2P) is a process in which an existing virtual machine is converted or deployed to one or more physical computers.10). FAST TR ACK HELP _______ /3 • http://technet. virtualize the legacy systems by performing a physical to virtual migration and run these systems on a host Microsoft Hyper-V solution 2.10). t ters. 3. The system archives the virtual system or file. Molly’s best solution is to: b.Answers 1. Virtualization can help simplify her disaster recovery needs by: a.microsoft. They will also reduce their carbon footprint because of reduced energy needs.com/en-us/library/cc753637(WS. The additional benefits that Northwind Traders will realize when they implement virtual technologies include: c. They can also reduce the number of people needed to support their large number of servers.
2 Understand organizational units (OUs) and containers 3.1 Understand accounts and groups 3.4 Understand group policy .3 Understanding Active Directory IN THI S C HAP TE R ■ ■ ■ ■ 3.3 Understand Active Directory infrastructure 3.
Which of the following is an unacceptable user account name? a. domain groups and local groups cannot be nested c. managing group memberships. 1 Understand accounts and groups SCENARIO: Sara Davis is the helpdesk manager for Wide World Importers (WWI). What is the name and location of the file that contains the local user and group objects? a.Han c.dit: c:\windows\ntds 2. local groups can contain domain groups.mdb b. Security Accounts Manager Database: %systemroot%\system32\config c. but domain groups cannot contain local groups The local users and groups security boundary is limited to the system they are created on. and what characters are not allowed. 1.OBJECTIVE U N D E R S TA N D I N G AC T I V E D I R E C TO RY 3 . userDB: c:\userdb. This includes technical details such as the location of the user database for both local and domain systems. domain groups can contain local groups. What is the rule related to nesting domain and local groups? a. acceptable naming conventions. including creating domain and local user accounts. and understanding what’s “under the hood” as it relates to managing user accounts. but local groups cannot contain domain groups b. MPatten 3. Abercrombie?kim b. WWI has asked Sara to provide procedures and training for her helpdesk staff that will allow them to be more proﬁcient at normal day-to-day administrative tasks. Mu. ntds. Understand accounts and groups 23 .
but domain groups cannot contain local groups Essential details • The Security Accounts Manager (SAM) is a database present on servers running Windows Server 2008 R2 that stores user accounts and security descriptors for users on the local computer.Answers 1.microsoft. Abercrombie?kim “ / \ [ ] : .10). The name and location of the file that contains the local user and group objects is: b.com/en-us/library/cc756748(WS. + * ? < > @ are not accepted characters for user accounts. | = . The Active Directory Domain Services database is named ntds.microsoft.com/kb/909264 _______ /3 24 CHAPTER 3: Understanding Active Directory . 3.aspx • http://support. An unacceptable user account name is: a. • The following steps create a local user account and add it to the Power Users group through the command line: • Start->All Programs->Command Prompt Type: net user WHarp myP@ssword /fullname:”Walter Harp” /comment:”A member of the Power Users Group” /logonpasswordchg:yes /add FAST TR ACK HELP • http://technet. The file is located by default in %systemroot%\ntds. local groups can contain domain groups. The rule related to nesting domain and local groups is: c. Security Accounts Manager Database: %systemroot%\system32\config.dit. 2.
command line. organizational units can only be created through Active Directory Users and Computers Delegation of control grants speciﬁc admini-strative tasks such as resetting passwords to individual users or groups without making them domain administrators. The company wants to design its Active Directory structure to better suit these various needs and allow for easier management of the various computers and departments. makeou=marketing.OBJECTIVE U N D E R S TA N D I N G AC T I V E D I R E C TO RY 3 . Which command creates an OU called Marketing in the domain HUMONGOUS.dc=humongous. PowerShell. 2 Understand organizational units (OUs) and containers SCENARIO: Victoria Flores is the Directory Services administrator for Humongous Insurance. 3. They also want to be able to manage each department without granting particular users complete administrative privileges. How can an organizational unit be created? a. Active Directory Users and Computers. 1.dc=local” Understand organizational units (OUs) and containers 25 . They have asked Victoria to create an organizational unit design that will ﬁt their goals. One of their main goals is to create a model with which they can maintain consistency and usability. simply perform all the administrative tasks herself c. give the domain administrator password to the employee assigned to manage each departmental organizational unit b. What can Victoria do to solve the administration issue? a.dc=humongous.dc=local” b. “ou=marketing. User Manager for Domains c.LOCAL? a. Active Directory Administrative Center b. dsadd ou “ou=Marketing. delegate control to the employee assigned to manage each departmental organizational unit and grant specific administrative rights for that container 2.local c. The IT needs and wishes of various branches vary greatly and it is a challenge to manage it all. Humongous Insurance is a large insurance company with ofﬁces throughout the country.humongous.
computers. They can be structured based on geographic location. organizational need.com/en-us/library/cc758565(WS. delegates control to the employee assigned to manage each departmental organizational unit and grants specific administrative rights for that container 2. business structure (departments). Victoria can solve the administration issue if she: c. Active Directory Administrative Center 3.com/en-us/library/cc732524. command line. An OU is created with the command: a. or platform and any combination mentioned. An organizational unit can be created through: a.microsoft. groups. operating system version.aspx _______ /3 26 CHAPTER 3: Understanding Active Directory . Active Directory Users and Computers. FAST TR ACK HELP • http://technet.microsoft.dc=humongous. specific role or function. dsadd ou “ou=Marketing. • Organizational units can be structured to meet various needs. PowerShell.10) • http://technet. and other organizational units.dc=local” Essential details • Organizational units are Active Directory containers into which you can place users.Answers 1.
a. Recent changes in the business and in advertising strategies have increased the popularity of Coho wines beyond expectations. operations roles are automatically transferred to subsequent domain controllers as they are added to the forest c. including organizing network objects. and managing security. the first domain controller in the forest b. It is easier to manage user accounts on 20 different computers than a centrally managed option b. What domain controller maintains all five operations roles by default? Migrating from a workgroup model to a domain model allows for ease of administration. 1. the company has decided to migrate from a workgroup network to a centrally managed domain model using Microsoft Windows Server 2008 R2 Active Directory Domain Services. there isn’t any benefit—it is cost-prohibitive. open Active Directory Users and Computers. Because of the meteoric rise of Coho’s sales. the only benefit is that it is easier to secure than a workgroup model 2. What is a benefit of having a domain model network as opposed to a workgroup? a. contact the previous system administrator b. the domain controller is selected by the administrator when the system is being promoted Understand Active Director y infrastructure 27 . right-click his domain. it allows for a centrally managed system where employees authenticate to the domain rather than to each individual workstation c. create a batch file that will query each domain controller to determine who is responsible for the RID master 3.OBJECTIVE U N D E R S TA N D I N G AC T I V E D I R E C TO RY 3 . 3 Understand Active Directory infrastructure SCENARIO: Andrew Ma is the systems administrator for Coho Winery. and select Operation Masters c. Andrew has decided to have multiple domain controllers for redundancy. What should Andrew do to determine which domain controller maintains the operations role of RID master? a. This IT change will allow Andrew to utilize several beneﬁts of a domain. applying group policies to manage desktop computers. as well as to split operations roles. It creates a centrally managed database that can be replicated across domain controllers which adds fault tolerance. The new organization system will support future company growth.
having a centrally managed system where employees authenticate to the domain rather than to each individual workstation. • A domain controller is a server that is running a version of the Windows Server operating system and has Active Directory Domain Services installed.10).com/en-us/library/cc755450(WS. the first domain controller in the forest.microsoft. Compare this to a workgroup model in which the administrator has to duplicate user accounts on any workstation that is sharing resources. The operations roles have to be transferred manually when the additional domain controllers are promoted in the forest.aspx • http://technet. NTDSUTIL is a command-line utility that can accomplish this task. 2. Andrew can determine which domain controller maintains the operations role of RID master if he b.aspx 28 CHAPTER 3: Understanding Active Directory . right-clicks his domain.10). This allows for better security policies and network management. which maintains all information about other objects in the domain. FAST TR ACK HELP _______ /3 • http://technet. The primary benefit of a domain model network is: b.com/en-us/library/cc780856(WS. The domain controller that maintains all five operations roles by default is: a. and selects Operation Masters 3. opens Active Directory Users and Computers. the user authenticates once to the domain.Answers 1. Essential details • A domain is a unit of replication. • In a domain model. This means that a single user would have to have a user account created for on each computer she accesses.microsoft.
com. What will the homepage display when Ben logs into a testing department workstation? a. The testing department has their homepage in IE set to open to http://testing. He does not want to reboot or wait for the system to refresh automatically in 90 minutes. Ben’s primary function is desktop management and support of the company’s desktop environment. Wingtip Toys only want password policies applied to their Testing Division. gpedit. station c.wingtiptoys users regardless . yes. Some issues have arisen in various departments: • Employees want to have customized desktops and features on their systems and still maintain consistency with Wingtip Toys • Administrators at Wingtip Toys want some primary settings to remain consistent on all systems in the company but want to allow each department to have individual settings that will help them perform their jobs more efficiently 1. http://wingtiptoys.com.com. the password policy set at the organizational unit level will only apply to the users and computers in that OU b. password policies can only be applied at the domain level effect. Ben has a policy that sets his homepage in 2. He has several tools at his disposal to accomplish this but his most important tool is his use of group policies on their domain. wingtiptoys.OBJECTIVE U N D E R S TA N D I N G AC T I V E D I R E C TO RY 3 . He is authenticating of the workstation to a testing department they authenticate to. Ben wants to create a Group Policy Object for the Testing organizational unit that sets these password policies. 4 Understand group policy SCENARIO: Benjamin Harris works for Wingtip Toys as their desktop administrator. He is not a Testing user and it’s not his workstation Understand group policy 29 . What command can he issue to force the application of group policies? a. gpupdate /force 3. Will this accomplish what Wingtip Toys wants? a. http://testing. gpupdate /NOW b. Ben wants to see if the policies he set are in Internet Explorer to open to http://wingtiptoys. His main goal is to have a quiet day at his desk so he can research new ideas for Wingtip Toys. yes.msc /update c. the password policy will apply to the users in the Testing division no matter what computer they log onto c.User Policy settings Group Policy follow the user settings apply to b. Internet Explorer default MSN homepage.com . no.
com/downloads/details . and folders. 2. Password policies can only be set and applied at the domain level.microsoft. • Winlogon is a component of the Windows operating system that provides interactive logon support. registry settings. gpupdate /force 3. services. http://wingtiptoys. • Group Policy Preference enables administrators to manage drive mappings. The user has already authenticated by the time organizational unit policies are applied. local users and groups. When Ben logs into a testing department workstation his homepage will display: a. User Policy settings follow the user Essential details • A Group Policy is an infrastructure that enables administrators to implement specific configurations for users and computers.com/en-us/library/cc779838(WS.com.Answers 1.microsoft.10). Wingtip Toys want password policies applied only to their Testing division: c.microsoft.aspx • http://support. No. The command to force the application of group policies is: c. Winlogon is the service in which the Group Policy engine runs. password policies can only be set and applied at the domain level.com/kb/94372 • http://www.aspx?FamilyID=18c90c80-8b0a-4906-a4f5-ff24cc2030fb&displaylang=en _______ /3 30 CHAPTER 3: Understanding Active Directory . files. FAST TR ACK HELP • http://technet.
Understand RAID 4.4 Understanding Storage IN THI S C HAP TE R ■ ■ 4.1/4.2 Identify storage technologies.3 Understand disk types .
2. it helps him organize his maps. ClickOnce b. ClickOnce b. Both programs are Windows Forms applications. downloads data from his GPS unit. The planning application is newer and Stepan is still making frequent changes. He has developed two applications to help him enjoy his hobbies. Windows Installer c. Which option will allow Stepan to distribute his applications via USB drives? Answers 1. Both deployment options automatically check for updates. 1. ClickOnce . camping.Understand Windows application deployment methods SCENARIO: Stepan spends much of his free time in the outdoors. the deployment method he should use is: A. a. hiking. and automatically posts updates to his favorite social media websites. Windows Installer c. The ﬁrst application helps him log his activities. he would like to distribute copies for others to enjoy. plan the supplies he’ll need. Windows Installer c. Which option is best suited for this application? a. and canoeing. The log application interfaces with a GPS and must install a device driver upon deployment. and keep track of weather reports in the days before he leaves. ClickOnce b. Which deployment option checks for updates before installing the application? a. Both deployment options can be distributed via USB drive. Whenever school is not is session. He has always run the applications from his own computer. 3. Neither deployment option can install a device driver. The second is a relatively simple application for planning trips. If Stepan wants the installer to check for updates. but now that his friends have seen how well they work. he tries to take at least one trip.
Server downtime is not an option for Humongous Insurance. What is the minimum number of hard drives required if Howard wants to configure a RAID 5 solution? a. 1. The company is responsible for protecting the property of hundreds of thousands of clients across 14 states. How much available free space will Howard have after RAID is configured? a.250 GB c. 2 Identify storage technologies. 2. they are equal b. He is using four 750-GB hard drives in his RAID array. possibly conﬁgured in a Network Attached Storage (NAS). Howard is configuring a server with RAID 5. Understand RAID 33 . 2 c. Because of the time-critical nature of the data stored by Humongous Insurance. NAS benefits from being attached to a server on the network to provide file abstraction 3. 3 2. 5 b. Howard is considering various form of Redundant Array of Independent Disks (RAID). 2. There isn’t any advantage. NAS provides file serving without the need for a server c. 750 GB b. where customer satisfaction is top priority. Understand RAID SCENARIO: Howard Gonzalez is the systems administrator for Humongous Insurance.250 TB The amount of drive space used for redundancy is 1/n (total drive space) where n is the total number of drives in the array. Identif y storage technologies.OBJECTIVE U N D E R S TA N D I N G S TO R AG E 4 . Howard is researching his best alternative to ensure that the customer service representatives have access to their client’s information whenever they need it. What is a benefit of NAS over Storage Area Network (SAN)? a. 1 /4 .
• Available free space after RAID 5 is configured =Total drive space-1/n (total drive space) 3000-¼(3000)=2. NAS provides file serving without the need for a server 3. 2.Answers 1.90).250 GB of free space (3000-¼(3000)=2. 3 2.250) Essential details • Network-attached storage (NAS) is file-level computer data storage connected to a computer network providing data access to heterogeneous clients.microsoft. • NAS does not require a server to provide services.aspx _______ /3 34 CHAPTER 4: Understanding Storage . • A Redundant Array of Independent Disks (RAID) is a data storage method in which data is distributed across a group of computer disk drives that function as a single storage unit. The minimum number for hard drives required to configure a RAID 5 solution is: c. After RAID is configured Howard will have: b. NAS reduces the number of servers on a network.250 FAST TR ACK HELP • http://msdn. A benefit of NAS over Storage Area Network (SAN) is that: b.com/en-us/library/ms184252(SQL. SAN requires a server to provide file abstraction services.
Luka wants to increase the data availability for three servers without having to rebuild them from scratch and without incorporating a great deal of cost by purchasing array controllers. make sure the servers are always on b.OBJECTIVE U N D E R S TA N D I N G S TO R AG E 4 . continuous data availability b. What advantages will Luka experience when using self-healing NTFS Self-healing NTFS does not protect against hardware malfunctions. no need to install antivirus software 2. carry an external drive and attach it from one system to another c. What can Luka do to be able to transport data from one system to another and have 3. make sure that his backups are running every night to ensure that he can restore data in the event of a failure it appear as a separate drive? a. Luka also would like to be able to use data on one system and transport it to another system and have it appear as another hard drive. Understand disk types 35 . What can Luka do to increase his server data availability without additional costs of an array controller or rebuilding each server? a. create a virtual hard disk (VHD) to store the data b. 3 Understand disk types SCENARIO: Luka Abrus works for City Power and Light as a systems administrator. 1. and establish a mirror (RAID 1) between the two drives c. compress the data and email the data to himself in Microsoft Windows Server 2008 R2? a. convert the drives from basic disks to a dynamic disk. add another physical drive to each server. no concerns about physical drive failure c.
When using self-healing NTFS in Microsoft Windows Server 2008 R2. Luka will experience the advantage of: a. Luka can: 3. continuous data availability.microsoft. A VHD can be mounted to any Windows system and appear as a separate physical drive 2.microsoft.Answers 1.com/en-us/library/cc758035(WS. The vhd can be stored to a network share and then be utilized from one system to another and mounted as a virtual drive.com/en-US/windows-vista/ What-are-basic-and-dynamic-disks • http://technet.10). add another physical drive to each server. • A mount point is an association between a volume and a directory on another volume.com/en-us/library/cc938934. • Microsoft virtual hard disk (VHD) file format specifies a virtual machine hard disk that can reside on a native host file system encapsulated within a single file. create a virtual hard disk (VHD) to store the data. Luka can: b. To be able to transport data from one system to another and have it appear as a separate drive.aspx • http://windows. To increase his server data availability without additional costs of an array controller or rebuilding each server. FAST TR ACK HELP • http://technet. Self-healing NTFS attempts to correct corruptions of the file system without requiring the use of chkdsk. convert the drives from basic disks to a dynamic disk and establish a mirror(RAID 1) between the two drives a.microsoft.aspx _______ /3 36 CHAPTER 4: Understanding Storage .exe Essential details • A dynamic disk is a physical disk that can use the master boot record (MBR) or GUID partition table (GPT) partitioning scheme and has the ability to create fault tolerant volumes (mirrored and RAID-5 volumes).
1 Identify major server hardware components 5.5 Understanding Server Performance Management IN THI S C HAP TE R ■ ■ ■ 5.3 Understand logs and alerts .2 Understand performance monitoring 5.
• can be distributed by a website or by removable media. • can register file types. • Both technologies: • provide a user interface to guide users through the installation process. ClickOnce is simpler and is ideal for applications that are updated frequently.com/en-us/library/e2444w33.NET Framework provides two primary technologies for deploying applications: ClickOnce and Windows Installer. Essential details • The . • Updates do not require complete reinstallation of application. Stepan’s applications can be distributed via USB drives because: C. • The technology automatically checks for updates. Windows Installer 3.aspx • http://msdn.microsoft. • In general. If he wants to install a device driver he should use: B.aspx . • The advantages and features of ClickOnce include: • There is minimal user interaction during the installation process.com/en-us/library/y18k4htb. • allow for the creation of Start Menu and desktop shortcuts. • Windows Installer provides more control over the installation process and is flexible enough to handle unusual or complicated setup requirements.microsoft. both deployment options can be distributed via USB drive. FAST TR ACK HELP • http://msdn.2. • Features of Windows Installer include the use of a “wizard” that assists the user with installation and the flexibility to handle a variety of installation situations.
to be comfortable when she is working in the datacenter b. Cari has been the server administrator at Proseware for several years and has a deep understanding of the technology needs related to the server components. several surge suppressors for the servers 3. 1 Identify major server hardware components SCENARIO: Proseware Inc. has recently purchased land to expand their business center. uninterruptable power supply (UPS) b. hot swappable/pluggable 2. the technology does not exist b. A great deal of thought and research must go into planning for the technology needs of a business the size of Proseware. component live swappable c. Proseware has asked Cari to submit a plan for the redesigned datacenter that will ensure data redundancy and server availability. 1. it is irrelevant— servers are configured with their own cooling systems ASHRAE recommends a temperature range of 61 to 75 degrees Fahrenheit and a humidity range of 40 to 55 percent.OBJECTIVE U N D E R S TA N D I N G S E RV E R PE R F O R M A N C E M A N AG E M E N T 5 . to prevent servers from overheating c. The overall business plan is dependent upon a dependable data system. What technology can Cari implement that will allow for the replacement of server components while the servers are still running? a. What can Cari implement that will protect the servers from a power outage and allow the systems to be shut down gracefully in the event of a power loss? a. a script that will shut down the server when the datacenter loses power c. Why is it important for Cari to have climate control within the datacenter? a. Identif y major ser ver hardware components 39 .
It is important for Cari to have climate control within the datacenter: b. A UPS only protects against power outages and is used to gracefully shut the systems down in the event of an extended power loss 3. To protect the servers from a power outage and allow the systems to be shut down gracefully in the event of a power loss.wikipedia. • Memory is a hardware device where information can be stored and retrieved. To allow for the replacement of server components while the servers are still running.org/wiki/Hot_swapping • http://upload. • A Network Interface Card (NIC) is a hardware device that handles an interface to a computer network and allows a network-capable device to access that network. FAST TR ACK HELP • http://en. Various hot swappable components include hard disks and fans.jpg _______ /3 40 CHAPTER 5: Understanding Server Performance Management . Cari can implement: c.Answers 1. Cari can implement: a. uninterruptable power supply (UPS). to prevent servers from overheating Essential details • Hot pluggable technology includes replacing system components without shutting down the system. hot swappable/pluggable.org/wikipedia/en/2/29/Chassis-Plans-Rack. 2.wikimedia.
What can Cliff do to solve this issue? a. Southridge has a unique ability to anticipate customer needs and provide services before customers are even aware that they would ﬁnd the services valuable. Performance Monitor Continuous page ﬁle hits are a result of a system not having enough RAM. add more RAM b. Network Monitor b. Command Prompt 2. 2 Understand performance monitoring SCENARIO: Cliff Majors works for Southridge Video as a systems administrator. File Manager b. move the page file to another physical drive on the system Understand performance monitoring 41 . In spite of their best planning and anticipation of problems. calls have come in from the customers complaining that the quality of the video is poor or that the videos just aren’t available. Cliff wants to compare the performance reports he created when he initially deployed the video servers. Cliff notices that the page file is being accessed continuously. 1.OBJECTIVE U N D E R S TA N D I N G S E R V E R P E R F O R M A N C E M A N AG E M E N T 5 . adjust the size of the page file c. 3. Southridge Video began as a start-up business in southern Georgia just a few years ago and its popularity has skyrocketed. netstat c. Cliff attempted to close a program on one of the video servers. Task Manager c. What application does he need to launch to create a comparison report? a. however the application did not respond. Cliff is analyzing Performance Monitor and adds a counter that tracks page file/usage and hits. A while ago the company introduced a service for customers to rent videos over the internet and stream the movies to their computers or internet-capable devices. What application can he open to end that process? a.
com/en-us/library/cc755081(WS.com/en-us/library/cc749249.com/en-us/library/cc771692(WS. Task Manager 2. add more RAM Essential details • A page file is a hidden file on the hard disk that operating systems use to hold parts of programs and data files that do not fit in memory. Performance Monitor. It is important to create a baseline performance report using Performance Monitor when deploying a system. To create a comparison report. he must launch the: c.microsoft. • Performance is the measure of how quickly a computer completes application and system tasks. Cliff can open the: b. • A process is a program or part of a program.com/kb/323527 • http://technet. This allows the administrator to have a report to compare against. To end a process that cannot be closed in the usual manner.aspx _______ /3 42 CHAPTER 5: Understanding Server Performance Management .microsoft. FAST TR ACK HELP • http://support.Answers 1. The reports can be overlapped within Performance Monitor to have a visual comparison. Cliff should: a.microsoft. 3.aspx • http://technet.10).10).aspx • http://technet. To solve the problem of continuous page file hits.microsoft.
write an event log. regardless of whether he is busy a. Walter keeps this historical data as it relates to the systems performance. remote into the systems periodically to check performance logs. use of the data to justify future upgrades as well as to identify performance trends throughout the year b. %systemdrive%\PerfLogs 3. 1. there is no benefit to keeping a historical record of your systems performance because technology changes so frequently 2.OBJECTIVE U N D E R S TA N D I N G S E R V E R P E R F O R M A N C E M A N AG E M E N T 5 . hire an intern to watch performance monitor and page him whenever something goes wrong b. What benefit can Walter gain by maintaining a historical record of the system’s performance? a. create a Performance Alert that will send a network message. 3 Understand logs and alerts SCENARIO: Walter Felhofer manages the network at Graphic Design Institute. He reviews this data on a regular basis as well as reviewing the data in comparison mode because he knows that it contains details that will be valuable for justifying future technology acquisitions and creating business plans. What can Walter do so he can perform his other day-to-day tasks and not miss any major performance issues? a. He is unable to watch performance logs and data all day long. or run a program when certain criteria are met c. What is the default location for system performance logs? Performance monitoring is crucial for real-time system performance but is also important for scaling future systems and upgrades. provide performance documentation if a supervisor asks for it c. %systemroot%\logs b. Understand logs and aler ts 43 . Walter’s job keeps him very busy. #system#\perflogs c. The network performance seems to vary greatly and Walter suspects a variety of causes ranging from the time-of-day use to events that coincide with special promotions and cyclical events. He has been monitoring the network for several months to better understand the trafﬁc variations.
The default location for system performance logs is: c.com/en-us/library/cc738564(WS. Walter can: a.10). 2.microsoft. • The Performance Monitor will open in stand-alone mode with comparison enabled.aspx • http://technet. type perfmon/sys/comp and press Enter. use the data to justify future upgrades as well as to identify trends throughout the year. %systemdrive%\PerfLogs Essential details • Objects are specific resources in the Performance Monitor that can be measured. create a Performance Alert that will send a network message. • Performance counters are measurements of system state or activity.aspx#BKMK_alert _______ /3 44 CHAPTER 5: Understanding Server Performance Management . By maintaining a historical record of the system’s performance.com/en-us/library/cc722414.Answers 1.microsoft. Walter can: b. 3. To ensure that he doesn’t miss any major performance issues. • Use of the overlay mode is only available in the Performance Monitor when it is running in stand-alone mode with comparison enabled: • Click Start->click in the Start Search box. FAST TR ACK HELP • http://technet. write an event log. or run a program when certain criteria are met.
3 Understand updates 6.2 Understand business continuity 6.4 Understand troubleshooting methodology .1 Identify steps in the startup process 6.6 Understanding Server Maintenance IN THI S C HAP TE R ■ ■ ■ ■ 6.
bcdedit. and retrieves system configurations from CMOS c. config. April want to demonstrate starting a computer in safe mode. April Meyer. boot the installation media and select the safe mode option c. calls programs such as autoexec. performs initial hardware checks.bat.OBJECTIVE U N D E R S TA N D I N G S E R V E R M A I N T E N A N C E 6 . 1 Identify steps in the startup process SCENARIO: Fourth Coffee has expanded its business to 20 new stores in neighboring states. The CIO has asked the systems administrator. Identif y steps in the star tup process 47 . access the system BIOS and configure it to start in safe mode b. ntloader. verifies devices.exe 2. and win. The expansion meant that the company had to expand its IT department and hire several new technicians. She wants everyone to have a fundamental understanding of the boot process as well as some troubleshooting techniques.ini c.sys. to provide training to her staff on Server 2008 R2.exe b. boot. What are the steps a. 1. remove all media and then press and hold the F8 key before the Windows Logo appears Safe mode starts Windows with a limited set of ﬁles and drivers.ini to start a computer in safe mode? 3. What command-line utility can April demonstrate to modify the boot configuration database? a. What does the Power-On Self Test (POST) do? a. It is critical that all of the new hires have knowledge and skills in maintaining the company’s technology infrastructure—the success of the company depends upon effective technology at every level of the business. tests to see whether the power is on b.
exe 2. and the keyboard to see whether they are properly connected and operating.com/en-us/library/cc976730. press and hold the F8 key as your computer restarts. and DVDs from the computer and then restart the computer.com/en-us/library/cc721886(WS.10).com/en-US/windows-vista/ Start-your-computer-in-safe-mode _______ /3 48 CHAPTER 6: Understanding Ser ver Maintenance . • The Master Boot Record (MBR) is the first sector of the first hard disk. verifies devices.aspx • http://technet.microsoft.microsoft.aspx • http://technet. • If your computer has a single operating system installed. bcdedit. remove all media and then press and hold the F8 key before the Windows Logo appears Essential details • Power-On Self Test (POST) is a set of routines stored in a computer’s read-only memory (ROM) that tests various system components such as RAM. and retrieves system configurations from CMOS 3.Answers 1.microsoft. performs initial hardware checks. FAST TR ACK HELP • http://technet. it is a physically small but critical element in the startup process on an x86-based computer. To start a computer in safe mode: c. The Power-on Self Test (POST): b. CDs. The utility that April can demonstrate to modify the boot configuration database is: a. • To start a computer in safe mode remove all floppy disks.aspx • http://windows.microsoft. the disk drives.com/en-us/library/bb457123.
What inherent a. The main focus of this plan is to maintain business continuity by ensuring that critical business functions will be available for customers and business partners. Part of Rachel’s plan is to develop a disaster recovery plan. policies.exe 2. allows users and administrators to redirect the path of a folder to a new location that can provide backup on a network share c. and employees can be met in event of an unforeseen technology problem or a natural or human-induced disaster. Understand business continuity 49 . Her plan must ensure that the needs and important activities of Northwinds customers. converts a folder from one file system to another A disaster recovery a. Northwinds Traders core infrastructure runs on Microsoft Windows Server 2008 R2. She needs to plan for data redundancy as well as disaster recovery. NTBackup. 2 Understand business continuity SCENARIO: Rachel Valdes is developing a strategic information technology plan for her company. suppliers. What is a disaster recovery plan? a. a procedure meant solely for recovering lost data plan is related to any technology infrastructure and should be updated on a regular basis. Northwinds Traders. regulators.OBJECTIVE U N D E R S TA N D I N G S E R V E R M A I N T E N A N C E 6 . the process. allows administrators to direct folders to perform data backups and migrations b. application can they use to implement the data redundancy portion of their strategic plan? 1. Windows Server Backup b. a plan that dictates how to recover data and financial loss after a theft c. Active Directory Restore Mode c. What benefit does folder redirection offer? 3. and procedures related to preparing for recovery or continuation of critical technology after a natural or human-induced disaster b.
Folder redirection is a method that helps prevent users from keeping important information on their local hard drives by redirecting it to another location where it can be backed up for data redundancy.Answers 1. and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster.microsoft.microsoft. The benefit offered by folder redirection is to: b. the process.com/en-us/library/cc753201. and other entities that must have access to those functions.com/en-us/library/cc778976%28WS. A disaster recovery plan includes: a.aspx • http://technet.aspx • http://technet. Windows Server Backup 2. and procedures related to preparing for recovery or continuation of critical technology after a natural or human-induced disaster Essential details • Data redundancy is a property of some disk arrays that provides fault tolerance so that all or part of the data stored in the array can be recovered in the case of disk failure. policies. • Business continuity is the activity performed by an organization to ensure that critical business functions will be available to customers.microsoft.microsoft. FAST TR ACK HELP _______ /3 • http://technet.10%29.com/en-us/library/cc785306(WS.10). suppliers. 3. • Disaster recovery is the process. regulators.com/en-us/library/cc770266(WS. To implement the data redundancy portion of Northwinds’ strategic plan they can use: a. allow users and administrators to redirect the path of a folder to a new location that can provide backup on a network share.aspx 50 CHAPTER 6: Understanding Ser ver Maintenance .aspx • http://technet. policies.10).
They also have a mix of server operating systems running Windows Server 2003 R2 through Windows Server 2008 R2. Network Monitor c. isolate the software development team on a separate segment and allow them to manage their own updates Microsoft security recommendations? 2. Tailspin Toys has asked Mark to ﬁnd a way to ensure that all of the systems on their network are updated on a regular basis. both 32-bit and 64-bit. 3 Understand updates SCENARIO: Mark Patten is a network engineer with Tailspin Toys. Tailspin Toys’ desktop systems range from Windows XP to Windows 7. disable updates for the software development team b. configure a separate WSUS group and put all of the software development computers and servers in that group c. What can Mark do to solve the issues he will run into with the software development team? 3. but requires strong network administration skill on Mark’s part! 1. Understand updates 51 . allow the users to run the updates whenever they see fit a. arrive early every Wednesday before Tailspin Toys opens and perform Windows Updates c. They also want Mike to discuss updates with their software development team because developers sometimes run into issues with updates conﬂicting with their custom software while they are in development process. What can Mark do to streamline update management for Tailspin Toys? a.exe b. Qchain.OBJECTIVE U N D E R S TA N D I N G S E R V E R M A I N T E N A N C E 6 . This variety of computers and systems within a single organization is not unusual. What tool can Mark use to determine the security state in accordance with a. configure Windows Software Update Services (WSUS) to download and deploy updates based on his needs b. Microsoft Baseline Security Analyzer (MBSA) Use MBSA to detect common security misconﬁgurations and missing security updates on computer systems.
com/en-us/library/cc700845. To solve the issues with the software development team.com/en-us/wsus/default. configure Windows Software Update Services (WSUS) to download and deploy updates based on his needs 2. Mark can use: c. security updates. and updates since the release of the product.Answers 1. Microsoft Baseline Security Analyzer (MBSA) Essential details • A hotfix is a single package composed of one or more files used to address a problem in a product. critical updates. • Service packs are cumulative set of hotfixes. • Update management is the process of controlling the deployment and maintenance of interim software releases into production environments.microsoft. configure WSUS to have a separate group and put all of the software development computers and servers in that group. He can schedule updates to be selectively applied to their system.aspx • http://technet. To streamline update management for Tailspin Toys. To determine the security state in accordance with Microsoft security recommendations.aspx _______ /3 52 CHAPTER 6: Understanding Ser ver Maintenance . Mark can: a.microsoft. 3. including many resolved problems that have not been made available through any other software updates FAST TR ACK HELP • http://technet. Mark can: b.
Troubleshooting methodology is imperative for the success of the helpdesk team. and manage security. 1. msconfig. The helpdesk team is in charge of troubleshooting various issues that come in on a day-to-day basis from the local winery and their remote winery locations located on both the east coast and the west coast. resource Monitor b. task Manger c.exe Understand troubleshooting methodology 53 . a worm propagates through the entire network c. apply group policies to manage desktop computers. event Viewer 3. Andrew Ma. What application allows you to view all processes and either selectively end a single process or the entire process tree? a. Jeff Wang is responsible for updating the skills of the current team and training the new helpdesk hires at Coho Winery. resource Monitor b.OBJECTIVE U N D E R S TA N D I N G S E R V E R M A I N T E N A N C E 6 . a user’s monitor will not turn on determine the time and type of problem a particular system may be having? Windows Resource Monitor allows you to view a process wait chain and to end processes that are preventing a program from working properly. What is an example of a systemic problem? a. 4 Understand troubleshooting methodology SCENARIO: Recent changes in the network conﬁgurations at Coho Winery have been successfully implemented. What is the first tool in a Microsoft environment that should be used to a. 2. but the changes have brought about the need to refresh the skills of the helpdesk team. task Manager c. is pleased with his ability to organize network objects. a hard disk fails on a user’s computer b. the systems administrator.
1. An example of a systemic problem is when:
b. a worm propagates through the entire network. Answers A and C are specific to a single system’s problems, not systemic.
2. The first tool in a Microsoft environment that should be used to determine the time and type of problem is:
c. Event Viewer
3. To view all processes an either selectively end a single process or the entire process tree, use the
a. Resource Monitor
• Event Viewer maintains logs about program, security, and system events on your computer. • Resource Monitor is a system tool that allows you to view information about the use of hardware (CPU, memory, disk, and network) and software (file handles and modules) resources in real time. • Event viewer can be accessed through Start->Programs->Administrative Tools->Server manager-> Diagnostics->Event Viewer. • Default location for event logs: • %systemroot%\system32\config
FAST TR ACK HELP
• http://www.microsoft.com/resources/documentation/windows/xp/all/ proddocs/en-us/snap_event_viewer.mspx?mfr=true • http://technet.microsoft.com/en-us/library/cc766042.aspx • http://technet.microsoft.com/en-us/library/dd883276(WS.10).aspx
CHAPTER 6: Understanding Ser ver Maintenance
3A Understand wide area networks (WANs) 1.1 Understanding Networking Infrastructures IN THI S C HAP TE R ■ ■ ■ ■ ■ ■ ■ 1.3B Understand wide area networks (WANs) 1. intranet.2B Understand local area networks (LANs) 1.4 Understand wireless networking 1.2A Understand local area networks (LANs) 1.1 Understand the concepts of the internet.5 Understand network topologies and access methods . and extranet 1.
an eraser is to a pencil c. provide company information to internal employees Understand the concepts of the internet. a movie is to a screen Even though a browser’s security settings may be set high. and extranet 59 . he is concerned about keeping his customers’ computers safe from viruses and hackers. What will Sidney need to install for Josh to be able to access Fourth Coffee’s server from his home and mobile phones? a. allow different businesses to share information b. He would like to be able to access Fourth Coffee’s server from his home and mobile phones. and extranet SCENARIO: Before going to class. Sidney stops by Fourth Coffee for an iced coffee. Josh asks Sidney if she can help him manage Fourth Coffee’s server and wireless network. intranet. Josh has a few projects for Sidney to start working on immediately. The primary goal of an intranet is to: a. a VPN c. a ﬁrewall still should be used. a door is to a classroom b. 3. a firewall b. Josh. 1 Understand the concepts of the internet. Josh would like to provide internal company information such as schedules and company policies to his employees. A firewall is to a network as: a. intranet. stops to talk with Sidney because he knows that she enjoys solving computer problems. an intranet 2. let users access different websites c. The owner of Fourth Coffee.OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . Sidney thanks Josh and tells him that she’ll start working on his projects today right after class. In addition. Also. 1.
• Firewalls can be hardware devices.microsoft. so Sidney will install a: b. • For security zones.microsoft.com/kb/174360 • http://msdn. Essential details • VPNs create a private network and provide a secure tunnel across the Internet.aspx • http://support. Firewalls keep computers safe and doors keep classrooms safe and quiet so that students may study.com/en-us/library/aa503420. Josh wants to be able to access Fourth Coffee’s server from his home and mobile phones. An intranet’s primary goal is to: c. • In Microsoft® Internet Explorer® click Tools and then click Internet Options to set your security settings. keep the security level as high as possible.com/en-us/library/ms953581. Extranets allow different business to share information and the Internet lets users access different websites. 2.Answers 1. 3. VPN. • Mobile phones can be used to connect to a company’s servers.aspx _______ /3 60 CHAPTER 1: Understanding Networking Infrastructures . A firewall is to a network as: a. a door is to a classroom.microsoft. FAST TR ACK HELP • http://msdn. A VPN is a Virtual Private Network. provide company information to internal employees.
To verify that Kim’s NIC (network interface card) works. static address When troubleshooting network connections. 1.0. When Kim arrives in the lab she sees that Michael has already started his laptop and is connected to the school’s network. Michael tells her that she does not need to have her wireless card because she can connect directly to the network. Kim starts her laptop and attempts to connect to the school’s network when she realizes that she forgot her wireless card. wired NIC and explaining the steps. a key is to a door c. What type of network is Kim trying to connect to? a. PAN 2. 3. LAN c. use ping and ipconﬁg. loopback address b. WAN b. a movie is to a TV Understand local area networks (LANs) 61 . Michael. which is known as the: a. Kim tells Michael that she’ll have to run home and get her wireless card.1. asks Kim to study with him after class in the school’s computer lab.0. 2 A Understand local area networks (LANs) SCENARIO: Kim is studying to become an animator at the Graphic Design Institute. lyrics are to a song b. A NIC is to a LAN as: a. Kim asks Michael to show her how and he pulls out a cable and starts connecting it to her laptop’s internal. dynamic address c. Kim’s friend from class. Michael pings 127.OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 .
• Perimeter networks provide an extra layer of security for a company’s internal network. 3.microsoft.0. FAST TR ACK HELP • http://windows.microsoft. A key provides access through a door just as a computer is required to have a NIC to access a LAN. right-click Network and select Properties to view your network configuration. static address of 127.com/kb/169790 • http://msdn.Answers 1. To test Kim’s NIC Michael pings the: a. A LAN is a Local Area Network.microsoft.com/en-US/windows7/ Why-can-t-I-connect-to-a-network • http://support.0.0.com/en-us/library/ee494910.0. • Computers connect to a LAN through a NIC (network interface card).aspx _______ /3 62 CHAPTER 1: Understanding Networking Infrastructures . loopback address. • In Microsoft Windows® 7. LAN.1 and a successful ping verifies that the NIC works. 2. A NIC is to a LAN as: b. • The loopback address is a reserved. The loopback address is 127. Kim is trying to connect to the school’s: b.1. Essential details • LANs connect local computers together in a small geographical area. a key is to a door.
to succeed in his ﬁrst IT job. expand the hotel’s wired network b. His new boss. if necessary. 2 B Understand local area networks (LANs) SCENARIO: Brian just graduated from his local community college in IT and started working for Adventure Works as an IT Technician. 1. the hotel manager. VLAN b. 3. wired LAN c. if the hotel has Internet access. When Brian arrives in Seattle he immediately checks into his hotel. which he may use to access the Internet for free! Plus the hotel will be expanding Internet connectivity to the pool area soon. When Brian connects a cable from his laptop’s NIC into an RJ45 jack he is connecting to the: a. wireless LAN 2. expand the hotel’s wireless network c. logical network b. Erin tells Brian that the hotel has both wired and wireless LAN connections available. Brian is thrilled that the hotel provides free Internet access so that he can work at night. decides to send him on a business trip to Seattle where he will help set up the computers in their new store.OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . He asks Erin. A VLAN is also called a: a. add a new WAN Understand local area networks (LANs) 63 . Annie. external network Access points are used to connect wireless devices to wired networks. What will be Erin’s best solution for providing Internet connectivity to the pool area? a. internal network c.
expand the hotel’s wireless network. logical network. • Wired networks take time to install because wires need to be pulled to all of the connection jacks. or infrared light.microsoft. VLANs segment broadcast traffic. 3. Wired LANs use cables and wireless LANs use radio. click the wireless network icon (on the right side of the taskbar) to view the available wireless networks. • Wireless LANs are easy to expand to remote areas.aspx • http://windows.Answers 1.com/protect/data/home/wireless. The best solution Erin should implement to expand Internet connectivity to the pool area is: b. which in turn increases network performance. Another name for a VLAN is: a.microsoft.com/en-US/windows7/ What-you-need-to-set-up-a-home-network • http://www. wired LAN. Essential details • VLANs are created on switches and help improve network performance. 2. microwave.com/en-US/windows7/ View-and-connect-to-available-wireless-networks _______ /3 64 CHAPTER 1: Understanding Networking Infrastructures . Connecting a cable from a laptop’s NIC into a RJ45 jack allows Brian to use the hotel’s: b. A wireless LAN is easy to install in locations such as pool areas and hotel lobbies where it can be difficult to run cables. • In Microsoft Windows 7.microsoft. FAST TR ACK HELP • http://windows. • Security can be implemented in both wired and wireless LANs.
Sidney reassures Josh that the existing VPN is secure because the data Always choose the most efﬁcient IT solution to meet the goals of a given IT situation. In three months he will open another location 30 miles north. In the next month he will open one new location 30 miles south. Sidney decides to order a private. Josh wants to have a network between all three coffee shops. his IT Consultant. He is also concerned about security over the existing VPN that provides him with access to the coffee shop’s network from his home and mobile phones. decides that now is the time to expand his business. dial-up c. To link all three of Fourth Coffee’s LANs together. PAN c. 1.OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . she tells Josh that she has the solutions. defragmented b. ISDN transferred across the public network is: a. 3A Understand wide area networks (WANs) SCENARIO: Fourth Coffee’s business is booming! Josh. a leased line b. zipped 3. the owner. encrypted c. Sidney can easily expand the network because she has been studying WANs in her college classes. WAN 2. Between the original coffee shop and the first expansion location. Understand wide area networks ( WANs) 65 . When Josh shares his expansion plans and IT concerns with Sidney. Sidney will create a: a. LAN b. dedicated line from the phone company known as: a.
com/windows/windows-7/features/bitlocker. Sidney will link all three of Fourth Coffee’s LANs together by creating a: c.html • http://www. cost. Encrypted data is scrambled.com/en/US/docs/internetworking/technology/handbook/ Intro-to-WAN. Fourth Coffee’s VPN is secure because the data transferred across the public network is: b. availability.microsoft. • Always protect data by encrypting it prior to transferring it across the Internet. leased lines are a great WAN solution for connecting two locations.microsoft.aspx _______ /3 66 CHAPTER 1: Understanding Networking Infrastructures . FAST TR ACK HELP • http://technet. and so on.aspx • http://www. 3.Answers 1. • The Plain Old Telephone Service (POTS) is the oldest communications network.com/en-us/library/bb727043. WAN. A WAN is a Wide Area Network which spans a large geographical area. encrypted. • For small companies. 2. which protects it from unauthorized network clients. The private.cisco. dedicated line that Sidney orders from the phone company to connect the original coffee shop and the first expansion location is called a: a. Essential details • WANs can span completely around the world–from the United States to Australia! • A WAN link selection depends upon a company’s goals for speed. leased line. The cost for a leased line depends upon the speed.
Allie determines that the United States’ equivalent to Cristian’s chosen digital circuit is the: a. T1 c. 3 B Understand wide area networks (WANs) SCENARIO: While attending college. One home connection that Allie researches is a high-speed digital communication technology over standard copper telephone wire called: a. E1 b. Allie will need to research different home connection subscriptions available for Tailspin Toys’ employees so that they can access the company’s network via the Internet. Richard. Colorado. Speed for the digital circuits needs to be a minimum bandwidth of 1 Mbps. Cable TV b. Both locations will use point-to-point. In addition. Together they will determine the different types of WAN connections available in the United States and France. who works for Tailspin Toys in Paris. T1 2. VPN Understand wide area networks ( WANs) 67 . informs her that she will be working with Cristian. France. 3. Tailspin Toys’ CIO. E1 b. She realizes that this is an amazing opportunity for her to apply the skills that she has learned in her networking classes. Allie and Cristian have fun challenges to solve! 1. Allie accepts an IT internship at Tailspin Toys in Denver. another IT intern. dedicated. digital circuits between their two local ofﬁces within their respective countries. dedicated. Cristian determines that the point-to-point. U1 Every country has its own unique IT standards and procedures. DSL c.OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . F1 c. digital circuit that is available in Paris and meets the minimum bandwidth of 1 Mbps is the: a.
which is called: b.microsoft. E1.com/en-us/library/cc753764(WS. For home connections. • Even more WAN technologies exist. Allie finds a high-speed digital communication technology that operates over standard copper telephone wire. digital circuit that Cristian finds that meets the 1 Mbps minimum bandwidth is the: a. In the United States.microsoftonline.com/ • http://technet.emea. The T1 is available through the United States and has a bandwidth of 1.aspx _______ /3 68 CHAPTER 1: Understanding Networking Infrastructures . In Paris. 3. Allie determines that the equivalent digital circuit to the E1 is the: b.048 Mbps. • DSL and Cable broadband Internet access technologies each have a corresponding modem.Answers 1. The E1 is available through Europe and has a bandwidth of 2. dedicated. T1. DSL and Cable broadband Internet access technologies are popular choices for connecting home or small business systems to the Internet. Essential details • E1 and E3 are WAN connections available in Europe versus T1 and T3 for the United States. 2.microsoft.10). the point-to-point.com/en-us/library/bb726928. DSL. such as Frame Relay and ATM (Asynchronous Transfer Mode). • WAN links need to be optimized for efficient and fast performance. FAST TR ACK HELP • http://speedtest.aspx • http://technet. • Dial-up and ISDN have decreased in popularity while DSL and Cable have become more popular.544 Mbps.
11n b. Bluetooth 2. 4 Understand wireless networking SCENARIO: Scott wants to set up a wireless network in his family’s house for Internet connectivity. WPA-PSK Always secure a wireless network so that your data stays safe. The family’s desktop system will be wired and their new laptop will use wireless. The most current wireless networking standard is: a. After the wireless network is completed. Susan and Scott start setting up the wireless network. Will Scott succeed and earn a free semester at college? 1.OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . who has already set up a secure wireless network for her family.3 c. 802. private. VLAN c. Wi-Fi hotspot Understand wireless networking 69 . If he is successful in creating a secure wireless network. After their shopping trip. Scott enlists his friend Susan. his parents will pay for his ﬁrst semester in IT at college! To ensure his success. Gigahertz b. To provide strong encryption protection without an enterprise authentication server. The family uses DSL for their Internet connection. Scott’s Dad sits on the deck and successfully connects the laptop to the Internet through their new. SSID b. Susan takes Scott on a shopping trip to their local electronics store to purchase the necessary equipment of a wireless router which supports the most current wireless networking standards. Scott uses: a. and secure: a. 802. WEP c. 3.
• The 802. FAST TR ACK HELP _______ /3 • http://standards. 2.org/getieee802/802. Scott’s Dad connects his laptop to the Internet through their private and secure: c. • Connect a WAP (wireless access point) to a wired router to provide connectivity between the wireless devices and wired network.11.ieee. On the deck.microsoft. • WP-Enterprise and WP2-Enterprise are used in business environments and work with an 802. frequency. schools. 3. and restaurants. WPA-Enterprise. Two of the popular networking standards being used are 802. 802. distance.html • http://windows.1X authentication method is used in business environments and requires a certificate or smart card for network access. WPA-PSK.11n.Answers 1. airports. which uses authentication servers. and so on.11g and 802. • WPA (Wi-Fi Protected Access) and WPA2 is more secure than WEP (Wired Equivalent Privacy). The wireless networking standard that is most current is: a. is for an enterprise business. such as speed.com/en-US/windows-vista/ What-are-the-different-wireless-network-security-methods 70 CHAPTER 1: Understanding Networking Infrastructures .com/en-US/windows7/ Set-up-a-security-key-for-a-wireless-network • http://windows. WPA-PSK is for personal/small business use.11n. Wi-Fi hotspot.microsoft.1X authentication server. Essential details • Each of the wireless networking standards has different characteristics. Strong encryption protection without an enterprise authentication server is provided through: c. Public Wi-Fi hotspots are available in a variety of locations such as coffee shops.
He brings his laptop to the resort and ﬁnds out that wireless Internet connectivity is not available to the skiers. star topology It is important to know the advantages and disadvantages of various topologies. Should she implement a star or bus network topology? What is a mesh? Does she need a switch? Molly has too many IT questions and not enough answers. She willingly discusses her networking dilemmas with Jack.OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . Alpine Ski House has only one desktop computer connected to the Internet. bus b. The topology considered more reliable because all of the nodes are connected to each other is the: a. The topology concerned with how data gets transferred within the network is the: a. What topology should Jack choose for Molly’s network? a. Jack starts to design a network solution for Alpine Ski House between his skiing sessions. physical topology 2. so he asks to speak with the owner of Alpine Ski House. mesh topology c. 1. 3. a small wilderness resort. Jack decides that this would be a great opportunity for him to apply the skills he is learning in class. star Understand network topologies and access methods 71 . Molly. mesh topology c. ring c. so she decides to hire Jack. bus topology b. Jack decides to go skiing at Alpine Ski House. logical topology b. 5 Understand network topologies and access methods SCENARIO: During winter break from college.
Essential details • Bus topologies were popular along with coaxial cable. mesh topology. the topology that deals with how data gets transferred is the: a.php _______ /3 72 CHAPTER 1: Understanding Networking Infrastructures . logical topology.aspx • http://www. • Ring topologies are used as backbones for large networks with fiber cable and may contain redundant rings. • In star topologies a switch is usually used as the central device along with twisted pair cable.giac.cisco. FAST TR ACK HELP • http://technet. 2.org/resources/whitepaper/network/32.com/en/US/docs/internetworking/technology/ handbook/Intro-to-LAN. For Molly’s network at Alpine Ski House. The star is the one of the most popular topologies implemented today because of its low cost and ease of installation. the topology Jack should choose is the: c. 3. • Mesh topologies are more expensive because of the redundant wiring.html • http://www. • CSMA/CD is similar to a chat room. Mesh topologies contain redundant wiring that provides multiple paths to the same destination.Answers 1. star. which is concerned with how the devices are physically connected together.com/en-us/library/bb632621.microsoft. Within the network. The topology where all the nodes are connected to each other to form a reliable network is the: b. The logical topology works with the physical topology. while CSMA/CA (Collision Avoidance) is similar to a classroom.
1A Understand switches 2.3A Understand media types 2.2 Understanding Network Hardware IN THI S C HAP TE R ■ ■ ■ ■ ■ 2.3B Understand media types .2 Understand routers 2.1B Understand switches 2.
Michelle offers to meet Robert at Fourth Coffee.OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . A smart Layer 2 device that has an IP address. 3. and provides full bandwidth to each port is called a: a. What about you? 1. Sidney. Sidney starts to quiz Robert about the different networking components. connects the office computers together. The OSI model is to networking as: a. 1 A Understand switches SCENARIO: Michelle is logged into one of her social networking sites when she receives an urgent text message from her friend Robert. located on the NIC c. Robert is trying to study for his IT networking class ﬁnal and has some questions regarding the concepts and needs help. Michelle tells Sidney that she is helping Robert study for a test. fashion rules are to fashion A MAC address is also called a physical address and can be viewed with ipconﬁg/all. music is to a Zune b. A computer’s MAC address is: a. assigned by a Network Administrator b. Robert passes Sidney’s test. who is a friend of hers. While Michelle and Robert are studying at Fourth Coffee. managed hub b. the IT Consultant at Fourth Coffee. cookies are to milk c. stops by the table to say hi to Michelle. managed switch c. acquired from an ISP (Internet Service Provider) 2. Sidney tells Robert that it is more fun to look at real equipment to learn the concepts and offers them a tour of Fourth Coffee’s IT network. While on the tour. unmanaged switch Understand switches 75 .
Essential details • Know the layers of the ISO’s (International Standards Organization) OSI model.com/en/US/docs/internetworking/technology/handbook/ Intro-to-Internet. switches and NICs are Layer 2. The OSI model is to networking as: c. A device that provides full bandwidth to each port.com/cisco/web/solutions/small_business/resource_center/ articles/connect_employees_and_offices/what_is_a_network_switch/index. FAST TR ACK HELP • http://www. networking devices perform certain functions and follow specific rules based on their OSI model layer.cisco. and operates at Layer 2 of the OSI model is a: b.html • http://www. • Switches can create VLANs (Virtual Local Area Networks). Just as stripes and solids do not usually match. which is the cable’s speed. The MAC address is determined by the vendor of the NIC.html • http://www. which isolate network broadcast traffic. the network will operate at the slowest speed. • Bandwidth is the throughput or the data transfer rate. connects computers together.cisco. and routers are Layer 3. The MAC address for a computer is: b.cisco. has an IP address. • If you have a fast port but a slow cable. 2.pdf _______ /3 76 CHAPTER 2: Understanding Network Hardware . managed switch. • Hubs and repeaters are Layer 1 devices.com/en/US/prod/switches/ networking_solutions_products_genericcontent0900aecd806c7afe. fashion rules are to fashion. located on the NIC.Answers 1. 3. Switches that are managed contain an IP address.
3. a portal is to the web c. to help him out.OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . Joel learns more about how the dorm’s LAN is conﬁgured. Because his laptop seems ﬁne. However. too! Scott also tells Joel that a new switch module is expected next week and hardware redundancy is being added. he keeps thinking about all he has learned and realizes that IT is both challenging and fun! 1. While in the network room. Joel returns to his dorm room to work on the term paper. a frame is to a picture b. Layer 2 forwarding and Layer 3 switching in hardware b. a MAC address is to a switch c. a backplane is to a switch b. Layer 2 switching and Layer 3 forwarding in hardware 2. However. 1B Understand switches SCENARIO: Joel is working in his college dorm room on a term paper when he loses Internet connectivity. A motherboard is to a computer as: a. who manages the dorm’s network. After the issue is resolved. Joel ﬁnds Scott and they go to the dorm’s network room to determine what has happened. Joel remembers that switches operate at Layer 2 and shares that with Scott. A switch is to a network as: a. A Layer 3 switch performs: a. Joel decides to enlist his friend Scott. Layer 2 segmenting and Layer 3 switching in hardware c. a case is to a computer It is important to know the layers of the OSI model and how they operate. Scott informs Joel that there are actually Layer 3 switches. a certificate is to a switch Understand switches 77 .
com/en-us/library/bb742373. a portal is to the web. Modules may be inserted into a switch’s backplane for expansion and upgrading purposes. A switch is a connection point for all local clients just like a portal is a collection point for different web resources.microsoft.Answers 1.microsoft. • Use VLANs to segment systems from each other. The sophisticated Layer 3 switch performs: c. • Managed switches provide more options for network support. which in turn enhances security.com/web/about/ac123/ac147/archived_issues/ipj_1-2/ switch_evolution. • Hardware redundancy provides highly available networks. This is a very smart device operating at a higher layer! 2. FAST TR ACK HELP • http://www.com/en-US/windows7/ How-do-hubs-switches-routers-and-access-points-differ • http://technet. 3. A motherboard is to a computer as: a. • Choose the right networking device for the specific goal.html • http://windows. A switch is to a network as: b. a backplane is to a switch. Essential details • Switches are more than just a connection point for computers in a LAN.aspx _______ /3 78 CHAPTER 2: Understanding Network Hardware .cisco. Layer 2 switching and Layer 3 forwarding in hardware.
recommends volunteering at the local Humane Society because he has heard that they have a lot of IT issues. pings the router and it returns the routes because of: a. Ty. use the switch to connect the desktops and servers and then install routing software on the server the router knows. about volunteering. The Humane Society cannot afford a router but they do have a switch and a Windows Server. NAT c.OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . When Scott views the routes he sees that the router is learning new routes Understand routers 79 . Through the network the employees should have Internet access. tell Justin that they’ll have to wait until they can afford a router b. static routing 2. Plus. so he: a. dynamic routing b. Scott is thrilled to receive this opportunity and knows he has a lot of studying to do! 1. What should Scott do? a. Justin immediately welcomes Scott to his team! Justin would like Scott to install a network that will connect the ﬁve desktop systems that they currently have in the ofﬁce to a server. One week later a router is installed and Scott needs to figure out what routes Routers are very smart Layer 3 devices that are used to connect networks together. Scott decides that he needs to acquire more hands-on experience using routers. accesses the router’s NAT database and views the routes b. Scott approaches the Director of the Humane Society. he would like to establish a connection to a different Humane Society’s server in a neighboring town so that they can share information. 2 Understand routers SCENARIO: After setting up his family’s wireless network. 3. his friend. Justin anticipates expansion and would like to plan accordingly. use the switch because a Layer 2 device can perform the same functions as a router c. Justin. accesses the router’s routing table and views the routes c.
com/cisco/web/solutions/small_business/resource_center/ articles/connect_employees_and_offices/ what_is_a_network_switch/index. 2.cisco.com/en-us/network/bb545655.html • http://technet. The routing table contains static and dynamic routes. • The router always chooses the best path with the lowest cost from source to destination. and other IP devices need a unique 32-bit IP address and a 32-bit IP subnet mask to communicate in an IP network.shtml • http://www. The router is learning new routes as a result of: a. Essential details • Routing tables are shared between neighboring routers. Because the Humane Society has a switch and a Windows Server. • Computers. FAST TR ACK HELP • http://www. Windows Server can act just like a router and perform the same functions.Answers 1. dynamic routing. accesses the router’s routing table and views the routes. 3. which is the connected router’s IP address. To determine what routes the router knows. The router continuously learns about new routes and routes that are no longer available.aspx _______ /3 80 CHAPTER 2: Understanding Network Hardware . routers.cisco. use the switch to connect the desktops and servers and then install routing software on the server. Scott should: c. Through software. Scott: b. • NAT allows a private address to be translated to a public address for Internet access. • Computers also need a gateway address.com/en/US/tech/tk648/tk361/ technologies_tech_note09186a0080094831.microsoft.
transmits data in the form of light 3. EMI c.OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . 1. 3A Understand media types SCENARIO: Ever since The School of Fine Art has been actively participating in different social networking sites. unshielded twisted-pair 2. Brian and Jon discuss the best cabling options available for their new building and start planning the long-term goals for the School of Fine Art. is extremely inexpensive c. and Brian. the CIO. Any type of undesirable electromagnetic emission or electrical/electronic disturbance is known as: a. the IT Manager. can only be used for short distances b. EIGRP b. fiber b. and choosing the best media for the their goals. Fiber: a. are working through the different options available for wiring the new building they are planning to build in spring and possibly updating the existing building. The best media choice for data to travel long distances without the risk of interference is: a. STP It is important to know the advantages and disadvantages of the different cable types! Understand media types 81 . their enrollment has been exceeding their building’s capacity! Jon. thin coax c. interference from different electrical issues the School of Fine Art has been experiencing. Jon is concerned about the planned long distance between the two buildings.
• Coax is commonly used for TV connections today rather than enterprise network installations.Answers 1. 3. fiber. • UTP is commonly used today in star and extended star topologies because it is inexpensive and easy to install. Interference can alter. Essential details • Fiber has a variety of different type of connectors that connect into switches. EMI. and so on. • Fiber is available in single-mode and multimode. Fiber is an excellent choice for long distances and it keeps data secure.html _______ /3 82 CHAPTER 2: Understanding Network Hardware .com/en/US/netsol/ns340/ns394/ns348/ns337/ networking_solutions_package. Transmits data in the form of light.asp?p=31276&seqNum=4 • http://www. The best media choice for data to travel long distances without the risk of interference is: a.ciscopress.com/watch#!v=PqmFne1gel4&feature=related • http://www. 2.com/articles/article. Fiber: c.youtube. • Wireless provides many advantages over traditional cabling choices and therefore continues to increase in popularity.cisco. Data traveling via fiber cable is transferred extremely fast for long distances. FAST TR ACK HELP • http://www. routers. modify. and drop data as it is transferred across media. Interference in the form of electromagnetic emission or electrical/electronic disturbance is known as: b.
fiber c. the type of cable that should be run to the classrooms is: a. wireless 3. “Wireless because it is secure by default without any configuration.OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . the type of cable that should be used for the backbone is: a. Based on the media goals. STP c. The backbone cabling will be more expensive and that is incorporated into the budget. 3 B Understand media types SCENARIO: The School of Fine Art created a project plan to design a network closet for their new building on campus. Mary Kay and her team of students are ready for the challenge! Are you ready to join the team? 1. becomes the project leader. coaxial b. “Wireless. and being wired. The ﬁrst task assigned to the students will be to choose the appropriate cable type to use for wiring the required classrooms and the backbone of the LAN. would like to recruit students from a local community college to assist with this project. “Fiber. keeping costs low. Jon asks Mary Kay what media she would recommend for the common areas.” The speed and intended distance are critical factors in selecting transmission media. She replies: a. one of the recruited students. Based on the media goals.” c. fiber b. The media goals for the cable running to the classrooms include ease of installation. the CIO. because of its low cost. because of ease of installation and flexibility. Mary Kay. Jon. UTP 2. Understand media types 83 .” b. The media goals for the backbone include being fast and being redundant.
fiber.” Wireless is the preferred choice even though it will have to be configured to make it more secure. UTP is the popular choice for a variety of wired installations because it is inexpensive and easy to install. because of ease of installation and flexibility.com/03Products/03_CableBasics.asp?p=169686 84 CHAPTER 2: Understanding Network Hardware .com/articles/article. FAST TR ACK HELP _______ /3 • http://technet. Mary Kay and her team analyze the media goals for the backbone and choose: a.belden.com/en-us/library/cc750550. Essential details • UTP cables in LANs contain RJ45 connectors. Mary Kay and her team analyze the media goals for the classroom and choose: c. 2. • Cables need to be organized efficiently and properly labeled.Answers 1. Fiber is the popular choice for enterprise backbones and may be implemented in dual rings to provide redundancy. “Wireless. • Cat 5e and 6 are popular for new UTP installations. • Know and follow the maximum distances for cable runs and even for wireless deployments.aspx • http://www. Mary Kay quickly and easily answers: a.cfm • http://www.ciscopress. 3. • Because of safety concerns. it is relatively easy to create UTP cables and a lot more difficult to create fiber cables. UTP. For the type of media to install in the common areas.microsoft.
1B Understand the OSI model 3.2 Understand IPv4 3.3B Understand IPv6 3.3A Understand IPv6 3.1A Understand the OSI model 3.3 Understanding Protocols and Services IN THI S C HAP TE R ■ ■ ■ ■ ■ ■ ■ ■ 3.6 Understand TCP/IP .5 Understand networking services 3.4 Understand names resolution 3.
86 CHAPTER 2: Understanding Network Hardware .
OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . application layer b. a text message is to a mobile phone b. Christian will be an IT Web Developer working on Lucerne Publishing’s website. Data is placed onto the physical network medium at the: a. Cassie will be an IT Networking Technician supporting Microsoft Windows Servers. 1 A Understand the OSI model SCENARIO: Cassie and her friend Christian have just accepted new jobs at Lucerne Publishing. On their ﬁrst day of work they attended Lucerne Publishing’s new employee orientation to learn all about the company’s policies. Can you pass Cassie’s quiz on the OSI model? 1. five layers c. The OSI model contains: a. a word is to a book Understand the OSI model 87 . Various individuals provided lots of detailed information regarding policies and procedures related to their various departments. After the orientation Cassie turned to Christian and began talking with him about what they had just learned during their orientation. a game rule is to football c. three layers b. physical layer Remember the OSI model’s layers and their order via a mnemonic phrase – All People Seem To Need Daily Praise! 3. seven layers 2. Christian tells Cassie that the conversation reminds him of when they were in school and she would quiz him on what they had just learned in class. OSI is to networking as: a. network layer c.
Answers 1. In the ISO’s OSI model there are: c. The layer where data is placed onto the physical network medium is called the: c.html _______ /3 88 CHAPTER 3: Understanding Protocols and Services .com/kb/103884 • http://technet. seven layers 2. • Data is encapsulated or wrapped up at each layer within a different wrapper. a game rule is to football.cisco. FAST TR ACK HELP • http://support. 3. physical layer.aspx • http://www. OSI is to networking as: b.microsoft. It is important to follow the standards when networking just like it is important to follow the game rules when playing football. • Each layer communicates with the other layers directly above and below.com/en/US/docs/internetworking/technology/handbook/ Intro-to-Internet. • Protocols are a set of rules that provide guidelines for computer communication.microsoft. Essential details • Know the OSI model’s seven layers and the standards they represent. The Physical layer (Layer 1) puts the data onto the wire at the source computer and then it is sent to the destination computer.com/en-us/library/cc959881. • Standards are followed so that computers and devices can speak the same language in order to communicate with each other.
Brian from the Accounting Department stops Holly to tell her that he has been having a problem connecting to the network. All hosts participating in a TCP/IP network. The TCP/IP model contains: a. four layers and is not used today b. are assigned: a. Holly gives Cassie a tour of Lucerne Publishing’s datacenter. an IP address The ipconﬁg and ipconﬁg/all commands provide information that is useful for troubleshooting networks. To solve Brian’s problem. Holly tells Brian that she and Cassie will help solve the problem. including Brian’s computer. A packet at Layer 3 becomes: a. a MAC address b. four layers and follows the standards of the OSI reference model c. which contains all of the Microsoft Windows Servers that Cassie will help support. a packet at Layer 2 c. Holly and Cassie use tools to gather information about his IP address and then work through the layers of the TCP/IP model to determine why his computer is having networking problems. As they are leaving the datacenter. a frame at Layer 2 b. seven layers and was created before the OSI model 2. a port number c. 3.OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . a network address Understand the OSI model 89 . She will job shadow Holly for a couple of days to learn more about her job responsibilities. The problem will be solved quickly with knowledge of the OSI model! 1. 1B Understand the OSI model SCENARIO: Cassie is excited as she arrives for her second day on the job at Lucerne Publishing as an IT Networking Technician.
aspx 90 CHAPTER 3: Understanding Protocols and Services . 110 (POP3).10). an IP address. A Layer 3 packet becomes: a. such as packets at the Network layer.com/en-us/library/cc786900(WS. contains four layers and protocols at each layer. • There are a few ports that should be remembered including: 53 (DNS). • TCP operates at the Transport layer and IP operates at the Network layer. All computers and devices in a TCP/IP network need an IP address. and default gateway. and default gateway. 3. • Different encapsulation types exist at the different layers. • All computers and devices participating in a TCP/IP network require an IP address. are assigned: c. 80 (HTTP).microsoft. Essential details • The TCP/IP model. The TCP/IP model is an actual implementation of the OSI reference model even though it contains fewer layers. Data encapsulation at Layer 3 takes the form of a packet and at Layer 2 turns into a frame. All hosts participating in a TCP/IP network. subnet mask.com/en-us/sysinternals/bb897557. or the TCP/IP protocol suit. The TCP/IP model contains: b. a frame at Layer 2. including Brian’s computer. subnet mask. 25 (SMTP).microsoft.microsoft. four layers and follows the standards of the OSI reference model. FAST TR ACK HELP _______ /3 • http://technet.Answers 1. 2.aspx • http://windows.com/en-US/windows-vista/Change-TCP-IP-settings • http://technet.
a router Understand IPv4 91 . 3 SCENARIO: Today is the ﬁrst day of college classes for Paul and he is looking forward to learning more about networking mobile devices. a student identification number is to a student b. An IP address is to a computer as: a. he stops by the registration desk to make a quick change to his schedule. First. chocolate is to a chocolate chip cookie c. Next.OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . fur is to a polar bear 2. zones and 32-bit addresses IPv4 is still used everywhere even though IPv6 is also available. he stops by the bookstore and the cashier asks him for his student identiﬁcation number so that she can process his book order. a switch c. After class. he ﬁnds his classroom just in time for the class to begin. Characteristics of IPv4 include: a. 2 U N IPv4 UnderstandD E R S TA N D I N G OBJECTIVE AC T I V E D I R E C TO RY 3 . The Registrar asks him for his student identiﬁcation number so that she can process the change. Paul tells his friend Scott that the professor talked about IP version 4 addresses. Luckily. Scott decides to quiz Paul because Scott has already taken the class and is sure he knows what Paul should have learned today! 1. classes and 64-bit addresses c. an access point b. Paul has several items on his to-do list before going to his ﬁrst class. classes and 32-bit addresses b. A default gateway is also known as: a. 3.
• A broadcast address is similar to an e-mail distribution list because information that is sent to a specific broadcast address will be sent to all devices on that specific subnet.com/en-us/library/cc940018.aspx 92 CHAPTER 3: Understanding Protocols and Services .Answers 1. • DHCP servers provide IP addresses to clients for a set lease time. • Ranges of IP addresses are reserved for private networks. classes and 32-bit addresses.com/kb/164015 • http://technet. clients use dynamic IP addresses.microsoft. FAST TR ACK HELP _______ /3 • http://support. • Servers use static addresses.microsoft.microsoft. IPv4 characteristics include: a. IPv4 contains Class A through E classes and all IP addresses are 32-bit in length. a router.aspx • http://technet. An IP address is unique to a computer just like each student has a unique identification number that is different from all of the other students’ identification numbers. Essential details • IP addresses contain four octets and each octet contains eight bits. 3. Another name for a default gateway is: c. The router provides a way for local subnet traffic to exit their subnet and travel to another network as their final destination. a student identification number is to a student.com/en-us/network/bb530961. 2. An IP address is to a computer as: a.
converts his IPv6 address to an IPv4 address manually An IPv6 address contains eight groups of hexadecimal characters separated by colons. Randy has some questions regarding the two models he has preselected. he is approached by sales associate Laura. Laura tells him to consider his goals regarding how he will use his phone and how long he intends to keep his phone. 32-bit IP address b. English is to Danish b. 4 OBJECTIVE SCENARIO: Today is ﬁnally the day that Randy is going to upgrade his current mobile phone! When Randy arrives at The Phone Company. he can still communicate with an IPv4 device when he: a. for future needs because it only supports IPv4 addresses. Randy’s new IPv6 phone would have a: a. If you were Randy.OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . including a large touch screen and support for both IPv4 and IPv6. is connected to a Dual Stack Architecture network c. Randy is torn between saving money and having a leading-edge phone. Microsoft Windows XP is to Microsoft Windows 7 c. Microsoft Word 2010 is to Microsoft Word 2007 2. which phone would you choose? 1. or expansion. Laura does an excellent job in explaining the differences between the two phones. 64-bit IP address c. If Randy buys the IPv6 phone and uninstalls IPv4 support. 3A U N E R S TA UnderstandDIPv6 N D I N G AC T I V E D I R E C TO RY 3 . Another model has the best of everything. is connected to a IPv4 default gateway b. Laura is eager to help him choose a phone to meet his needs. Example: 3ffe: ffff:0000:2f3b:02aa: 00ff:fe28:9c5a! 3. 128-bit IP address Understand IPv6 93 . IPv4 is to IPv6 as: a. One economy model has a touch screen but does not offer scalability. which sells almost every phone available.
com/en-US/windows-vista/ IPv6-frequently-asked-questions • http://technet. • Windows provides support for both IPv4 and IPv6 through the Dual Stack Architecture.Answers 1. IPv4 devices and Randy’s IPv6 phone may still communicate with each other when Randy: b.com/en-us/network/cc917486. Essential details • IPv4 addresses contain the numbers 0-255 and IPv6 addresses contain hexadecimal characters. is connected to a Dual Stack Architecture network. The new IPv6 phone that Randy may buy would have a: c. • IPv6 is becoming the new standard.microsoft.aspx • http://windows. it is becoming the new standard.microsoft. A network environment that is running both IPv4 and IPv6 simultaneously will provide communication between the two standards. FAST TR ACK HELP • http://technet. IPv4 addresses are 32 bits and IPv6 addresses are 128 bits. ISATAP. Because businesses are moving to Windows 7.microsoft.aspx _______ /3 94 CHAPTER 3: Understanding Protocols and Services .com/en-us/library/bb726995. • Teredo. IPv4 is to IPv6 as: b. 128-bit IP address. 2. 3. and 6to4 are tunneling technologies that provide transitional and backward compatibility between IPv6 and IPv4 networks. Microsoft Windows XP is to Microsoft Windows 7. • Hexadecimal characters include the numbers 0-9 and letters A-F. similar to the way businesses are migrating to IPv6.
in an IPv6 network. At the Networking Layer. After receiving the shipping details and packaging the book. packet 2. zip code is to a postal address Ipconﬁg displays both IPv4 and IPv6 addresses. hexadecimal c. it occurs to him that the process of addressing and packaging the book is similar to the way IP packets are structured and encapsulated. website is to a link c. and is ecstatic that one of the books sells immediately. decimal b. header c. Understand IPv6 95 . keyboard is to a computer b.OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . Next semester all classes will use e-books. Subnet masks are to an IP address as a: a. so Doug has decided to sell his current physical books to make a little extra money to buy great holiday gifts for his family and friends. lists his books. He registers on the website. envelope b. data is encapsulated into an IPv6: a. Doug chooses to sell his books through Lucerne Publishing’s new website. The book is encapsulated into an envelope and the envelope contains both his return address and the address for its ﬁnal destination—just like an IP packet contains a source and destination address! 1. octal 3. 3 B Understand IPv6 SCENARIO: Classes are ﬁnished for the semester and winter break has begun. An IPv6 subnet mask is written in: a.
0.aspx • http://www.0.net/techpubs/en_US/junos9. which is similar to performing a bitwise AND operation of the subnet mask and IP address to determine the subnet of the IP address. at the networking layer.Answers 1.1 and for IPv6 is 0:0:0:0:0:0:0:1 or ::1 (compressed format).6/ information-products/topic-collections/config-guide-routing/ id-10122335.html _______ /3 96 CHAPTER 3: Understanding Protocols and Services . 3. A zip code determines the city and state a package is to be delivered to.cisco. data is encapsulated into an IPv6: c. • Identify the subnet that an IP address belongs to in a network by performing a bitwise AND operation of the subnet mask and IP address. • IPv6 addresses contain a dedicated subnetting portion. IPv6 subnet masks are written in hexadecimal. A subnet mask for IPv6 is written in : b.com/en/US/products/ps6553/ products_ios_technology_home. zip code is to a postal address.com/en-us/library/aa915659. Subnet masks are to an IP address as a: c. FAST TR ACK HELP • http://www.microsoft. In an IPv6 network. • The loopback address for IPv4 is 127.juniper. IPv4 subnet masks are in decimal.html • http://msdn. Essential details • IPv4 and IPv6 packets both contain the source and destination IP addresses that are used by the router to route the packet. hexadecimal. packet 2.
Laura Steele shares with her classmates that the check-in procedure reminds her of name resolution. When Laura Steele browses the Web on her mobile phone and types in http://www. Laura Steele’s student identification number is to her name 2. Finally. Next. The ticket agent asks Laura her name and she tells the agent that her full name is Laura Steele Polly. the ticket agent asks Laura for her driver’s license number and Laura provides it to the ticket agent.” Laura is given her boarding pass. the students talk about the ticket check-in procedures.com is resolved to an IP address b. 4 Understand names resolution SCENARIO: Laura Steele is packing for her big trip to Australia. a kangaroo is to Australia b. While waiting for their turn. WINS checks the local LMHOSTS file and determines the MAC address of the domain name IP addresses is called a: a. DHCP server b. Is it similar? 1. After receiving their boarding passes the students stand in the security line. Laura and her classmates check in at the Blue Yonder Airlines ticket counter.com and presses Enter: a. She is looking forward to the adventure and to expanding her knowledge. The names and license number indicate that both refer to the same individual. The server that translates domain names to their corresponding Understand names resolution 97 . A domain name is to an IP address as: a. 3. the domain name Microsoft. Her IT Internship class is travelling to Australia to study IT best practices in a different country. She knows that her career could take her any place in the world! At the airport. after the ticket agent is fully satisﬁed that “Laura Steele” is really “Laura Steele Polly. WINS server It is usually easier to remember domain names and more difﬁcult to remember IP addresses.microsoft. DNS server c.OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . Laura Steele’s name is to her driver’s license number c. the IP address is a calculated address based on the domain name c.
com is resolved to an IP address.aspx • http://technet. the domain name microsoft. Essential details • WINS servers resolve NetBIOS names to IP addresses and assist in reducing NetBIOS traffic on subnets. • DNS servers resolve domain names to IP addresses. • Different DNS record types exist on a DNS server. • DNS servers are part of the Internet’s infrastructure. A domain name is to an IP address as: b.com/en-us/library/bb727005. Both resolve a name to a number and identify the same location or person. 2. 3. • DNS servers are also used in both enterprise and small business networks. FAST TR ACK HELP • http://technet.com/en-us/network/bb629410.microsoft. DNS servers resolve domain names to IP addresses. On her mobile phone.microsoft. DHCP servers provide dynamic IP addresses to clients.Answers 1. when Laura Steele types in http://www.microsoft. DNS server.microsoft. Laura Steele’s name is to her driver’s license number.aspx _______ /3 98 CHAPTER 3: Understanding Protocols and Services .com will be translated by a DNS server to its respective IP address.com and presses Enter: a.aspx • http://technet. and WINS servers map computer NetBIOS names to IP addresses. The domain name microsoft.com/en-us/library/cc725802. Domain names are resolved to their corresponding IP addresses by the: b.
There will be an onsite ﬁle server which will provide access to local resources. He smiles and wishes her a safe trip. 5 Understand networking services SCENARIO: Fourth Coffee’s business continues to grow. 1. a protocol suite used for securing IP communications b. used to assign static and dynamic IPv6 address to clients c. as well as provide DNS services. Acknowledge) process 3. Sidney laughs and asks Josh if he has been busy reading his latest computer magazine online. pixel is to a digital camera When a system boots up it requests an IP address from a DHCP server through the DORA (Discover. A Remote Access Server is to a client as a: a. his IT consultant. IPsec is: a. The DHCP server will provide a: a. Offer. locked car door is to a car c. used to provide security to IPv6 addresses Understand networking ser vices 99 . dynamic IP addresses to the clients b.OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . In addition. Josh stops her and asks how IPsec could be used in their network infrastructure. Sidney will conﬁgure the wireless router to act as a DHCP server. Request. Regarding Josh’s question. Josh. static IP addresses to the servers 2. As Sidney leaves Fourth Coffee to catch her ﬂight home. Josh would like to be able to access the network remotely so that he can keep up with business while on the road. Fourth Coffee’s owner. will travel to Santa Clara. lion is to Africa b. California and set up a remote wireless network that will be connected to Fourth Coffee headquarters in Seattle. has decided to expand to California. static IP addresses to the clients c. Sidney. Washington.
and if a client is authenticated the client will be able to access the RAS’s services just like a key will allow a driver to access a car.aspx • http://technet. • Remote Access Servers. also known as Communication Servers.aspx 100 CHAPTER 3: Understanding Protocols and Services . A Remote Access Server (RAS) is protected by a firewalls. Essential details • Clients are generally assigned dynamic address.com/en-us/network/bb643151.Answers 1.com/en-us/network/bb531150. A Remote Access Server is to a client as a: b. provide access to remote network resources. dynamic IP address to the clients. • IPsec. IPsec is : a. To answer Josh’s question. created by IETF (Internet Engineering Task Force).microsoft. FAST TR ACK HELP _______ /3 • http://technet.microsoft. • Servers are assigned static address so that they may be easily located on a network.10).microsoft. 2. Servers that offer DHCP services provide a: a.com/en-us/library/cc754634(WS. secures IP communications through secure authentication and encryption. • DHCP servers assign dynamic addresses to clients. locked car door is to a car.aspx • http://technet. Static IP addresses are assigned to a server so they retain the same address and can be easily located. a protocol suite used for securing IP communications. IPsec consists of open standards and uses cryptographic security services. 3. Dynamic IP addresses are assigned to clients and can change when a lease is renewed.
6 Understand TCP/IP SCENARIO: Sara just received an interesting e-mail from Andrew. Sara first decides to use the pathping tool because it: a. Sara met Andrew a year ago in her ﬁrst networking class at Maple College and ever since then they have been spending a lot of time together studying. acts as a terminal emulation program that will automatically troubleshoot the issue b. Will she be able to resolve the problem so that she can go on a date with Andrew? Can you help her? 1.OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . netstat tool b. 3. telnet tool b. Sara decides that she needs to refresh her DHCP settings by using the: a.” Sara receives an e-mail indicating that her reply e-mail to Andrew was not delivered. loopback address Using the analytical tools in the most efﬁcient order will save time. ping tool c. “Yes!” Immediately after hitting “send. shows the route that is taken by the packet as it moves across the IP network 2. ipconfig tool c. Sara reaches for her mobile phone and begins texting Andrew when it dawns on her that she might possibly ﬁx this computer problem—or at least determine what might have gone wrong. local loopback IP Understand TCP/IP 101 . However. now things have changed and Andrew has just asked her out on a real date! She immediately replies to the e-mail and says. determines the degree of packet loss along the path the data is traveling c. Based on the results. Next Sara tries to see if she can reach the default gateway by using the… a.
com/en/US/tech/tk828/ technologies_tech_note09186a00800a61c7. however. including DNS servers. and finally ping the remote host. • Tracert traces the route a packet takes from the source to destination. first ping your loopback address (127. This is a useful tool.Answers 1.microsoft. To refresh her DHCP settings.cisco. 2. determines the degree of packet loss along the path the data is traveling.com/en-US/windows7/ Using-command-line-tools-for-networking-information • http://www. Essential details • To check connectivity. • Ping contains different options for IPv4 and IPv6. Sara could have saved time by first checking her computer’s connectivity to the default gateway. then ping your computer’s IP address. the ping tool is usually one of the first tools used during troubleshooting. The pathping tool that Sara used: b. 3. • Ipconfig/all displays lots of useful information.1). FAST TR ACK HELP _______ /3 • http://support. ping tool. The ipconfig/release will release Sara’s current IP address and the ipconfig/renew will give her computer a new IP address. Depending upon the issue. • Telnet logs into a router or computer.0. ipconfig tool. Sara used the: b. To see whether her computer can reach the default gateway she used the: b.com/kb/814155 • http://windows. then ping your default gateway.shtml 102 CHAPTER 3: Understanding Protocols and Services .0.microsoft.
MTA 98-367 SECURITY FUNDAMENTALS .
1 Understand core security principles 1.2 Understand physical security 1.4 Understand wireless security .3 Understand Internet security 1.1 Understanding Security Layers IN THI S C HAP TE R ■ ■ ■ ■ 1.
U N D E R S TA N D I N G S E C U R I T Y L AY E R S 1 . 1
Understand core security principles
SCENARIO: Blue Yonder Airlines has expanded over the past 18 months and has recently gone through a security audit to ensure that the technical system is secure. Several areas needing improvement were identiﬁed. The CIO has asked Toni Poe, Blue Yonder Airlines’ security consultant, to provide some essential security training for the front-line staff. The goal is to minimize the risk for potential security threats by educating staff members in the area of social engineering, as well as some basic security principles.
Toni has assessed the security rights of each staff member related to computer access and perimeter access. Toni notes that some staff members have elevated privileges to access Blue Yonder Airlines intranet site. He also knows that it is important to stress the Conﬁdentiality, Integrity, and Availability triangle in his training.
1. Toni plans to implement the principle of least privilege. How will this affect the staff members?
a. staff members will maintain their current access to all resources b. staff members will be granted the smallest set of privileges to the resources c. staff members will have to log on as administrator to have access to their resources
2. What would be an example of providing availability as it relates to security training?
a. making sure all the workstations are turned on b. ensuring that all staff members have perfect attendance for work c. protecting against a Distributed Denial of Services attack Social engineering is not related to social networking. The ultimate goal of a hacker is to obtain as much information by exploiting the human side of security.
3. What is an example of social engineering?
a. calling a staff member while pretending to be someone else to gain information that can provide access to sensitive information b. developing social awareness of security threats within an organization c. building a social networking website
Understand core security principles
1. Implementing the principle of least privilege means that:
b. staff members will be granted the smallest set of privileges to the resources
2. Providing availability as it relates to security training means:
c. protecting against a Distributed Denial of Services attack
3. An example of social engineering could include:
a. calling a staff member while pretending to be someone else to gain information that can provide access to sensitive information
• The CIA (confidentiality, Integrity and Availability) Triangle is the concept of ensuring the prevention of unauthorized disclosure of information, the erroneous modification of information, and the prevention of unauthorized withholding of information or resources. • The principle of least privilege requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. • Social engineering is any type of behavior that can inadvertently or deliberately aid an attacker in gaining access to a user’s password or other sensitive information.
FAST TR ACK HELP
CHAPTER 1: Understanding Security Layers
Understand physical security 109 . convert all computers to touch screen monitors It may not be ﬁnancially feasible or physically possible for the bank to convert all systems to touch screens. Erin has a concern that people can authenticate to the servers in the data center. A banking industry regulatory agency has informed Erin that the bank will undergo a security audit to ensure that they are in compliance with industry regulations and standards. Her biggest concern is the physical security of the bank’s systems. obtain locking mechanisms for each desktop so they cannot be carried away 2. ensure that the terminals are locked and do a periodic inspection of the ports on the systems b. What can she do to prevent normal users from logging onto those systems? a. This role necessitates that she keep current on a long list of requirements for securing Woodgrove Bank. make sure the server is locked up b. nothing—Erin cannot control what gets plugged into her computers c. not to mention the bank’s reputation. have a guard posted in every cubical area c. remove the keyboards from all servers c. Erin understands the request and must do her due diligence to provide whatever information the regulators need as they target potential security holes. 2 Understand physical security SCENARIO: Erin Hagens has just been promoted to security ofﬁcer for Woodgrove Bank. create a group policy that applies to the servers to Deny Log on Locally for all non-administrative users 3. disable the use of floppy drives or USB drives by using group policies b. This position carries huge responsibility for the safety of the customer’s money and information. What can Erin do to ensure physical security of the bank desktop computers? a.OBJECTIVE U N D E R S TA N D I N G S E C U R I T Y L AY E R S 1 . 1. What can Erin do to prevent the use of key loggers in the bank? a.
aspx _______ /3 110 CHAPTER 1: Understanding Security Layers .. To prevent the use of key loggers in the bank. 3. Erin can: c. however. A bigger issue is people are in the data center with physical access.Answers 1. create a group policy that applies to the servers to Deny Log on Locally for all non-administrative users. disabling USB and floppy drives disables a larger threat. Erin can: a. • Access controls are the mechanisms for limiting access to certain items of information or to certain controls based on users’ identities and their membership in various predefined security groups.aspx • http://www. Erin will have to: a. normal users should not have the ability to log on locally. ensure that the terminals are locked and do a periodic inspection of the ports on the systems Essential details • Keystroke logging (often called key logging) is the process of recording the keys typed on a keyboard.microsoft. Most computers do have a mechanism to attach a locking device to the desktops. disable the use of floppy drives or USB drives by using group policies. To prevent normal users from logging onto the systems.com/smallbusiness/security. FAST TR ACK HELP • http://technet.com/en-us/library/bb457125. To ensure physical security of desktop computers. typically without the users’ knowledge.microsoft. However. 2.
they should not be browsing secure sites because you can’t trust any site 2. Terry wants to configure the Internet zone feature in IE 8 in such a way that users can easily access content on the local intranet while still maintaining a high level of security. 3 Understand Internet security SCENARIO: Terry Adams is the desktop administrator for Tailspin Toys. Terry wants to make sure that they utilize many of the security features built into the browser while still maintaining functionality within the company’s intranet. a padlock in the lower right corner of the browser and https:// in the address bar b. choose Security and add their intranet site to the list of Local Intranet Sites c. create a perimeter network and make sure the intranet site is located there and have a single PC in each department designated the Intranet Browsing PC (IBPC) b. print the content of the intranet site weekly and distribute it through interoffice mail a. Understand Internet security 111 . high. low. Tailspin Toys has decided to upgrade their browsers to Internet Explorer (IE) 8. Terry also would like to educate his users to be good “Internet citizens” and practice safe web surﬁng. What is the security level set to in the Restricted Sites zone? a. medium. disables most features. the sites are restricted and therefore not a concern b. To stay current with the latest Internet technologies. 1. He knows that the ﬁrst line of defense in Internet security is an informed and skilled user. What should he do? a. a nice balance between too restrictive and too open The default level in the restricted sites zone is set to High. has the maximum safeguards. go into the Internet Options. and protects against harmful content c.OBJECTIVE U N D E R S TA N D I N G S E C U R I T Y L AY E R S 1 . What can Terry tell his staff to look for to be assured that they are on a secured website? 3. the contact information on the site c.
high. To configure the Internet zone feature in IE 8 and enable users to easily browse the local intranet.. • A secure site is a website with the capability of providing secure transactions.Answers 1. The security level in the Restricted Sites zone is: b. To be sure that they are on a secure site. FAST TR ACK HELP • http://support. it is a start. a padlock in the lower right corner of the browser and https:// in the address bar. This does not guarantee that the site is secure. or that are not already assigned to another zone. choose Security and add their intranet site to the list of Local Intranet Sites 2.com/kb/174360 _______ /3 112 CHAPTER 1: Understanding Security Layers . The default security level is Medium. staff members can look for a: a. ensuring that credit card numbers and other personal information will not be accessible to unauthorized parties. 3.microsoft. and protects against harmful content Essential details • An Internet zone contains websites that are not on your computer or on your local intranet. However. has the maximum safeguards. go into the Internet Options. Terry should: b. disables most features.
turn off the business access points when customers come in c. 4 Understand wireless security SCENARIO: Pilar Ackerman is the systems administrator for Fourth Coffee—a national chain of very popular and proﬁtable coffee cafés. he is under pressure to make this new feature a winning strategy. What basic troubleshooting step that he can instruct them to do? a. what else can Pilar do to add another level of security? a. WiFi Protected Access (WPA) 2 c. Aside from encrypting the business wireless traffic. Competition in the coffee café business is ﬁerce! To maintain a competitive edge. Pilar is faced with several security concerns and must ensure that their business trafﬁc is secured. Fourth Coffee plans to add open. Pilar would like his employees to be independent in troubleshooting their own wireless connections before contacting him. What is the most secure protocol that Pilar can implement to ensure that the business-related traffic is encrypted? a. Wired Equivalent Privacy (WEP) b. enable MAC filtering 3. In addition to that. high-speed. Understand wireless security 113 . implement access point isolation and hide the Service Set Identifier (SSID) b. reboot their computers b. Extensible Authentication Protocol (EAP) 2. 1. wireless access for their customers and secured wireless for employees at all 200 Fourth Coffee locations. power cycle the wireless access points c.OBJECTIVE U N D E R S TA N D I N G S E C U R I T Y L AY E R S 1 . right-click the network icon in the system tray and select Troubleshoot Problems Power cycling the access point would disconnect other users from the network.
windowsnetworking.com/en-us/magazine/2005. 3.microsoft.microsoft. right-click the network icon in the system tray and selecting Troubleshoot Problems Essential details • A Service set identifier (SSID) is a 32-character.com/articles_tutorials/ Securing-Wireless-Network-Traffic-Part1. The most secure protocol that Pilar can implement to ensure that the business-related traffic is encrypted is: b.” Hiding the SSID is a simple security measure that can be implemented. 2. EAP is a feature of security that handles authentication and WPA is more secure than WEP. Pilar can instruct the staff to troubleshoot by: c.11. • Wi-Fi protected access (WPA) is a Wi-Fi standard that was designed to improve upon the security features of WEP. • Wired equivalent privacy (WEP) is an encryption algorithm system included as part of the 802.aspx • http://windows. developed by the Institute of Electrical and Electronics Engineers neers s as a security measure to protect wireless LANs from casual eavesdropping.11 standard. implementing access point isolation and hiding the Service Set Identifier (SSID).Answers 1. Pilar can add another level of security by: a.securitywatch. however. unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to the communicating stations on a wireless LAN.html 114 CHAPTER 1: Understanding Security Layers .com/en-US/windows-vista/ What-are-the-different-wireless-network-security-methods • http://www. MAC addresses can be “faked” or “spoofed. FAST TR ACK HELP _______ /3 • http://technet. MAC filtering is an option. WiFi Protected Access (WPA) 2.
3 Understand password policies 2.1B Understand user authentication 2.5B Understand encryption 2.1A Understand user authentication 2.6 Understand malware .2 Understanding Operating System Security IN THI S C HAP TE R ■ ■ ■ ■ ■ ■ ■ ■ 2.4 Understand audit policies 2.5A Understand encryption 2.2 Understand permissions 2.
What characteristics make up a strong password? a. Jim is reviewing the security policies for Coho Winery to determine where the company may need stronger policies or at least to update the existing policies and security measures. their customers expect a reliable and secure site. Kerberos c. What strategy can Jim implement to reduce the number of times a user would have to authenticate to access a particular resource? a. 1. or company name b. They cannot afford to have the system jeopardized. Lightweight Directory Access Protocol 3. digital certificates c. His ﬁrst task is determining the company’s strengths as it relates to user authentication. Understand user authentication 117 BETA COURSEWARE EXPIRES NOVEMBER 26. Jim knows that stronger passwords are a critical element in the security plan. TCP/IP b. does not contain the user name.OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . contains sequential numbers embedded within the company name c. 2010 . contains the user’s last name and email address 2. contains 7+ characters. What protocol can be used to secure workstation and computer authentication across the network? a. 1 A Understand user authentication SCENARIO: Jim Hance is a security administrator for Coho Winery. two-factor authentication b. real name. Single Sign-on (SSO) Reducing the number of times a user has to authenticate can reduce the possibilities of his or her credentials being captured. A variety of security threats have occurred over the past few months and management is more than a little concerned.
Answers 1. Jim can use: b.microsoft. Kerberos 3.asp • http://web. Single Sign-on (SSO) Essential details • Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority.500.com/windowsserver2008/en/us/ad-main. FAST TR ACK HELP • http://www.edu/Kerberos/#what_is • http://technet. To secure workstation and computer authentication across the network. • Kerberos authenticates the identity of users attempting to log on to a network and encrypts their communications through secret-key cryptography. To reduce the number of times a user would have to authenticate to access a particular resource. contains 7+ characters. A strong password: a.mit.aspx _______ /3 118 CHAPTER 2: Understanding Operating System Security . Jim can implement: c. real name.com/en-us/library/bb463152. • Lightweight directory access protocol (LDAP) is a network protocol designed to work on TCP/IP stacks to extract information from a hierarchical directory such as X. • Remote authentication dial-in user service (RADIUS) is an Internet protocol in which an authentication server provides authorization and authentication information to a network server to which a user is attempting to link. or company name 2. does not contain the user name.microsoft.
000 students. Personal data has shown up on a social networking site. including ﬁnancial data. but is aware of the need to keep the processes fairly easy for the helpdesk staff. What is a disadvantage of using biometric identification? a. User Manager for Domains 3. the user must have hands b. however. smart card and user password b. a retina scan can be faked Biometric identiﬁcation is extremely secure. Understand user authentication 119 . two user IDs with two passwords 2. to implement stronger authentication measures for the students. cost is prohibitive for many organizations c. What can he use? a. two passwords c. much to the embarrassment of the network team. over the past few months student data has been compromised on several occasions. 1. the devices to support biometrics are cost-prohibitive. 1B Understand user authentication SCENARIO: The Graphic Design Institute (GDI) has more than 30. and grades. What service can the GDI staff use instead of signing in with elevate privileges? a. Todd has several options. Todd wants to implement two-factor authentications. GDI ofﬁcers have asked the network administrator. family contacts. address. is the top priority of the network administrative team.OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . Todd Rowe. Secondary Logon-Run As c. special health needs. Remote Desktop b. However. The security of the students’ personal information. as well as eliminate IT staff from logging on with elevated privileges.
1. To implement two-factor authentications, Todd can use:
a. smart card and user password
2. Instead of signing in with elevated privileges, the staff can use:
b. Secondary Logon-Run As
3. A disadvantage of biometric identification is:
b. cost is prohibitive for many organizations
• A certificate is an electronic credential that authenticates a user on the Internet and intranets. • Public key infrastructure (PKI) is an asymmetric scheme that uses a pair of keys for encryption: the public key encrypts data, and a corresponding secret key decrypts it. • The Run As command allows a user to run specific tools and programs with different permissions than the user’s current logon provides. • Steps to change your password: • Press <control><alt><delete> and select Change Password • Steps to use Secondary Logon or Run As. . . • Right-click the application icon and select Run As Administrator
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/library/cc782756(WS.10).aspx • http://technet.microsoft.com/en-us/library/cc756862(WS.10).aspx • http://technet.microsoft.com/en-us/library/cc261673(office.12).aspx
CHAPTER 2: Understanding Operating System Security
U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . 2
SCENARIO: Fabrikam, Inc. has recently under gone a basic reorganization and a variety of corporate changes. Shawn Richardson is the network administrator at Fabrikam and has been assigned the task of aligning the company servers with the new organizational reality. As a ﬁrst step, Shawn has completed a security audit of the company’s Microsoft® Windows Server® 2008 R2 ﬁle servers and has determined that folder and share security needs to be revised based on corporate reorganization. Shawn must present his plan to management and give directions to his team members to complete the project.
1. Shawn has noticed that some shares on the file system are not secured. What is the default
permission setting when a share is created? a. everyone with Read permission b. administrators with the Full Control permission c. everybody with the Full Control permission
2. Why should Shawn enforce User Account Control (UAC) across the domain?
a. so that he can control the user accounts b. to help prevent unauthorized changes to computers on the domain c. to allow the users to authenticate with the administrator password to perform an administrative task
3. What feature (also available with Active Directory objects) will make Shawn’s job
easier when reassigning permissions by not having to assign permissions to every parent and child folder? a. batch files b. inheritance c. staff people
Inheritance allows the propagation for rights or permissions from a parent object to a child object. This feature can be blocked or removed.
1. When a share is created, the default permission is:
a. everyone with Read permission
2. Shawn should enforce User Account Control (UAC) across the domain because:
b. it will help prevent unauthorized changes to computers on the domain
3. Shawn’s job can be made easier when reassigning permissions by using:
• Permissions include Full control, Modify, Read & Execute, List folder Contents, Read, and Write and can be applied to both folder and file objects. Permissions can also be applied to Active Directory objects. • Inheritance is the concept of permissions that are propagated to an object from a parent object. Inheritance is found in both file system permissions and Active Directory permissions. It does not apply to share permissions. • New Technology File System (NTFS), FAT, and FAT32. The primary difference between NTFS and FAT file systems is the ability apply security to the file system. You can grant or deny various permissions on NTFS. NTFS also supports the ability to encrypt data. • Share and NTFS permissions are applied based on how the resource is accessed. Share permissions are effective when the resource is being accessed through the network whereas NTFS permissions are effective all the time. When share and NTFS permissions are applying to the same resource, the most restrictive permission wins.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/library/cc730772.aspx • http://technet.microsoft.com/en-us/library/cc771375.aspx • http://technet.microsoft.com/en-us/library/cc770906(WS.10).aspx
CHAPTER 2: Understanding Operating System Security
3 Understand password policies SCENARIO: Jay Hamlin has been given the unenviable task of enforcing stronger password policies for Wingtip Toys. how often users must change passwords.OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . and special character 1. 3. refers to the duration before a password has to be changed c. What happens when you set the value of Enforce Password History to 10? a. His plan for a Password Complexity Policy includes the following criteria for passwords: • Cannot contain the user’s login name • Must be at least 6 characters or greater • Must contain three of the following four characters: upper case. a complex password can be hard to guess and difficult to remember b. number. He must also determine how many times a user can attempt to log in before his or her account is locked out. refers to how old the password must be before the user is allowed to change it Password history prevents users from reusing their passwords. and how often users can reuse a favorite password. He understands the need for complex passwords of a minimum length. What does the policy of maximum password age mean? a. the system remembers the last 10 passwords and will not allow the user to reuse any of the previous 10 Understand password policies 123 . users will not use the passwords 2. lower case. the user has 10 attempts to validate his or her password b. What dilemma is Jay facing if he makes his password requirements too difficult? a. the password must be used for at least 10 days before it can be changed c. determines how old the user must be to create a password b. Jay will no longer have friends at work c. but is having a difﬁcult time making the staff understand how the security of the entire Wingtip Toys organization can depend upon these couple requirements along with a few more that he plans to put into place.
The dilemma Jay faces with difficult password requirements is that: a. Maximum password age: b.com/en-us/library/cc875814.aspx • http://technet. When you set the value of Enforce Password History to 10: c. based on security policy lockout settings.microsoft.Answers 1. refers to the duration before a password has to be changed 3. • A password attack is an attack on a computer or network in which a password is stolen and decrypted or is revealed by a password dictionary program.microsoft. the system remembers the last 10 passwords and will not allow the user to reuse any of the previous 10 Essential details • Account lockout is a security feature in Windows that locks a user account if a number of failed logon attempts occur within a specified amount of time.10). • Microsoft Windows Server 2008 allows for fine-grained password policies. • Password sniffing is a technique employed by hackers to capture passwords by intercepting data packets and searching them for passwords.asp _______ /3 124 CHAPTER 2: Understanding Operating System Security . FAST TR ACK HELP • http://technet. a complex password can be hard to guess and difficult to remember 2.com/en-us/library/cc784090(WS. which allows for more flexible password policy assignment throughout an organization within Active Directory®.
Obviously. Where are file audit events written when auditing is enabled? a. They also have asked her to create a system to track when conﬁdential ﬁles are opened and by whom. to make sure they are getting in without any problems c. audit event log b.log c. The ﬁles contain customer information including credit card numbers. 1. The company has asked her to track who attempts to log into the system and at what times of the day the attempts occur. so that potential hackers cannot delete the event logs to cover their tracks b. to determine if and when someone is authenticating successfully with elevated privileges b. Arlene Huff is the systems administrator for Margie’s Travel. but why would she want to log when they are successful also? a. it’s not important. security event log 3. no one looks at audit logs c. Why is it important to properly secure audit logs? a. this is not an acceptable risk for Margie’s Travel. to monitor drive space on the computer 2. birthdates. Understand audit policies 125 .OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . pfirewall. Identity theft would be a real possibility if the system was hacked into. Arlene wants to log when someone fails to log into the system as administrator. so only authorized personnel can view the log files Skilled computer hackers will modify the audit logs when they are ﬁnished obtaining information so that it will appear as though they were never there. 4 Understand audit policies SCENARIO: The network for Margie’s Travel must be very secure. as well as photocopies of passports. and addresses. Arlene gladly took on this task and did not raise a huff.
10). access.aspx • http://technet. lists events that could affect security. It important to properly secure audit logs a. so that potential hackers cannot delete the event logs to cover their tracks Essential details • Auditing is the process an operating system uses to detect and record security-related events. such as access attempts or commands. or delete objects such as files and directories.com/en-us/library/dd408940(WS. 2. which can be generated by a firewall or other security device. security event log 3. • An audit policy is a policy that determines the security events to be reported to the network administrator. and the names of the users involved. Enabled file auditing events are written in the: c.10). Arlene wants to log when someone successfully logs into the system as well as when they fail: a. FAST TR ACK HELP • http://technet. • The security log. If someone failed four times and was then successful the fifth time it could indicate hacker activity. such as an attempt to create.Answers 1.com/en-us/library/dd349800(WS.microsoft. to determine if and when someone is authenticating successfully with elevated privileges.microsoft.aspx _______ /3 126 CHAPTER 2: Understanding Operating System Security .
5A Understand encryption SCENARIO: Adventure Works has recently expanded its mobile sales force. password protected screen saver c. the deployment of hardware because BitLocker requires a system reserved partition c. What can David enable to make sure their data is safe? a. The management team has recently come to recognize the unique security considerations associated with hundreds of laptop computers simultaneously located in hundreds of unsecure locations. He has recently come under ﬁre from the management team regarding the sensitive data that could potentially fall into the competition’s hands if any of the laptop computers were to be stolen or misplaced. it’s so easy that there aren’t any serious considerations Bitlocker requires a system-reserved partition created during a standard installation. BitLocker to use data recovery agents c. the salesperson’s personal identification and login credentials b. the conscientiousness and self-discipline of the sales staff b. What are some considerations David will have to ponder when deciding to use BitLocker? a. David Johnson is the network administrator in charge of the Adventure Works mobile sales force. Understand encr yption 127 . Encrypting File System (EFS) b. the Secret Retrieval Agent 3.OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . They must have a solution that can ensure the conﬁdentiality of data on the mobile stations that are all running Windows® 7 Enterprise— and they need it soon! 1. What must be configured to ensure that the Bitlocker® storage can be reclaimed? a. BitLocker 2.
the administrator must consider: b.com/en-us/library/ee706518(WS.aspx • http://technet. David must enable: c.microsoft.aspx • http://technet.microsoft.microsoft.com/en-us/library/ee706523(WS.10). To make sure the data is safe. BitLocker to use data recovery agents 3. • Encryption is the process of encoding data to prevent unauthorized access.aspx • http://technet.com/en-us/windows/dd408739. BitLocker 2. FAST TR ACK HELP • http://technet.Answers 1. the deployment of hardware because BitLocker requires a system reserved partition Essential details • BitLocker (ToGo) drive encryption is a data-protection feature available in Windows Server 2008 R2 and in some editions of Windows 7.microsoft.com/en-us/library/cc732774. When using BitLocker. To ensure that the secured data can be reclaimed in the event that Bitlocker protected storage is moved to another computer. • Encrypting file system (EFS) is a feature of Windows that allows you to store information on your hard disk in an encrypted format. especially during transmission. the administrator must create and properly store: b.10).aspx _______ /3 128 CHAPTER 2: Understanding Operating System Security .
1. a digitally signed statement that is commonly used for authentication and to information on open networks A private key certiﬁcate is a portion of two-part encryption that resides with the originating computer and is not shared. L2TP c. They have asked the WAN administrator. Weekly communication is the key to maintaining the relationships and keeping on top of business progress and challenges. configuring the callback feature on their Routing and Remote Access Server c. Which protocol is more secure? a. to create a cost-effective solution. neither. Virtual Private Network (VPN) b. The owner and managers would like to replace their Monday morning conference call with a secure Monday morning video conference between corporate headquarters and the various branch ofﬁces. part of a two-part encryption that is not shared with other parties c. Jeff Wang. The solution must work between the remote branch ofﬁces.OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . What is a public certificate? a. an award given in recognition of superior business security policies b. they both pass information in clear text 3. secure Understand encr yption 129 . PPTP b. What will create a secured connection over an unsecured network? a. The best solution is to utilize each ofﬁce’s Internet connection. Jeff needs to decide between Point to Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP). using a social networking site to have the conference meetings 2. 5 B Understand encryption SCENARIO: The owner of Southridge Video takes great pride in the close relationship that she has with the managers in the various branch ofﬁces up and down the coast. so having a dedicated connection between ofﬁces is too expensive.
PPTP uses MPPE for security. • The user releases the public key to the public. a digitally signed statement that is commonly used for authentication and to secure information on open networks Essential details • Layer 2 tunneling protocol with Internet protocol security (L2TP/IPSec) is a combination of PPTP and Layer 2 Forwarding (L2F) that uses IPsec for encryption. A secured connection over an unsecured network can be created with a: a. L2TP. • The user keeps the private key secret and uses it to encrypt digital signatures and to decrypt received messages. The more secure protocol is: b. • A virtual private network (VPN) is a secured tunnel running over a public network such as the Internet that uses encryption technology so that data is safe from being ng intercepted and understood by unauthorized users. which uses IPsec as its encryption method.com/en-us/library/cc700805. FAST TR ACK HELP _______ /3 • http://technet. 3.microsoft. Virtual Private Network (VPN) 2. who can use it for encrypting messages to be sent to the user and for decrypting the user’s digital signature. which is less secure than L2TP.Answers 1. A public certificate is: c.aspx 130 CHAPTER 2: Understanding Operating System Security .
threaten coworkers that they will be dismissed if they forward any email 3. What tool can Mary Kay download to remove malicious software (malware)? a. disable internet email c. delete the email and then contact Mary Kay and the customer or coworker b. quickly click the hyperlink to see what might happen to assess the threat themselves c. What can Mary Kay do to prevent suspicious emails from entering their network? a. forward the email to other coworkers warning them that the email is not legitimate 2. Remote Server Administration Tools (RSAT) b. any web-advertised security software tools—they are all the same A malicious software removal tool is included in Windows updates. which they funnel to the appropriate individuals at their client companies.OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . 1. The company has had several outbreaks of viruses on the network that seem to have been propagated through email. Each day they receive Mary Kay Anderson is the systems administrator for Consolidated Messenger. SCENARIO: Consolidated Messenger handles customer feedback for many area businesses. They have asked Mary Kay to host a “lunch and learn” session to educate Consolidated Messenger staff about malicious software and email. What should the staff members do when they receive a suspicious email from a customer or coworker that contains an embedded hyperlink? a. Understand malware 131 . Microsoft Windows Malicious Software Removal Tool c.6 Understand malware thousands of email messages from happy and unhappy customers. Mary Kay has also been assigned the task to ﬁnd a solution that will better protect the system. install Microsoft® Forefront® and Threat Management Gateway and configure it to block malicious emails b.
microsoft.Answers 1. contact the sender and verify that he or she sent the message. To remove malicious software (malware).microsoft. especially a task that is repetitive or time-consuming. Microsoft Windows Malicious Software Removal Tool Essential details • A bot is a program that performs some task on a network. • A rootkit is collection of software programs that a hacker can use to gain unauthorized remote access to a computer and launch additional attacks. Never forward an email with suspicious content.com/downloads/details. If an email has an attachment or link in it. Forefront and TMG are additional security measures to better protect the system.aspx?FamilyId=F24A8CE363A4-45A1-97B6-3FEF52F63ABB&displaylang=en • http://support. • Spyware is software sometimes referred to as spybot or tracking software. install Microsoft Forefront and Threat Management Gateway and configure it to block any malicious emails. 3. Mary Kay can download: b. To prevent suspicious emails from entering the network. Spyware uses other forms of deceptive software and programs that conduct certain activities ies on a computer without obtaining appropriate consent from the user. Exchange server has several spam filtering tools. • A trojan is a program that appears to be useful or harmless but contains hidden code designed to exploit or damage the system on which it is run. FAST TR ACK HELP _______ /3 • http://www. delete the email and then contact Mary Kay and the customer or coworker.com/kb/889741 132 CHAPTER 2: Understanding Operating System Security . • A worm uses self-propagating malicious code that can automatically distribute itself from one computer to another through network connections. Mary Kay can: a. 2. When staff members receive a suspicious email that contains an embedded hyperlink they should: a.
3B Understand Network Isolation 3.3A Understand Network Isolation 3.3 Understanding Network Security IN THI S C HAP TE R ■ ■ ■ ■ ■ 3.4 Understand protocol security .2 Understand Network Access Protection (NAP) 3.1 Understand dedicated ﬁrewalls 3.
134 CHAPTER 2: Understanding Operating System Security BETA COURSEWARE EXPIRES NOVEMBER 26. 2010 .
no—Trey Research’s concerns are justified. stateful because it inspects the packets as they pass through the connection Stateless packet inspection is a faster type of security and requires less memory but is not completely reliable. Matt’s job is to assess the situation and make recommendations as to how Trey Research can protect their data. create a perimeter network to isolate those servers from the internal network b. a stateless packet inspection because it is more efficient and can stop more packets b. What should Matt recommend that Trey Research to do with their Internet exposed servers? a. yes—a single firewall provides more than enough protection in any environment b. 1 Understand dedicated ﬁrewalls security consultant. Trey Research has several servers that are exposed to the Internet and they fear that their internal network may be vulnerable to an attack. They have a single perimeter ﬁrewall.OBJECTIVE U N D E R S TA N D I N G N E T WO R K S E C U R I T Y 3 . no—they should also create a DMZ 3. but they don’t know if that is enough. SCENARIO: Matt Berg has earned several Microsoft certiﬁcations and is now his own boss as an independent 1. They should have several security appliances that provide “defense in depth” for their organization as well as enabling workstation software firewalls and antivirus c. outsource the associated services c. Is a single perimeter firewall sufficient for Trey Research? a. no action is needed—the servers are fine where they are on the internal network 2. neither—they do not provide any type of security c. Trey Research has retained his services to perform a security assessment of their network. Does stateful packet inspection or stateless packet inspection provide better security? a. Understand dedicated firewalls 135 .
Answers 1.com/windowsxp/using/security/internet/ sp2_wfintro. providing several layers of security reduces a company’s exposure. No single solution can secure a network.microsoft.com/en-us/library/cc700820. such as the Internet.microsoft. create a perimeter network to isolate those servers from the internal network. because it inspects the packets as they pass through the connection Essential details • A firewall is a security system intended to protect an organization’s network against external threats—such as hackers—coming from another network. The better packet inspection choice is: c. • Packet filtering is the process of controlling network access based on IP addresses. Matt should recommend that Trey Research: a.mspx • http://technet. stateful. such as document caching and access control. however. • A proxy server is a security appliance that manages Internet traffic to and from a local area network and can provide other features. They should be segmented or isolated into a secured part of the network. 2. no—Trey Research’s concerns are justified. Internet-exposed servers and devices should not reside on an internal network. They should have several security appliances that provide “defense in depth” for their organization as well as enabling workstation software firewalls and antivirus. Firewalls will often incorporate filters that allow or deny users the ability to enter or leave a local area network (LAN). 3.aspx 136 CHAPTER 3: Understanding Network Security . FAST TR ACK HELP _______ /3 • http://www.aspx • http://technet.microsoft.com/en-us/library/cc700828. Is a single perimeter firewall sufficient for Trey Research? b.
Network Access Protection. verify the complete integrity of the device by checking that it has the most recent software updates or configuration changes 3. re-imaging each laptop prior to connecting to the network 2. Allie Bellew is the network administrator for Adventure Works and would like to implement a method for ensuring that the mobile devices are in a good state of security “health” when they access the corporate network during these Friday meetings. 1. Aside from protecting against a virus infected laptop. Twenty-ﬁve Adventure Works sales associates travel throughout the country selling sporting equipment to retailers. They return to corporate headquarters every Friday with their laptops for meetings and training. prevent those devices from using the network Exceptions can be deﬁned for “missionnecessary” systems until they can be upgraded. Understand Network Access Protection (NAP) 137 . What can Allie do about computers that are not compatible with NAP? a. virus scans each time sales associates log in c. nothing else—it is simply a glorified virus scan c. what else can NAP do? a. 2 Understand Network Access Protection (NAP) SCENARIO: Adventure Works is one of the nation’s largest suppliers of high-end sporting equipment.OBJECTIVE U N D E R S TA N D I N G N E T WO R K S E C U R I T Y 3 . which will verify the integrity of each mobile device b. What control or strategy can Allie implement to assure security health? a. define exceptions in NAP for those devices that are not compatible c. upgrade the computers that are not compatible b. protect against lost data b.
define exceptions in NAP for those devices that are not compatible Essential details • Network Access Protection (NAP) is a new platform and solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP can: c. Systems that have not received updates can be as problematic as systems infected by malware.aspx • http://www. verify the complete integrity of the device by checking that it has the most recent software updates or configuration changes. 3. Aside from protecting against a virus infected laptop.aspx _______ /3 138 CHAPTER 3: Understanding Network Security .aspx • http://technet. • NAP enforcement points are computers or network access devices that use NAP or can be used with NAP to require the evaluation of a NAP client’s health state and provide restricted network access or communication.microsoft.Answers 1.com/en-us/network/cc984252.com/en-us/network/bb545879. FAST TR ACK HELP • http://technet. which will verify the integrity of each mobile device 2. Allie should: b.microsoft. Network Access Protection. Allie can implement: a.com/windowsserver2008/en/us/nap-faq. For computers that are not compatible with NAP.microsoft.
Remote Desktop Service c. give each office user a dialup modem to establish an Internet connection c. Even most of their business organization has remained the same for decades. remove Internet Explorer from the computers 2. • The computers in the winery plant are isolated and don’t need Internet access. It’s now time to update the corporate side of Coho with new technologies related to their data-keeping infrastructure.OBJECTIVE U N D E R S TA N D I N G N E T WO R K S E C U R I T Y 3 . They still produce quality wine from the same vineyards and in the same ancient cellars. DHCP b. What technology will Karen have to implement to allow Internet access for office employees without exposing them to the Internet? a. What can Karen do to prevent the plant computers from gaining Internet access? a. 3A Understand Network Isolation SCENARIO: Coho Winery has been in the winery business for three generations. Understand Network Isolation 139 . • “Work at home” employees should have Virtual Private Network access using IP Security. set up one walk-up computer that has a public IP address so it can access the Internet b. manually configure each computer so it doesn’t have a gateway c. Routing and Remote Access Service Most server operating systems have some form of routing technology. 1. create a VLAN that does not allow Internet access but is trunked to the main network b. Minimum requirements include having multiple network interface cards (NICs). What Microsoft Windows Server 2008 R2 role can accomplish both the Internet access and VPN solution? a. implement a router to perform Network Address Translation that will allow several private addresses to participate on a public network 3. Karen Berg has been assigned the task of assessing Coho Winery’s network infrastructure and to provide recommendations based on their speciﬁc needs: • Most of the employees need Internet access.
and so on) to have Internet access. To prevent the plant computers from gaining internet access.aspx • http://technet. To allow Internet access for office employees without exposing them to the Internet.com/downloads/en/details.wikipedia.microsoft. implement a router to perform Network Address Translation that will allow several private addresses participate on a public network. Karen can: c. create a VLAN that does not allow Internet access but is trunked to the main network 2.Answers 1. laptops. regardless of their physical location. Karen can: a.com/en-us/network/bb531150. which will allow home network devices (Xbox. 3. • A Virtual LAN (VLAN) is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain. Most retail wireless routers perform Network Address Translation or Port Address translation. RRAS can serve as both a VPN and Internet gateway.org/wiki/Virtual_LAN _______ /3 140 CHAPTER 3: Understanding Network Security .microsoft. FAST TR ACK HELP • http://technet. aspx?FamilyID=7E973087-3D2D-4CAC-ABDF-CC7BDE298847&displaylang=en n • http://en. Essential details • Network Address Translation (NAT) is the process of converting between IP addresses used within an intranet or other private network and Internet IP addresses. VPN access can be secured using several security protocols including IP Security (IPsec). • Routing is the process of forwarding packets between networks from source to destination. Routing and Remote Access Service (RRAS).microsoft. Microsoft Windows Server 2008 R2 can accomplish both the Internet access and VPN solution with: c.aspx • http://www.com/en-us/network/bb545655.
But the challenge of securing conﬁdential data is an ongoing task. simply having a VPN does not prevent potential viruses and malware on the home computer from infecting the network Honeypots are located all across the Internet and are used to discover methods that attackers might use to compromise a system. the travel agents may forget to disconnect which will keep the VPN connection open preventing others from connecting c. but thankfully Arlene’s actions to track network users have secured the system. implement a VPN server to allow the travel agents remote access b. a fake VPN that never answers Understand Network Isolation 141 . 3 B Understand Network Isolation SCENARIO: Arlene Huff is the systems administrator for Margie’s Travel and has been very busy in recent weeks securing company and customer data.OBJECTIVE U N D E R S TA N D I N G N E T WO R K S E C U R I T Y 3 . What can she set up to “lure” attackers to better understand their methods? a. 1. What is a potential risk in having the travel agents use their home computers for VPN access? a. which is a falsified program that can emulate a VPN or service b. Margie has decided to allow the travel agents to use their home computers but must be assured that the information is secured. Arlene is worried about would-be attackers penetrating the VPN. The security of client information is her top priority. The owner of the company. Margie. 3. there isn’t a solution for what Margie wants 2. nothing—the VPN handles everything and encrypts the data b. What would be the best general solution for Margie’s Travel? a. a fancy website that says “Nothing to see here” c. There had been suspicious activity on the network. would like her remote travel agents to have access to the corporate network so that they can check email and post appointments booked for that day. set up a modem bank and have the travel agents purchase modems for their home computers so they can dial the office c. a honeypot outside the perimeter network.
demilitarized zone. FAST TR ACK HELP _______ /3 • http://technet. which is a falsified program that can emulate a VPN or service Essential details • A perimeter network (also known as DMZ.aspx 142 CHAPTER 3: Understanding Network Security . a honeypot outside the perimeter network.com/en-us/network/dd420463. implement a VPN server to allow the travel agents remote access. • Virtual private network (VPN) nodes on a public network such as the Internet communicate among themselves using encryption technology so that the messages are es as safe from being intercepted and understood by unauthorized users. 3. and screened subnet) is a physical or logical network that contains and exposes an organization’s external services to a larger. To “lure” attackers to better understand their methods Arlene can create: a. IPsec policies are defined as having security rules and settings that control the flow of inbound data. to help mitigate potential risks. which is new with Windows 7 and Windows Server 2008 R2. as though the nodes were connected by private lines. simply having a VPN does not prevent potential viruses and malware on the home computer from infecting the network. Arlene can use Direct Access. 2. The risk in having the travel agents use home computers for VPN access is that:: c. The best general solution for Margie’s Travel is to: a.microsoft. usually the Internet.Answers 1. • Internet Protocol Security (IPsec) is an Internet protocol security standard that provides a general policy–based IP layer security mechanism that is ideal for providing host-by-host authentication. She can configure the VPN to use several methods of encryption. untrusted network.
the network administrator at the Graphic Design Institute. Todd has asked Neil to give a presentation to the administration and ofﬁce employees on network security. 3. NetBIOS 2. What type of an attack poisons a network or computer to the point where the system is rendered unusable? a. application-layer attack or accessed without authorization? a. server. password attack c. What security protocol can help protect data from being modified. or application from functioning. computer faking c. IP Security (IPsec) c. Todd knows that an informed staff is part of the complete strategy in preventing and intercepting attacks. attack methods. protocol security measures. Understand protocol security 143 . corrupted. man-in-the-middle attack b. the number of reported leaks has fallen to zero! The administration is pleased but Todd knows it is a constant battle to keep data secure from attacks. What type of attack configures a computer to appear as another computer on a trusted network by using the IP address or the physical address? a. denial of service (DOS) attack There are several forms of distributed denial of services (DOS) attacks that can either hinder a computer.OBJECTIVE U N D E R S TA N D I N G N E T WO R K S E C U R I T Y 3 . 1. 4 Understand protocol security SCENARIO: Since Todd Rowe. Todd’s friend Neil Black is an expert on the methods used to attack private data stores. DNSSEC b. identity spoofing b. implemented stronger security measures to protect student data. and prevention.
aspx • http://technet. FAST TR ACK HELP _______ /3 • http://technet.com/en-us/library/ee649205(WS. data confidentiality. An attack that configures a computer to appear as another computer on a trusted network is: a. such as IP addresses.microsoft. identity spoofing 2. or accessed without authorization is: b.10).microsoft. such as cleartext passwords or configuration information. c. denial of service (DOS) attack 3. or network component without being authorized to do so. • Internet protocol security (IPsec) supports network-level data integrity. Ipsec can be used not only for VPN security but also with local area network traffic. computer.aspx 144 CHAPTER 3: Understanding Network Security . corrupted. • Identity spoofing (IP address spoofing) occurs when the attacker uses an IP address of a network. it provides security for almost all protocols in the TCP/IP suite.Answers 1. 80 percent of most security attacks come from within the organization. human-readable names such as www. IP Security (IPsec). distributed database that contains mappings between names and other information.com to IP addresses that computers can connect to. and replay protection.com/en-us/library/cc959354. • Domain name system (DNS) is a hierarchical. Because IPsec is integrated at the Internet layer (layer 3). Assuming that the data inside the perimeter firewall is safe is a dangerous assumption.microsoft. An attack that poisons a network or computer to the point where the system is rendered unusable is a: Essential details • Sniffing is the act of monitoring network traffic for data. The security protocol that can help protect data from being modified. DNS allows users to locate resources on the network by converting friendly. data origin authentication.
2 Understand email protection 4.1 Understand client protection 4.3 Understand server protection .4 Understanding Security Software IN THI S C HAP TE R ■ ■ ■ 4.
146 CHAPTER 4: Understanding Security Sof tware .
The network consists of a mix of Windows XP. hash rule b.OBJECTIVE U N D E R S TA N D I N G S E C U R I T Y S O F T WA R E 4 . send a strongly worded email with the Internet Usage Policy attached to all users c. The path rule restricts software located within a certain path. Understand client protection 147 . 1. 1 Understand client protection SCENARIO: Jeff Hay is the network administrator for Tailspin Toys. implement Windows Software Update Services to control all Microsoft updates for both the operating systems and any Microsoft product in use b. Windows 7. disable Internet access for all users Restriction Policies? a. Jeff is eager to have this time to service all of the computers and update the software. and Windows Server 2008 R2. enable User Account Control on all Windows 7 computers as well as configure software restriction policies b. What can Jeff do to prevent company employees from downloading and installing software from the Internet? a. He is concerned about company employees installing software from the Internet. What method should Jeff use to identify Internet software in Software The hash rule creates a hash checksum based on the executable. During the off-season for toy sales. What can Jeff do to ensure that the computers have the latest security updates? a. email company employees and instruct them to perform Windows Updates during their lunch breaks 2. come in early every Monday and run Windows Updates on each computer c. Jeff realizes that using reputable antivirus software can only do so much. the Tailspin technology staff is kept busy maintaining and upgrading various systems in preparation for the busy holiday sales spike. path rule c. zone rule 3.
microsoft.microsoft.com/en-us/library/bb456987.aspx • http://technet. • User account control (UAC) helps prevent malicious programs (malware) from damaging a computer and helps organizations deploy a better-managed desktop. zone rule Essential details • Antivirus is a computer program that scans a computer’s memory and mass storage to identify.Answers 1. enable User Account Control on all Windows 7 computers as well as configure software restriction policies 3. To identify Internet software in Software Restriction Policies.microsoft. unless an administrator specifically authorizes administrator-level access to the system. and also examines incoming files for viruses as the computer receives them. To prevent employees from downloading and installing software from the Internet. applications and tasks always run in the security context of a non-administrator account. Jeff can: a.com/security_essentials/market.com/en-ZA/windows7/what-is-user-account-control trol _______ /3 148 CHAPTER 4: Understanding Security Sof tware . With UAC.aspx • http://technet. Jeff can: a.com/en-us/library/bb457141. Jeff can use: c.microsoft. and eliminate viruses. implement Windows Software Update Services to control all Microsoft updates for both the operating systems and any Microsoft product in use 2. To ensure that the computers have the latest security updates. FAST TR ACK HELP • http://www.aspx • http://windows. isolate.
change their domain name 2. What can John do to help reduce the amount of spam that hits their Microsoft Exchange server? a. providing some much-needed company education as it relates to best practices while using email. what else can John do to secure Antivirus software on an email server does not provide protection against spam. Understand email protection 149 . After some research he has come up with some solutions. John Kane is the systems administrator for Coho Winery and the task of resolving the problems has landed directly on his desk. delete the email b. enable Autodiscover b. 1. add Sender Policy Framework (SPF) c. Aside from enabling reverse DNS lookups. click the link because they “know” that it is a legitimate message based on the company name his Exchange server? a. update the antivirus software 3.OBJECTIVE U N D E R S TA N D I N G S E C U R I T Y S O F T WA R E 4 . disable Internet email c. John intends to address these issues by implementing various security measures and most important. 2 Understand email protection SCENARIO: Recently the Coho Winery has experienced a series of problems with email spam. at a minimum. enable reverse DNS lookup on the SMTP virtual server b. What should Coho users do when they receive an email from a company they know with a request to click the link to “verify their account information?” a. forward to the rest of the company with a warning not to click on the link c. some employees have even fallen prey to identity theft through phishing scams.
Configuring the system to do a reverse DNS lookup crosschecks the domain name with a PTR record that is the IP address associated with that domain name. add Sender Policy Framework (SPF). Companies will not ask for account information through email in today’s climate. Users should be diligent when receiving an email like this. Essential details • Spam is unsolicited. When users receive an email from a company they know with a request to “verify their account information. • Phishing and pharming are techniques used to trick computer users into revealing personal or financial information. m • An SPF record is an extension of the SMTP protocol that prevents spammers from forging the From fields in email messages by verifying that the IP address in the SMTP Received header is authorized to send email for the sender’s domain.com/en-us/exchange/dd251269.com/presspass/features/2003/nov03/11-17spamfilter. delete the email.microsoft. at • Spoofing is the impersonation of an email sender.microsoft. If the IP address does not match the record associated with that domain name. it is not delivered. To help reduce the amount of spam that hits their Microsoft Exchange server. 2.” they should: a. Aside from enabling reverse DNS lookups.aspx • http://www.mspx • http://www. at a minimum. enable reverse DNS lookup on the SMTP virtual server. John can: a. SPF allows the administrator to configure the server to establish who is allowed to send email from their domain.mspx 150 CHAPTER 4: Understanding Security Sof tware . 3.microsoft. unwanted email sent by someone with whom the recipient has no personal or business relationship. FAST TR ACK HELP _______ /3 • http://technet.Answers 1. They can also call the company to alert them of the message. IP connection. or a domain that han causes an email message to appear as though it originates from a sender other than the actual sender of the message. John can: b.com/athome/security/email/phishing/video1.
1. What service can Alfons enable to ensure that the servers are receiving all necessary software 3.OBJECTIVE U N D E R S TA N D I N G S E C U R I T Y S O F T WA R E 4 . Resource Monitor updates? a. Event Viewer c. Windows Backup Service b. To be sure everything is up to standards. Understand ser ver protection 151 . What tool can Alfons use to assess HI servers have any vulnerabilities related to the operating system and installed software? a. Windows Software Update Service 2. 3 Understand server protection SCENARIO: A few years ago Humongous Insurance (HI) reorganized their business and technology infrastructure. remove any servers in the remote sites and have employees transfer files using email c. Microsoft Baseline Security Analyzer b. enforce stronger password policies in the remote sites using fine-grained passwords Stronger passwords do not reduce the exposure of a domain controller. Routing and Remote Access Service c. Alfons also wants to ensure that HI does not have any exposures to the networks in their remote locations. install a Read-Only domain controller in the remote sites b. What can Alfons do to ensure that the domain is secure in the remote locations? a. The records regarding the security updates are rather sketchy and he does not want any major security lapses to occur during his time as the administrator. Alfons has decided to immediately perform a security assessment on the datacenter. Alfons Parovsky has recently been hired as the server administrator for HI. He would like to ensure that the servers meet all the necessary security requirements and are being updated regularly.
To ensure that the domain is secure in the remote locations. To assess vulnerabilities related to the operating system and installed software.10). • Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system.aspx • http://technet. MBSA is an easy-to-use tool that can provide instant feedback and resources to identify potential vulnerabilities on servers and workstations. Read-only domain controller (RODC) is a new type of domain controller in the Windows Server 2008 operating system.aspx • http://technet.com/en-us/security/cc185712. Microsoft Baseline Security Analyzer.Answers 1.microsoft.microsoft. With an RODC. organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed. Alfons can enable: c. 2. Essential details • DNS dynamic update enables DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur. he can: a. • Microsoft Baseline Security Analyzer (MBSA) is a tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.aspx 152 CHAPTER 4: Understanding Security Sof tware . It analyzes the operating system and any installed Microsoft software.com/en-us/security/cc184923. To ensure that the servers are receiving all necessary software updates. install a Read-Only domain controller (RODC) in his remote sites. Windows Software Update Service.com/en-us/library/cc755058(WS. Alfons can create a separate group for his servers so that he can selectively manage what updates are installed and when. Alfons can use: a. 3. FAST TR ACK HELP _______ /3 • http://technet.microsoft.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.