MTA

MTA Student Study Guide
MTA EXAMS
Preparing for MTA Certification

M I C R O S O F T T E C H N O LO G Y A S S O C I AT E
Student Study Guide

IT Pro Edition
EXAM 98-365 Windows Server Administration
Fundamentals
EXAM 98-366 Networking Fundamentals
EXAM 98-367 Security Fundamentals
IT PRO EDITION
Preparing for
for MTA C
Cert
Certifi
ertificca
cation
ation
n
MICROSOFT TECHNOLOGY
TEC
ECHNOLOGY
CHNOLOGY A ASSOCIATE
SSOCIATE ((MTA)
(MTA
MTA
A)
STUDENT STUDY
UDY GUIDE FOR
F IT PROS
98-365 Windows Server Administration

Fundamentals
98-366 Networking Fundamentals
98-367 Security Fundamentals
Authors
Michael Teske (Windows Server Administration and Security). Michael from the University of Wisconsin-Parkside in Math and Economics with a
has been teaching in the Network Specialist Program for 10 years at minor in Computer Science and a MBA from the University of Wisconsin-
Northeast Wisconsin Technical College and has been involved as an Eau Claire. Shari’s current industry certifications include: Comptia
engineer for 15 years. He has a passion for both teaching and technology Server+, Linux+, A+, Network+, and i-Net+. Her past certifications
and loves helping people find happiness in a career. Mike believes that include: MCSE-NT 4.0, CCNA, and Pathworks for Macintosh. She is a
learning technology should be fun but recognizes that the networking Cisco Certified Instructor for Cisco’s Network Academy and teaches the
field is continually changing and can challenge even the brightest CCNA curriculum. She is the author of Advanced WordPerfect Using
students. Mike also works as an independent consultant for several small Macro Power: A Guide for VMS and DOS Users from Digital Press.
businesses in northeast Wisconsin and enjoys bringing that real-world
experience to the classroom on a daily basis. Michael has become known Patricia Phillips (Lead Author and Project Manager). Patricia taught
as “the Microsoft Guy” on campus. Michael’s goal is to continue to teach computer science for 20 years in Janesville, Wisconsin. She served
network technology with the same enthusiasm and passion for many on Microsoft’s National K-12 Faculty Advisory Board and edited the
years to come and to help his students find the same joy and passion he Microsoft MainFunction website for technology teachers for two years.
has found in an amazing industry and career. Mike is the author of the For the past five years she has worked with Microsoft in a variety of
Windows Server Exam Review Kit in the MTA Exam Review Kit series. roles related to K-12 curriculum development and pilot programs
including Expression Studio web design and XNA game development.
Shari Due (Networking). Shari is an IT Network Specialist Instructor at In her role as an author and editor, Patricia wrote several articles and a
Gateway Technical College in Racine, Wisconsin where she has worked student workbook on topics including computer science, web design,
for the past 15 years. Previously, she worked for Digital Equipment and computational thinking. She is currently the editor of the Computer
Corporation (DEC) in Elk Grove, Illinois. She holds a Bachelor of Science Science Teachers Association newsletter, the Voice.
This content is only for use by or provision to students for their personal use.
Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should
be inferred.
Microsoft and other trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US
.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners.
© 2010 Microsoft Corporation. All Rights Reserved. This content is provided “as-is” and Microsoft makes no warranties, express or implied.
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Career Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Exploring Job Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Value of Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
98-365 WINDOWS SERVER ADMINISTRATION FUNDAMENTALS
CHAPTER 1 Understanding Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1/1/2 Understand device drivers; Understand services . . . . . . . . . . . . . . 5

1.3 Understand server installation options . . . . . . . . . . . . . . . . . . . . . . . . . . 7
CHAPTER 2 Understanding Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1 Identify application servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.2 Understand Web services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.3 Understand remote access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.4 Understand file and print services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.5 Understand server virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
CHAPTER 3 Understanding Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.1 Understand accounts and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.2 Understand organizational units (OUs) and containers . . . . . . . . . . 25
3.3 Understand Active Directory infrastructure . . . . . . . . . . . . . . . . . . . . 27
3.4 Understand group policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
CHAPTER 4 Understanding Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.1/4.2 Identify storage technologies; Understand RAID . . . . . . . . . . . . . 33

4.3 Understand disk types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
CHAPTER 5 Understanding Server Performance Management . . . . . . . . . . . . . . 37
5.1 Identify major server hardware components. . . . . . . . . . . . . . . . . . . . 39

5.2 Understand performance monitoring . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3 Understand logs and alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
CHAPTER 6 Understanding Server Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 45
6.1 Identify steps in the startup process . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

6.2 Understand business continuity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
6.3 Understand updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
6.4 Understand troubleshooting methodology. . . . . . . . . . . . . . . . . . . . . 53
98-366 NETWORKING FUNDAMENTALS
CHAPTER 1 Understanding Networking Infrastructures . . . . . . . . . . . . . . . . . . . . 57
1.1 Understand the concepts of the internet, intranet, and extranet. . . 59
iv Contents
1.2A Understand local area networks (LANs) . . . . . . . . . . . . . . . . . . . . . . 61
1.2B Understand local area networks (LANs) . . . . . . . . . . . . . . . . . . . . . . . 63
1.3A Understand wide area networks (WANs) . . . . . . . . . . . . . . . . . . . . . . 65
1.3B Understand wide area networks (WANs) . . . . . . . . . . . . . . . . . . . . . . 67
1.4 Understand wireless networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
1.5 Understand network topologies and access methods . . . . . . . . . . . . . 71
CHAPTER 2 Understanding Network Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
2.1A Understand switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

2.1B Understand switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
2.2 Understand routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
2.3A Understand media types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
2.3B Understand media types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
CHAPTER 3 Understanding Protocols and Services . . . . . . . . . . . . . . . . . . . . . . . . 85
3.1A Understand the OSI model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

3.1B Understand the OSI model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
3.2 Understand IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
3.3A Understand IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
3.3B Understand IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
3.4 Understand names resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
3.5 Understand networking services . . . . . . . . . . . . . . . . . . . . . . . . . . 99
3.6 Understand TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Contents v
98-367 SECURITY FUNDAMENTALS
CHAPTER 1 Understanding Security Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

1.1 Understand core security principles . . . . . . . . . . . . . . . . . . . . . . . . . 107
1.2 Understand physical security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
1.3 Understand Internet security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
1.4 Understand wireless security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
CHAPTER 2 Understanding Operating System Security . . . . . . . . . . . . . . . . . . . 115
2.1A Understand user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

2.1B Understand user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
2.2 Understand permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
2.3 Understand password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
2.4 Understand audit policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
2.5A Understand encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
2.5B Understand encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
2.6 Understand malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
CHAPTER 3 Understanding Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
3.1 Understand dedicated firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

3.2 Understand Network Access Protection (NAP). . . . . . . . . . . . . . . . 137
3.3A Understand Network Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
3.3B Understand Network Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
3.4 Understand protocol security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
vi Contents
CHAPTER 4 Understanding Security Software . . . . . . . . . . . . . . . . . . . . . . . . . . .145
4.1 Understand client protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

4.2 Understand email protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
4.3 Understand server protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Contents vii
Introduction
M TA validates building-block technology concepts

and helps students explore, discover and
pursue successful careers in Information Technology
Empower yourself As the first step toward
becoming an MCTS, MTA shows your commitment to
technology while connecting you with a community
(IT) in an exciting and rewarding way! As the first step of more than five million Microsoft Certified
in the Microsoft Technology Certification Series, this Professionals. Learn from them and show them what
new, entry-level certification provides students with you know by becoming MTA certified!
confidence, credibility, and differentiation.
This MTA Student Study Guide serves as a study tool
Explore IT career options without committing to help students prepare for their MTA certification
a lot of time and resources MTA exams validate exam. Students are challenged with real-life situations
the core technology knowledge that is in demand for each of the major topics covered in the exam.
today by businesses around the world. Whether you Although successful completion of the study guide
want to explore becoming a network administrator, exercises does not guarantee that you will pass your
software engineer, web developer, or database MTA exam, it is an excellent way to gauge your
analyst, MTA gets you started on the right path. readiness to take the exam and build confidence
that you know your stuff on exam day.
Prepare to compete A little investment in IT can I wish you all the best as you prepare for a successful
go a long way in today’s job market. Becoming MTA career in technology!
certified helps you build a solid foundation to prepare
for intermediate technology studies and for Microsoft Victoria Pohto
Certified Technology Specialist (MCTS) certifications. Victoria Pohto
It can also help you compete on college admissions MTA Product Marketing Manager
and jumpstart your IT career planning!
viii Introduction
Career Planning
M ost IT solutions or infrastructure built on

Microsoft technologies require proficiency
with one or all of the following products, often
knowledge of the fundamental IT concepts critical
for success with intermediate learning and
certifications such as Microsoft Certified Technology
referred to as “The Microsoft Stack.” Specialist (MCTS). Moreover, Microsoft certifications
demonstrate an individual’s commitment of self-
• Microsoft Windows® Server® as the data center
investment and confidence to take his or her
or development platform
knowledge and skills to the next level with an
• Microsoft SQL Server® as the data and business industry-recognized credential.
intelligence (BI) platform
MTA is not a “career certification,” meaning that
• Microsoft Visual Studio® as the suite of application employers recognize you as “job ready,” but it is the
life-cycle management tools first step toward that career goal and can help
differentiate you for an internship or to college
MTA is the starting point of Microsoft technology
admissions committees. As you prepare for your first
certifications, providing aspiring technologists with
job focusing on technology, be sure that you
the fundamental knowledge essential to succeed
are equipped with an MCTS credential—the
with continued studies and a successful career with
intermediate level certification that validates
technology.
Microsoft product and technology skills.
Preparing for and becoming MTA certified helps you
The MTA Certification path on the next page shows you
explore a variety of career paths in technology with-
the MTA exams that are recommended prior to taking
out investing a lot of time and money in a specialized
on some of Microsoft’s intermediate technology
career path. When you find a path that is right for
certification, MCTS.
you, Microsoft learning products and certification can
help you prepare and guide your longer-term career
planning.
If you already know that you want to start building
a career in technology, MTA preparation and certi-
fication is the recommended entry point. Becoming
MTA certified shows that you have a firm working
Career Planning ix
x Career Planning
Exploring Job Roles
C hoosing a career path is a big decision and it’s

not always easy, but you’re not alone! Microsoft
created a career site to help students understand the
Server Administrator
As a server administrator, you are in charge
of implementing and managing some
options and possibilities of pursuing a career in IT.
of the most important technology in your
The site also connects you with learning resources,
organization—the servers. You use extensive
student techie communities, and much more to help
monitoring and profiling tools to manage the
you prepare for a career in technology.
network and tune systems so they perform at optimal
To chart your career with Microsoft technology, levels. You are an expert in Active Directory®, and you
visit www.microsoft.com/learning/career/en/us/ have an in-depth understanding of network
career-org-charts.aspx. protocols, and file and directory security.
Database Administrator Computer Support Technician

As a database administrator, you are in charge Consider starting your IT career by becoming
of important databases that span multiple a consumer support technician. You don’t
platforms and environments. You are a strong need any formal work experience, but a
team player who thrives in a fast-paced company might require that you know how to
environment. You build complex, highly scalable install, administer, and troubleshoot operating
databases that meet business needs and security systems in a home network environment that has
requirements. You are an expert in optimizing, desktop computers, laptops, and printers. As a
maintaining, and troubleshooting databases, but also consumer support technician, you’ll also handle
in designing archival, data distribution, and high- network, virus, malicious software, and hardware
availability solutions. support issues. You’ll typically find this position in
small to medium-sized organizations.
Exploring Job Roles xi

Exploring Job Roles
Web Developer and n-tier applications, and knowing how to work

As a web developer, you are an expert in with object-oriented programming, algorithms, data
using the dynamic programming tools and structures, and multithreading. Windows developers
languages that fuel the web. You might work have an in-depth understanding of software engi-
independently or be part of a team that builds neering principles, software life cycles, and security
and integrates interactive web sites, applications, and principles.
services for both internal and public sites. Your role is Additional Online Resources for New Developers:
to make it work, which means developing web
http://msdn.microsoft.com/beginner
applications and testing them on various browsers,
enhancing and modifying them as necessary to http://msdn.microsoft.com/rampup
ensure the best experience for the user. As a web
developer, you might also architect websites, design
data-driven applications, and find efficient client- Imagine Cup
server solutions. You must have an in-depth under- The Imagine Cup is the
standing of the software development life cycle and world’s premier student
be able to communicate project status, issues, and technology competition
resolutions. where students from
around the world can learn new skills, make new
friends, and change the world. Competitions
Windows Developer include Software Design, Embedded Development,
As a Windows client developer, knowing how Game Design, Digital Media and Windows Phone 7.
to optimize Windows code and track bugs is a The brightest young minds harness the power of
given. But you also know how to use Microsoft technology to take on the world’s toughest problems.
Visual Studio® and the Microsoft .NET frame- www.imaginecup.com
work to design, develop, test, and deploy Windows-
based applications that run on both corporate servers
and desktop computers. Your key talents include
understanding multiple Windows application models
xii Exploring Job Roles

Value of Certification
T echnology plays a role in virtually everything

we do. In the 20-plus years since Microsoft has
been certifying people on its products and technolo-
technology (ICT) skills are the entry ticket to the
job market, regardless of the country, industry, or
job function. Information Technology is clearly an
gies, millions of people have gained the knowledge, area worth investing time, resources, and education
expertise, and credentials to enhance their careers, in – and technology certification is a key part of the
optimize business solutions, and create innovation education process, validating product and technology
within just about every business and social sector expertise as a result of their learning experiences.
imaginable. Today’s Information Technology (IT)
Microsoft IT Certifications provide objective validation
hiring managers are more often using professional
of the ability to perform critical IT functions success-
credentials, such as Microsoft certification, to identify
fully for worldwide IT professionals, developers, and
properly skilled IT candidates. Certification becomes
information workers. Microsoft certifications repre-
a way to easily differentiate qualified candidates in a
sent a rich and varied spectrum of knowledge, job
sea of resumes.
roles, and responsibilities. Further, earning a specific
The job outlook for IT professionals, as reported in certification provides objective validation of the
a study prepared by the U.S. Department of Labor’s candidate’s ability to perform critical IT functions
Bureau of Labor Statistics (BLS), is positive! The BLS successfully. Embraced by industry professionals
indicates an increase that will be “faster than the worldwide, Microsoft certification remains one of the
average for all occupations through 2014” for most effective ways to help reach long-term career
Computer Support Specialists, Systems Engineers, goals.
Database Administrators, and Computer Software
Engineers. One significant message resulting from
this study is that information and communications
Value of Cer tification xiii

MTA 98-365
WINDOWS SERVER
ADMINISTRATION
FUNDAMENTALS
1 Understanding
Server Installation
IN THI S C HAP TE R
■ 1.1/1.2 Understand device drivers; Understand services
■ 1.3 Understand server installation options

OBJECTIVE U N D E R S TA N D I N G S E RV E R I N S TA L L AT I O N 1 . 1 / 1 . 2
Understand device drivers; Understand services
SCENARIO: Maurice Taylor is the network administrator for Fabrikam, Inc. A workstation that he plans to image
and roll out to production is having issues with the video display. The display worked initially when he first set up
the system. After applying several system and driver updates, the video has degraded to standard VGA 640x800
and performance has really stunk. He knows this won’t be acceptable.
Maurice also is having an issue with the firewall service on his Windows® Server® 2008 R2 Web server. The service
fails to start when the system starts; however, Maurice can start it manually after he logs in. Maurice does not
want to manually start that service every time maintenance on the web server is required, and he realizes that
he’ll be in big trouble if he doesn’t secure the web server by forgetting to turn on the firewall service.
1. What could be a possible reason for Maurice’s video problems?

a. Maurice installed the wrong video driver
b. Maurice installed an incompatible or corrupted video driver
c. the video adapter is not properly seated on the system board
2. Where should Maurice check to verify if he has a proper driver installed?
a. Event Viewer
b. Disk Management
c. Device Manager Performance suffers
if a service is failing
3. What can Maurice do with the web service to ensure that it will start after to start.
the other system services finish their startup?
a. configure a delayed startup for the web service through the services.msc
b. write a batch program to start the service as a scheduled task
c. configure the service to restart after first failure
Understand device drivers; Understand ser vices 5

Answers
1. Maurice’s video problem occurred because:
b. Maurice installed an incompatible or corrupted video driver
2. Driver problems can be found in the:
c. Device Manager
3. The interim solution to the web service is:
a. configure a delayed startup for the web service through the services.msc. Maurice can open
services.msc and configure the service for a delayed start for the startup type. This will allow
the remaining services to finish starting. Maurice should investigate what possible services
would be causing these issues.
Essential details
• A device driver is a software component that permits an operating system to communicate with a device.
• A service is a long-running executable that performs specific functions and that is designed not to require
user intervention.
FAST TR ACK HELP
• http://www.microsoft.com/whdc/driver/install/drvsign/default.mspx
• http://technet.microsoft.com/en-us/library/dd919230(WS.10).aspx
• http://technet.microsoft.com/en-us/library/cc732482.aspx
_______ /3
6 CHAPTER 1: Understanding Ser ver Installation

OBJECTIVE U N D E R S TA N D I N G S E RV E R I N S TA L L AT I O N 1 . 3
Understand server installation options
SCENARIO: On Thursday, Pat was tasked with setting up 10 servers and 20 workstations per specification.
Pat is aware that if he sets up each one individually, he will be at work through the weekend, and he doesn’t
want to do that because he has plans to go to a concert with some friends. Pat knows the company uses
Windows Deployment Services whenever a new workstation or server is rolled out. Pat would like to automate
these installations with as little human interaction as possible.
1. What can Pat do to make sure he can make it to the concert this weekend?
a. start his installations manually and hope they finish in time
b. create one completed installation, setup and configuration of a server and a workstation and use those
two copies to image the remaining systems using Windows Deployment Services and ImageX
c. sell his tickets to his buddy—it’s not going to happen
2. What is ImageX?
a. a picture editing utility
b. a personal image enhancement service
c. a system imaging software that takes a “snapshot” of an existing, configured server
or workstation and creates an “imaged” or “cloned” version of that system
and saves it to a file Answer files have a
3. What can Pat use to solve the last part of his problem, which requires as little variety of features that
human interaction as possible? can be used through
Windows Deployment
a. have a robot do the installations
Services to create a
b. use Windows System Image Manager to create an answer file that will automatically custom installation DVD.
provide the answers to the setup questions throughout installation as well as
configure and install any necessary software during the installation
c. create a DVD that will contain all of the necessary software that will be installed
on the servers and workstations
Understand ser ver installation options 7

Answers
1. Pat can complete the installs if he:
b. creates one completed installation, setup and configuration of a server and a workstation and
use those two copies to image the remaining systems using Windows Deployment Services and
ImageX. Creating the two images or clones will allow Pat to duplicate those installations by “pushing”
those files (images) onto the hard drives of the remaining systems.
2. ImageX is:
c. a system imaging software that takes a “snapshot” of an existing, configured server or
workstation and creates an “imaged” or “cloned” version of that system and saves it to a file.
ImageX can be copied to a bootable CD/DVD/USB and used to create image files of an existing system
for duplicating or backup purposes.
3. Pat can eliminate interactions during the installs if he:
b. uses Windows System Image Manager to create an answer file that will automatically provide
the answers to the setup questions throughout installation as well as configure and install any
necessary software during the installation.
Essential details
• An unattended installation is a process of automating operating system installations by providing the
setup/install file with a configuration file or “answer file” to perform and answer normal
install tasks and questions.
• An answer file is an XML-based file that contains setting definitions and values to
o use
during Windows Setup. In an answer file, you specify various setup options, including
ding
how to partition disks, the location of the Windows image to install, and the product
uctt _______ /3
key to apply.
FAST TR ACK HELP

• http://technet.microsoft.com/en-us/library/cc785644(WS.10).aspx
8 CHAPTER 1: Understanding Ser ver Installation

2 Understanding
Server Roles
IN THI S C HAP TE R
■ 2.1 Identify application servers
■ 2.2 Understand Web services
■ 2.3 Understand remote access
■ 2.4 Understand file and print services
■ 2.5 Understand server virtualization

OBJECTIVE U N D E R S TA N D I N G S E R V E R R O L E S 2 . 1
Identify application servers
SCENARIO: Cari is a systems administrator for Contoso, Ltd. She needs to develop a systems design so her
company can use an email messaging system that allows for message and calendar collaboration. Contoso, Ltd.
uses Microsoft® Office 2010 as their mainline office production suite. Her company also wants a collaboration
server for their intranet. The collaboration server should support dynamic updating from the employees
of Contoso, Ltd. Company officers would like to have the intranet monitored and protected with a threat
management solution.
1. What would be Cari’s best solution for their messaging system?

a. use a third party email provider and a custom developed calendaring program
b. include Microsoft Exchange Server 2010
c. not recommend any solution because of the potential loss of production with an email messaging
system
2. What can meet the needs of the Contoso. Ltd. Intranet collaboration server?
a. implement SharePoint® Portal Server 2010 which uses Microsoft SQL as an option to support dynamic
updating
b. solicit bids from various web development firms to meet their intranet needs
c. create a Microsoft Word document and send a link to it throughout the company
and call it their messaging board Providing
integrated solutions
3. What would be the best fit to meet the company’s needs so that they can manage that will also integrate
their employees’ internet access through Active Directory? with existing applications
a. have all employees sign an internet usage contract and document the sites they provides fewer potential
visit and promise not to install any malicious software onto their systems compatibility issues.
b. recommend Microsoft’s Threat Management Gateway, which provides integration with h
Microsoft Forefront® antivirus and can grant or deny various types of internet behavior
or
either by user name or group
c. only allow internet access from one computer that employees can sign up to use in 30-minute
0 i
increments
Identif y application ser vers 11
Answers
1. The best solution for their messaging system is to:
b. include Microsoft Exchange Server 2010. Microsoft Exchange will integrate with the Contoso, Ltd.
Existing core production suite with reduced learning curves for their employees.
2. The collaboration server needs can be met by:
a. implementing SharePoint Portal Server 2010 which uses Microsoft SQL as an option to support
dynamic updating
3. The best fit to meet the company’s needs so they can manage their employee’s internet access through
Active Directory is:
b. Microsoft’s Threat Management Gateway, which provides integration with Microsoft Forefront
antivirus and can grant or deny various types of internet behavior either by user name or group
Essential details
• Active Directory® is the central location for configuration information, authentication requests,
and information about all of the objects that are stored within your forest.
• SharePoint provides a turnkey solution that will integrate with the existing core production suite as well as a
communications server. Data will be stored with the inherent SQL application incorporated.
FAST TR ACK HELP
• http://www.microsoft.com/exchange/2010/en/us/default.aspx
• http://sharepoint.microsoft.com/en-us/Pages/default.aspx _______ /3
• http://www.microsoft.com/forefront/threat-management-gateway/en
/us/overview.aspx
• http://office.microsoft.com/en-us/sharepoint-server-help
/CH010030543.aspx
12 CHAPTER 2: Understanding Server Roles

Understand Web services
SCENARIO: Alicia is a server administrator for Tailspin Toys. Security personnel have contacted her to provide
them with security information regarding her web exposed servers. They want to know which servers will have
access from beyond the perimeter security appliance so that they can accommodate the incoming and outgoing
traffic. Alicia responds that two of her three servers require perimeter access: First, the intranet server, which is
running SharePoint, will need SSL access for the remote toy salespeople. Her second server is the company’s web
server, where online customers can buy their toys from the comfort of their own homes. Customer transactions
must be secured in some fashion. Their web developers also request FTP access to the web server so that they
can upload and download updated content.
1. The security people have asked for the ports Alicia wants available for the intranet server running
Microsoft SharePoint. What will her response be?
a. 445
b. 443
c. 80
2. Alicia wants all transactions to the storefront on their web server to be encrypted. What security
protocol encrypts web traffic?
a. Secure Socket Layer, SSL
b. Point to Point Tunneling Protocol, PPTP You can assume you
c. Central Intelligence Agency, CIA are using SSL if your
web address starts with
3. What does is FTP and what port(s) does it communicate on? https://, which is typical
a. FTP is File Transport Protocol, a fast, application-level protocol widely when performing any
used for copying files to and from remote computer systems on a network online transactions or
using TCP/IP, such as the internet. It communicates on ports 20 and 21 authentications.
b. FTP is File Tuning Package, which tunes the file packages and communicates
on port 3399.
c. FTP is a proprietary file protocol that only allows the transmission of encrypted files to and
d from
f remote
systems and uses port 20.
Understand Web ser vices 13
AnAnswers
1. The port Alicia needs open for SharePoint is:

b. 443
2. The security protocol that encrypts web traffic is:
a. Secure Socket Layer, SSL
3. FTP is:
a. File Transport Protocol. It is a fast, application-level protocol widely used for copying files
to and from remote computer systems on a network using TCP/IP, such as the internet.
It communicates on ports 20 and 21.
Essential details
• A port is an application-specific communications endpoint used by Transport Layer protocols of the
Internet Protocol Suite. A specific port is identified by its number, commonly known as the port number,
the IP address with which it is associated, and the protocol used for communication.
• SSL supports authentication of client, server, or both, as well as encryptions during a communications session.
FAST TR ACK HELP
• http://www.iis.net
• http://sharepoint.microsoft.com/en-us/Pages/default.aspx
_______ /3

Understand remote access
SCENARIO: Craig works for Fourth Coffee as their network administrator. Fourth Coffee provides coffee and
coffee-making products throughout the United States. Fourth Coffee wants their salespeople, who manage their
own regions of the country, to be able to have access to their enterprise resource management application so
that they can update their sales numbers regardless of where they are located. This access needs to be secured.
Craig also needs to provide remote support for their sales force. Fourth Coffee’s server infrastructure is predomi-
nantly Microsoft Server® 2008 R2 and their salespeople use Microsoft Windows® 7 Professional on their laptops.
1. What is the most cost-effective and efficient method to provide remote support for their sales force?
a. enable Remote Assistance for all of the salespeople, which will enable Craig to remote into their systems
while they are logged on and simultaneously troubleshoot or monitor their activities. Remote Assistance
is already a feature of Windows 7 at no additional cost.
b. make sure all salespeople have their own mobile phones so that Craig can provide phone
support for the salespeople
c. purchase a third-party remote support software license for each laptop. This would require Craig to
retrieve all remote laptops for installation and training purposes.
2. What can Craig do to provide secure access to Fourth Coffee’s enterprise software?
a. have their sales people email all sales data three times a day to the corporate
headquarters where the data can be input Remote Desktop
Services is an inherent
b. enable and configure Remote Desktop Services for Microsoft Windows Server 2008
application in Microsoft
R2 through Virtual Private Network (VPN) tunnel and push the enterprise software Windows Server 2008 R2 and the
as a Remote Application Remote Desktop Client is an
inherent service on Microsoft
c. install a third-party remote server on top of Windows Server 2008 R2
Windows 7 Professional.
with additional licensing
3. By default, what communication port does Remote Desktop Protocol
communicate on?
a. 443
b. 445
c. 3389 Understand remote access 15
Answers
1. The most cost-effective and efficient method is to:
a. enable Remote Assistance for all of the salespeople, which will enable Craig to remote into their
systems while they are logged on and simultaneously troubleshoot or monitor their activities
2. To provide secure access Craig can:
b. enable and configure Remote Desktop Services for Microsoft Windows Server 2008 R2 through
Virtual Private Network (VPN) tunnel and push the enterprise software as a Remote Application
3. By default, Remote Desktop Protocol communicates on port:
c. 3389
Essential details
• Remote Desktop is used for administration. Remote desktop is available on
Windows 7 and Server 2008 R2 by enabling it through Advanced System
Settings. It allows a user to remote into a system when enabled and take
control.
• Right-click Computer->Properties
• Select Remote Settings on the left
• Click the radio button to Allow Connections Only From Computers
Running Remote Desktop With Network Level Authentication as shown here:
• Remote Assistance is a technology in Windows that enables Windows users to help
elp
each other over the internet.
_______ /3
FAST TR ACK HELP
• http://www.microsoft.com/systemcenter/appv/default.mspx
• http://technet.microsoft.com/en-us/windowsserver/ee236407.aspx

Understand file and print services
SCENARIO: Kern Sutton is the regional systems administrator for Wingtip Toys. The company has asked Kern to
upgrade their existing file server to Microsoft Windows Server 2008 R2. They also want Kern to configure the new
server to support print sharing as well. Kern eagerly accepts the challenge as he is excited to work with the new
operating system. Kern must secure both the shares and folders using the appropriate rights and permissions.
Kern discovers that this isn’t an old-time Windows Server!
1. What Role(s) are required for Kern to accomplish his task?

a. Microsoft File and Printer sharing
b. File Services Role and Print and Document Services Role
c. File Services for MacIntosh
2. Is there an alternate method to install the File Services Role?
a. No, the role must be installed through the Add Roles Wizard
b. Yes, when Kern initially shares a folder, the Role will be added automatically
c. Yes, through a separate download from Microsoft
3. What tasks can be accomplished through the Print Management console?
a. deploy printers and print servers, manage printers, update drivers, and manage
print queues The Print
b. manage print queues only Management console
c. remove a printer from a user’s desktop is a single landing zone
for all print management
needs.
Understand file and print ser vices 17

Answers
1. Required Roles include:
b. File Services Role and Print and Document Services Role. Microsoft File and Printer service has now
been split into separate roles.
2. There is an alternate method:
b. yes, when Kern initially shares a folder, the Role will be added automatically. Adding the Role
through the Add Role Wizard is a preferred method of installation
3. The tasks that can be accomplished include:
a. deploy printers and print servers, manage printers, update drivers, and manage print queues
Essential details
• A print server is a workstation that is dedicated to managing printers on a network. The print server can be
any station on the network.
• NTFS rights apply to a folder or file regardless of how it is being accessed. Share permissions apply to the
resource when it is being accessed over the network.
• The effective right of a resource being accessed over the network is based on the most restrictive permission
or right that is applied.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/library/dd759058.aspx _______ /3

Understand server virtualization
SCENARIO: Molly Dempsey’s company, Northwind Traders, has more than 50 servers that are due to be upgraded.
Molly must determine the most cost-effective method of upgrading these servers. She has several options that
she must consider to make her decision. Northwind Traders has several older applications that are part of the
problem because they are only supported on the existing legacy operating systems. Molly also has a desire to
simplify her backup and disaster recovery procedures. Molly is considering virtualization to address these various
needs.
1. What appears to be Molly’s best solution for the legacy applications?

a. only upgrade the hardware the applications are running on and install the legacy operating system
b. virtualize the legacy systems by performing a physical to virtual migration and run these systems on a
host Microsoft Hyper-V solution
c. keep the legacy systems running on their legacy operating systems on the legacy hardware, which
would ensure her legacy at this current, soon-to-be legacy employer
2. How can virtualization help simplify Molly’s disaster recovery needs?
a. allows for application portability and flexibility across hardware platforms
b. can’t help simplify her situation—it will only complicate her procedures
c. can help simplify her procedures—there isn’t a need for disaster recovery when
utilizing virtualization technologies because they perform virtual backups Most entry-level
server virtualization
3. What are the additional benefits that Northwind Traders will realize when they platforms are free to the
implement virtual technologies? end user. Costs are added
a. no additional benefits will be realized by using server virtualization if the user requires
b. they will not benefit from server virtualization but rather lose out as the costs additional management
features.
of virtualization are dramatically underestimated
c. they will be able to consolidate their servers and reduce the number of physical
computers they will have to support
Understand ser ver vir tualization 19

Answers
1. Molly’s best solution is to:
b. virtualize the legacy systems by performing a physical to virtual migration and run these sys-
tems on a host Microsoft Hyper-V solution
2. Virtualization can help simplify her disaster recovery needs by:
a. allowing for application portability and flexibility across hardware platforms. The system
archives the virtual system or file. The virtual system is not dependent on the hardware platform
it is running on.
3. The additional benefits that Northwind Traders will realize when they implement virtual technologies
include:
c. they will be able to consolidate their servers and reduce the number of physical computers they
will have to support. They will also reduce their carbon footprint because of reduced energy needs,
making their company a greener company. They can also reduce the number of people needed
to support their large number of servers.
Essential details
• Server virtualization is the ability to run a full operating system on a platform so that the operating system
performs as though it were a real system.
• Physical to virtual (P2V) is a process in which an existing physical computer is
converted into a virtual machine. Virtual to physical (V2P) is a process in which an
existing virtual machine is converted or deployed to one or more physical computers.
t
ters.
_______ /3
FAST TR ACK HELP

3 Understanding Active
Directory
IN THI S C HAP TE R
■ 3.1 Understand accounts and groups
■ 3.2 Understand organizational units (OUs) and containers
■ 3.3 Understand Active Directory infrastructure
■ 3.4 Understand group policy

OBJECTIVE U N D E R S TA N D I N G AC T I V E D I R E C TO RY 3 . 1
Understand accounts and groups
SCENARIO: Sara Davis is the helpdesk manager for Wide World Importers (WWI). WWI has asked Sara to provide
procedures and training for her helpdesk staff that will allow them to be more proficient at normal day-to-day
administrative tasks, including creating domain and local user accounts, managing group memberships, and
understanding what’s “under the hood” as it relates to managing user accounts. This includes technical details
such as the location of the user database for both local and domain systems, acceptable naming conventions, and
what characters are not allowed.
1. What is the name and location of the file that contains the local user and group objects?
a. userDB: c:\userdb.mdb
b. Security Accounts Manager Database: %systemroot%\system32\config
c. ntds.dit: c:\windows\ntds
2. Which of the following is an unacceptable user account name?
a. Abercrombie?kim
b. Mu.Han
c. MPatten
3. What is the rule related to nesting domain and local groups?
a. domain groups can contain local groups, but local groups cannot contain domain The local users and
groups groups security
b. domain groups and local groups cannot be nested boundary is limited
to the system they are
c. local groups can contain domain groups, but domain groups cannot contain
created on.
local groups
Understand accounts and groups 23

Answers
1. The name and location of the file that contains the local user and group objects is:
b. Security Accounts Manager Database: %systemroot%\system32\config. The Active Directory
Domain Services database is named ntds.dit. The file is located by default in %systemroot%\ntds.
2. An unacceptable user account name is:
a. Abercrombie?kim
“ / \ [ ] : ; | = , + * ? < > @ are not accepted characters for user accounts.
3. The rule related to nesting domain and local groups is:
c. local groups can contain domain groups, but domain groups cannot contain local groups
Essential details
• The Security Accounts Manager (SAM) is a database present on servers running Windows Server 2008 R2
that stores user accounts and security descriptors for users on the local computer.
• The following steps create a local user account and add it to the Power Users group through the command
line:
• Start->All Programs->Command Prompt
Type: net user WHarp myP@ssword /fullname:”Walter Harp” /comment:”A member of the
Power Users Group” /logonpasswordchg:yes /add
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/library/cc756748(WS.10).aspx _______ /3
• http://support.microsoft.com/kb/909264
24 CHAPTER 3: Understanding Active Directory

Understand organizational units (OUs) and containers
SCENARIO: Victoria Flores is the Directory Services administrator for Humongous Insurance. Humongous
Insurance is a large insurance company with offices throughout the country. The IT needs and wishes of various
branches vary greatly and it is a challenge to manage it all.
The company wants to design its Active Directory structure to better suit these various needs and allow for easier
management of the various computers and departments. They have asked Victoria to create an organizational
unit design that will fit their goals. One of their main goals is to create a model with which they can maintain
consistency and usability. They also want to be able to manage each department without granting particular
users complete administrative privileges.
1. What can Victoria do to solve the administration issue?

a. give the domain administrator password to the employee assigned to manage each departmental
organizational unit
b. simply perform all the administrative tasks herself
c. delegate control to the employee assigned to manage each departmental organizational unit and grant
specific administrative rights for that container
2. How can an organizational unit be created?
a. Active Directory Users and Computers, PowerShell, command line,
Delegation of
Active Directory Administrative Center
control grants specific
b. User Manager for Domains admini-strative tasks
c. organizational units can only be created through Active Directory such as resetting passwords
Users and Computers to individual users or groups
without making them
3. Which command creates an OU called Marketing in the domain domain administrators.
HUMONGOUS.LOCAL?
a. dsadd ou “ou=Marketing,dc=humongous,dc=local”
b. makeou=marketing.humongous.local
c. “ou=marketing,dc=humongous,dc=local”
Understand organizational units (OUs) and containers 25

Answers
1. Victoria can solve the administration issue if she:
c. delegates control to the employee assigned to manage each departmental organizational unit
and grants specific administrative rights for that container
2. An organizational unit can be created through:
a. Active Directory Users and Computers, PowerShell, command line, Active Directory Administra-
tive Center
3. An OU is created with the command:
a. dsadd ou “ou=Marketing,dc=humongous,dc=local”
Essential details
• Organizational units are Active Directory containers into which you can place users, groups, computers, and
other organizational units.
• Organizational units can be structured to meet various needs. They can be structured based on geographic
location, business structure (departments), organizational need, specific role or function, operating system
version, or platform and any combination mentioned.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/library/cc758565(WS.10)
_______ /3

Understand Active Directory infrastructure
SCENARIO: Andrew Ma is the systems administrator for Coho Winery. Recent changes in the business and
in advertising strategies have increased the popularity of Coho wines beyond expectations. Because of the
meteoric rise of Coho’s sales, the company has decided to migrate from a workgroup network to a centrally
managed domain model using Microsoft Windows Server 2008 R2 Active Directory Domain Services.
This IT change will allow Andrew to utilize several benefits of a domain, including organizing network objects,
applying group policies to manage desktop computers, and managing security. Andrew has decided to have
multiple domain controllers for redundancy, as well as to split operations roles. The new organization system will
support future company growth.
1. What is a benefit of having a domain model network as opposed to a workgroup?

a. there isn’t any benefit—it is cost-prohibitive. It is easier to manage user accounts on 20 different
computers than a centrally managed option
b. it allows for a centrally managed system where employees authenticate to the domain rather than to
each individual workstation
c. the only benefit is that it is easier to secure than a workgroup model
2. What should Andrew do to determine which domain controller maintains
the operations role of RID master?
Migrating from a
a. contact the previous system administrator workgroup model to a
b. open Active Directory Users and Computers, right-click his domain, and select domain model allows for ease
Operation Masters of administration. It creates a
centrally managed database that
c. create a batch file that will query each domain controller to determine
can be replicated across domain
who is responsible for the RID master controllers which adds fault
3. What domain controller maintains all five operations roles by default? tolerance.
a. the first domain controller in the forest

b. operations roles are automatically transferred to subsequent domain controllers
as they are added to the forest
c. the domain controller is selected by the administrator when the system is being promoted
Understand Active Director y infrastructure 27
Answers
1. The primary benefit of a domain model network is:
b. having a centrally managed system where employees authenticate to the domain rather than to
each individual workstation. This allows for better security policies and network management.
2. Andrew can determine which domain controller maintains the operations role of RID master if he
b. opens Active Directory Users and Computers, right-clicks his domain, and selects Operation
Masters
3. The domain controller that maintains all five operations roles by default is:
a. the first domain controller in the forest. The operations roles have to be transferred manually when
the additional domain controllers are promoted in the forest. NTDSUTIL is a command-line utility that
can accomplish this task.
Essential details
• A domain is a unit of replication.
• A domain controller is a server that is running a version of the Windows Server operating system and has
Active Directory Domain Services installed.
• In a domain model, the user authenticates once to the domain, which maintains all information
about other objects in the domain. Compare this to a workgroup model in which the
administrator has to duplicate user accounts on any workstation that is sharing resources.
This means that a single user would have to have a user account created for on each
computer she accesses.
_______ /3
FAST TR ACK HELP

Understand group policy
SCENARIO: Benjamin Harris works for Wingtip Toys as Some issues have arisen in various departments:
their desktop administrator. Ben’s primary function is
• Employees want to have customized desktops and
desktop management and support of the company’s features on their systems and still maintain consis-
desktop environment. His main goal is to have a quiet tency with Wingtip Toys
day at his desk so he can research new ideas for Wingtip • Administrators at Wingtip Toys want some primary
Toys. He has several tools at his disposal to accomplish settings to remain consistent on all systems in the
this but his most important tool is his use of group company but want to allow each department to
policies on their domain. have individual settings that will help them per-
form their jobs more efficiently
1. Wingtip Toys only want password policies 3. Ben has a policy that sets his homepage in
applied to their Testing Division. Ben wants to Internet Explorer to open to http://wingtip-
create a Group Policy Object for the Testing orga- toys.com. The testing department has their
nizational unit that sets these password policies. homepage in IE set to open to http://testing.
Will this accomplish what Wingtip Toys wants? wingtiptoys.com. What will the homepage
a. yes, the password policy set at the organiza- display when Ben logs into
tional unit level will only apply to the users a testing department
and computers in that OU workstation?
b. yes, the password policy will apply to the a. http://wingtiptoys.com
users in the Testing division no matter what .User Policy settings Group Policy
computer they log onto follow the user settings apply to
c. no, password policies can only be applied at b. http://testing.wingtiptoys users regardless
the domain level .com. He is authenticating of the workstation
to a testing department they authenticate to.
2. Ben wants to see if the policies he set are in station
effect. He does not want to reboot or wait
for the system to refresh automatically in c. Internet Explorer default
90 minutes. What command can he issue to MSN homepage. He is not
force the application of group policies? a Testing user and it’s not
his workstation
a. gpupdate /NOW
b. gpedit.msc /update
c. gpupdate /force
Understand group policy 29
Answers
1. Wingtip Toys want password policies applied only to their Testing division:
c. No, password policies can only be set and applied at the domain level. Password policies can only
be set and applied at the domain level. The user has already authenticated by the time organizational
unit policies are applied.
2. The command to force the application of group policies is:
c. gpupdate /force
3. When Ben logs into a testing department workstation his homepage will display:
a. http://wingtiptoys.com. User Policy settings follow the user
Essential details
• A Group Policy is an infrastructure that enables administrators to implement specific configurations for users
and computers.
• Winlogon is a component of the Windows operating system that provides interactive logon support.
Winlogon is the service in which the Group Policy engine runs.
• Group Policy Preference enables administrators to manage drive mappings, registry settings, local users
and groups, services, files, and folders.
FAST TR ACK HELP
• http://support.microsoft.com/kb/94372 _______ /3
• http://www.microsoft.com/downloads/details
.aspx?FamilyID=18c90c80-8b0a-4906-a4f5-ff24cc2030fb&displaylang=en

4 Understanding
Storage
IN THI S C HAP TE R
■ 4.1/4.2 Identify storage technologies; Understand RAID
■ 4.3 Understand disk types

Understand Windows application deployment methods
SCENARIO: Stepan spends much of his free time in the outdoors, camping, hiking, and canoeing. Whenever
school is not is session, he tries to take at least one trip. He has developed two applications to help him enjoy
his hobbies. The first application helps him log his activities, downloads data from his GPS unit, and automatically
posts updates to his favorite social media websites. The second is a relatively simple application for planning trips;
it helps him organize his maps, plan the supplies he’ll need, and keep track of weather reports in the days before
he leaves. Both programs are Windows Forms applications.
He has always run the applications from his own computer, but now that his friends have seen how well they
work, he would like to distribute copies for others to enjoy.
1. The planning application is newer and Stepan is still making frequent changes. Which deployment
option checks for updates before installing the application?
a. ClickOnce
b. Windows Installer
c. Both deployment options automatically check for updates.
2. The log application interfaces with a GPS and must install a device driver upon
deployment. Which option is best suited for this application?
a. ClickOnce
c. Neither deployment option can install a device driver.
3. Which option will allow Stepan to distribute his applications via USB drives?
a. ClickOnce
c. Both deployment options can be distributed via USB drive.
Answers
1. If Stepan wants the installer to check for updates, the deployment method he should use is:
A. ClickOnce
OBJECTIVE U N D E R S TA N D I N G S TO R AG E 4 . 1 /4 . 2
Identify storage technologies; Understand RAID
SCENARIO: Howard Gonzalez is the systems administrator for Humongous Insurance. The company is responsible
for protecting the property of hundreds of thousands of clients across 14 states. Because of the time-critical nature
of the data stored by Humongous Insurance, Howard is researching his best alternative to ensure that the customer
service representatives have access to their client’s information whenever they need it. Server downtime is not an
option for Humongous Insurance, where customer satisfaction is top priority. Howard is considering various form of
Redundant Array of Independent Disks (RAID), possibly configured in a Network Attached Storage (NAS).
1. What is the minimum number of hard drives required if Howard wants to configure
a RAID 5 solution?
a. 5
b. 2
c. 3
2. What is a benefit of NAS over Storage Area Network (SAN)?
a. There isn’t any advantage; they are equal
b. NAS provides file serving without the need for a server
c. NAS benefits from being attached to a server on the network to provide
file abstraction The amount of drive
3. Howard is configuring a server with RAID 5. He is using four 750-GB hard drives space used for
in his RAID array. How much available free space will Howard have after redundancy is 1/n (total
RAID is configured? drive space) where n is the
total number of drives in
a. 750 GB the array.
b. 2,250 GB
c. 2,250 TB
Identif y storage technologies; Understand RAID 33

Answers
1. The minimum number for hard drives required to configure a RAID 5 solution is:
c. 3
2. A benefit of NAS over Storage Area Network (SAN) is that:
b. NAS provides file serving without the need for a server
3. After RAID is configured Howard will have:
b. 2,250 GB of free space (3000-¼(3000)=2,250)
Essential details
• Network-attached storage (NAS) is file-level computer data storage connected to a computer network
providing data access to heterogeneous clients.
• NAS does not require a server to provide services. SAN requires a server to provide file abstraction services.
NAS reduces the number of servers on a network.
• A Redundant Array of Independent Disks (RAID) is a data storage method in which data is distributed
across a group of computer disk drives that function as a single storage unit.
• Available free space after RAID 5 is configured =Total drive space-1/n (total drive space) 3000-¼(3000)=2,250
FAST TR ACK HELP
• http://msdn.microsoft.com/en-us/library/ms184252(SQL.90).aspx
_______ /3
34 CHAPTER 4: Understanding Storage

OBJECTIVE U N D E R S TA N D I N G S TO R AG E 4 . 3
Understand disk types
SCENARIO: Luka Abrus works for City Power and Light as a systems administrator. Luka wants to increase the data
availability for three servers without having to rebuild them from scratch and without incorporating a great deal
of cost by purchasing array controllers. Luka also would like to be able to use data on one system and transport
it to another system and have it appear as another hard drive.
1. What can Luka do to increase his server data availability without additional costs of an array
controller or rebuilding each server?
a. make sure the servers are always on
b. add another physical drive to each server, convert the drives from basic disks to a dynamic disk,
and establish a mirror (RAID 1) between the two drives
c. make sure that his backups are running every night to ensure that he can restore data in the event
of a failure
2. What can Luka do to be able to transport data from one system to another and have
it appear as a separate drive?
a. create a virtual hard disk (VHD) to store the data
b. carry an external drive and attach it from one system to another
c. compress the data and email the data to himself Self-healing NTFS
3. What advantages will Luka experience when using self-healing NTFS does not protect
in Microsoft Windows Server 2008 R2? against hardware
malfunctions.
a. continuous data availability
b. no concerns about physical drive failure
c. no need to install antivirus software
Understand disk types 35

Answers
1. To increase his server data availability without additional costs of an array controller or rebuilding each
server, Luka can:
b. add another physical drive to each server, convert the drives from basic disks to a dynamic disk
and establish a mirror(RAID 1) between the two drives
2. To be able to transport data from one system to another and have it appear as a separate drive, Luka can:
a. create a virtual hard disk (VHD) to store the data. The vhd can be stored to a network share and then
be utilized from one system to another and mounted as a virtual drive. A VHD can be mounted to any
Windows system and appear as a separate physical drive
3. When using self-healing NTFS in Microsoft Windows Server 2008 R2, Luka will experience the advantage of:
a. continuous data availability. Self-healing NTFS attempts to correct corruptions of the file system with-
out requiring the use of chkdsk.exe
Essential details
• A dynamic disk is a physical disk that can use the master boot record (MBR) or GUID partition table (GPT)
partitioning scheme and has the ability to create fault tolerant volumes (mirrored and RAID-5 volumes).
• A mount point is an association between a volume and a directory on another volume.
• Microsoft virtual hard disk (VHD) file format specifies a virtual machine hard disk
that can reside on a native host file system encapsulated within a single file.
FAST TR ACK HELP
_______ /3
• http://windows.microsoft.com/en-US/windows-vista/
What-are-basic-and-dynamic-disks
36 CHAPTER 4: Understanding Storage

5 Understanding
Server Performance
Management
IN THI S C HAP TE R
■ 5.1 Identify major server hardware components
■ 5.2 Understand performance monitoring
■ 5.3 Understand logs and alerts

2. If he wants to install a device driver he should use:
B. Windows Installer
3. Stepan’s applications can be distributed via USB drives because:
C. both deployment options can be distributed via USB drive.
Essential details
• The .NET Framework provides two primary technologies for deploying applications: ClickOnce and Windows
Installer.
• Both technologies:
• provide a user interface to guide users through the installation process.
• allow for the creation of Start Menu and desktop shortcuts.
• can be distributed by a website or by removable media.
• can register file types.
• The advantages and features of ClickOnce include:
• There is minimal user interaction during the installation process.
• The technology automatically checks for updates.
• Updates do not require complete reinstallation of application.
• Features of Windows Installer include the use of a “wizard” that assists the user with
installation and the flexibility to handle a variety of installation situations.
• In general, ClickOnce is simpler and is ideal for applications that are updated frequently.
• Windows Installer provides more control over the installation process and
is flexible enough to handle unusual or complicated setup requirements.
FAST TR ACK HELP
• http://msdn.microsoft.com/en-us/library/y18k4htb.aspx
• http://msdn.microsoft.com/en-us/library/e2444w33.aspx
OBJECTIVE U N D E R S TA N D I N G S E RV E R PE R F O R M A N C E M A N AG E M E N T 5 . 1
Identify major server hardware components
SCENARIO: Proseware Inc. has recently purchased land to expand their business center. A great deal of thought
and research must go into planning for the technology needs of a business the size of Proseware.
Cari has been the server administrator at Proseware for several years and has a deep understanding of the
technology needs related to the server components. Proseware has asked Cari to submit a plan for the
redesigned datacenter that will ensure data redundancy and server availability. The overall business plan
is dependent upon a dependable data system.
1. What technology can Cari implement that will allow for the replacement of server components
while the servers are still running?
a. the technology does not exist
b. component live swappable
c. hot swappable/pluggable
2. What can Cari implement that will protect the servers from a power outage and allow the systems
to be shut down gracefully in the event of a power loss?
a. uninterruptable power supply (UPS)
b. a script that will shut down the server when the datacenter loses power
c. several surge suppressors for the servers ASHRAE recommends
a temperature range
3. Why is it important for Cari to have climate control within the datacenter? of 61 to 75 degrees
a. to be comfortable when she is working in the datacenter Fahrenheit and a humidity
b. to prevent servers from overheating range of 40 to 55 percent.
c. it is irrelevant— servers are configured with their own cooling systems
Identif y major ser ver hardware components 39

Answers
1. To allow for the replacement of server components while the servers are still running, Cari can implement:
c. hot swappable/pluggable. Various hot swappable components include hard disks and fans.
2. To protect the servers from a power outage and allow the systems to be shut down gracefully in the event
of a power loss, Cari can implement:
a. uninterruptable power supply (UPS). A UPS only protects against power outages and is used
to gracefully shut the systems down in the event of an extended power loss
3. It is important for Cari to have climate control within the datacenter:
b. to prevent servers from overheating
Essential details
• Hot pluggable technology includes replacing system components without shutting down the system.
• Memory is a hardware device where information can be stored and retrieved.
• A Network Interface Card (NIC) is a hardware device that handles an interface to a computer network and
allows a network-capable device to access that network.
FAST TR ACK HELP
• http://en.wikipedia.org/wiki/Hot_swapping
• http://upload.wikimedia.org/wikipedia/en/2/29/Chassis-Plans-Rack.jpg
_______ /3
40 CHAPTER 5: Understanding Server Performance Management

OBJECTIVE U N D E R S TA N D I N G S E R V E R P E R F O R M A N C E M A N AG E M E N T 5 . 2
Understand performance monitoring
SCENARIO: Cliff Majors works for Southridge Video as a systems administrator. Southridge Video began as a
start-up business in southern Georgia just a few years ago and its popularity has skyrocketed; Southridge has
a unique ability to anticipate customer needs and provide services before customers are even aware that they
would find the services valuable.
A while ago the company introduced a service for customers to rent videos over the internet and stream the
movies to their computers or internet-capable devices. In spite of their best planning and anticipation of prob-
lems, calls have come in from the customers complaining that the quality of the video is poor or that the videos
just aren’t available.
1. Cliff attempted to close a program on one of the video servers; however the application did not
respond. What application can he open to end that process?
a. File Manager
b. Task Manager
c. Command Prompt
2. Cliff wants to compare the performance reports he created when he initially
deployed the video servers. What application does he need to launch
to create a comparison report? Continuous page
a. Network Monitor file hits are a result
b. netstat of a system not having
c. Performance Monitor enough RAM.
3. Cliff is analyzing Performance Monitor and adds a counter that tracks page
file/usage and hits. Cliff notices that the page file is being accessed continuously.
What can Cliff do to solve this issue?
a. add more RAM
b. adjust the size of the page file
c. move the page file to another physical drive on the system
Understand performance monitoring 41

Answers
1. To end a process that cannot be closed in the usual manner, Cliff can open the:
b. Task Manager
2. To create a comparison report, he must launch the:
c. Performance Monitor. It is important to create a baseline performance report using Performance
Monitor when deploying a system. This allows the administrator to have a report to compare against.
The reports can be overlapped within Performance Monitor to have a visual comparison.
3. To solve the problem of continuous page file hits, Cliff should:
a. add more RAM
Essential details
• A page file is a hidden file on the hard disk that operating systems use to hold parts of programs and data
files that do not fit in memory.
• A process is a program or part of a program.
• Performance is the measure of how quickly a computer completes application and system tasks.
FAST TR ACK HELP
_______ /3

OBJECTIVE U N D E R S TA N D I N G S E R V E R P E R F O R M A N C E M A N AG E M E N T 5 . 3
Understand logs and alerts
SCENARIO: Walter Felhofer manages the network at Graphic Design Institute. He has been monitoring the
network for several months to better understand the traffic variations. The network performance seems to vary
greatly and Walter suspects a variety of causes ranging from the time-of-day use to events that coincide with
special promotions and cyclical events. Walter keeps this historical data as it relates to the systems performance.
He reviews this data on a regular basis as well as reviewing the data in comparison mode because he knows that
it contains details that will be valuable for justifying future technology acquisitions and creating business plans.
1. What benefit can Walter gain by maintaining a historical record of the system’s performance?
a. use of the data to justify future upgrades as well as to identify performance trends throughout the year
b. provide performance documentation if a supervisor asks for it
c. there is no benefit to keeping a historical record of your systems performance because technology
changes so frequently
2. Walter’s job keeps him very busy. He is unable to watch performance logs and data all day long.
What can Walter do so he can perform his other day-to-day tasks and not miss
any major performance issues?
a. hire an intern to watch performance monitor and page him whenever
something goes wrong
Performance
b. create a Performance Alert that will send a network message, write an event log, monitoring is crucial
or run a program when certain criteria are met for real-time system
c. remote into the systems periodically to check performance logs, regardless performance but is also
of whether he is busy important for scaling
future systems and
3. What is the default location for system performance logs? upgrades.
a. %systemroot%\logs
b. #system#\perflogs
c. %systemdrive%\PerfLogs
Understand logs and aler ts 43

Answers
1. By maintaining a historical record of the system’s performance, Walter can:
a. use the data to justify future upgrades as well as to identify trends throughout the year.
2. To ensure that he doesn’t miss any major performance issues, Walter can:
b. create a Performance Alert that will send a network message, write an event log, or run
a program when certain criteria are met.
3. The default location for system performance logs is:
c. %systemdrive%\PerfLogs
Essential details
• Objects are specific resources in the Performance Monitor that can be measured.
• Performance counters are measurements of system state or activity.
• Use of the overlay mode is only available in the Performance Monitor when it is running in stand-alone mode
with comparison enabled:
• Click Start->click in the Start Search box, type perfmon/sys/comp and press Enter.
• The Performance Monitor will open in stand-alone mode with comparison enabled.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/library/cc722414.aspx#BKMK_alert
_______ /3

6 Understanding
Server Maintenance
IN THI S C HAP TE R
■ 6.1 Identify steps in the startup process
■ 6.2 Understand business continuity
■ 6.3 Understand updates
■ 6.4 Understand troubleshooting methodology

OBJECTIVE U N D E R S TA N D I N G S E R V E R M A I N T E N A N C E 6 . 1
Identify steps in the startup process
SCENARIO: Fourth Coffee has expanded its business to 20 new stores in neighboring states. The expansion meant
that the company had to expand its IT department and hire several new technicians. It is critical that all of the
new hires have knowledge and skills in maintaining the company’s technology infrastructure—the success of the
company depends upon effective technology at every level of the business.
The CIO has asked the systems administrator, April Meyer, to provide training to her staff on Server 2008 R2.
She wants everyone to have a fundamental understanding of the boot process as well as some troubleshooting
techniques.
1. What command-line utility can April demonstrate to modify the boot configuration database?
a. bcdedit.exe
b. boot.ini
c. ntloader.exe
2. What does the Power-On Self Test (POST) do?
a. tests to see whether the power is on
b. performs initial hardware checks, verifies devices, and retrieves system
configurations from CMOS
c. calls programs such as autoexec.bat, config.sys, and win.ini Safe mode starts
Windows with a
3. April want to demonstrate starting a computer in safe mode. What are the steps limited set of files
to start a computer in safe mode? and drivers.
a. access the system BIOS and configure it to start in safe mode
b. boot the installation media and select the safe mode option
c. remove all media and then press and hold the F8 key before the
Windows Logo appears
Identif y steps in the star tup process 47

Answers
1. The utility that April can demonstrate to modify the boot configuration database is:
a. bcdedit.exe
2. The Power-on Self Test (POST):
b. performs initial hardware checks, verifies devices, and retrieves system configurations from
CMOS
3. To start a computer in safe mode:
c. remove all media and then press and hold the F8 key before the Windows Logo appears
Essential details
• Power-On Self Test (POST) is a set of routines stored in a computer’s read-only memory (ROM) that tests
various system components such as RAM, the disk drives, and the keyboard to see whether they are properly
connected and operating.
• The Master Boot Record (MBR) is the first sector of the first hard disk; it is a physically small but critical
element in the startup process on an x86-based computer.
• To start a computer in safe mode remove all floppy disks, CDs, and DVDs from the computer and then
restart the computer.
• If your computer has a single operating system installed, press and hold the
F8 key as your computer restarts.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/library/cc976730.aspx _______ /3
• http://technet.microsoft.com/en-us/library/bb457123.aspx
Start-your-computer-in-safe-mode
48 CHAPTER 6: Understanding Ser ver Maintenance

Understand business continuity
SCENARIO: Rachel Valdes is developing a strategic information technology plan for her company, Northwinds
Traders. The main focus of this plan is to maintain business continuity by ensuring that critical business
functions will be available for customers and business partners. Her plan must ensure that the needs and
important activities of Northwinds customers, suppliers, regulators, and employees can be met in event
of an unforeseen technology problem or a natural or human-induced disaster. She needs to plan for
data redundancy as well as disaster recovery.
1. Northwinds Traders core infrastructure runs on Microsoft Windows Server 2008 R2. What inherent
application can they use to implement the data redundancy portion of their strategic plan?
a. Windows Server Backup
b. Active Directory Restore Mode
c. NTBackup.exe
2. What benefit does folder redirection offer?
a. allows administrators to direct folders to perform data backups and migrations
b. allows users and administrators to redirect the path of a folder to a new
location that can provide backup on a network share
c. converts a folder from one file system to another A disaster recovery
3. Part of Rachel’s plan is to develop a disaster recovery plan. What is a disaster plan is related to
recovery plan? any technology infra-
structure and should
a. the process, policies, and procedures related to preparing for recovery
be updated on a
or continuation of critical technology after a natural or human-induced regular basis.
disaster
b. a plan that dictates how to recover data and financial loss after a theft
c. a procedure meant solely for recovering lost data
Understand business continuity 49

Answers
1. To implement the data redundancy portion of Northwinds’ strategic plan they can use:
a. Windows Server Backup
2. The benefit offered by folder redirection is to:
b. allow users and administrators to redirect the path of a folder to a new location that can
provide backup on a network share. Folder redirection is a method that helps prevent users from
keeping important information on their local hard drives by redirecting it to another location
where it can be backed up for data redundancy.
3. A disaster recovery plan includes:
a. the process, policies, and procedures related to preparing for recovery or continuation
of critical technology after a natural or human-induced disaster
Essential details
• Data redundancy is a property of some disk arrays that provides fault tolerance so that all or part of
the data stored in the array can be recovered in the case of disk failure.
• Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation
of technology infrastructure critical to an organization after a natural or human-induced disaster.
• Business continuity is the activity performed by an organization to ensure that critical
business functions will be available to customers, suppliers, regulators, and other
entities that must have access to those functions.
FAST TR ACK HELP _______ /3

• http://technet.microsoft.com/en-us/library/cc778976%28WS.10%29.aspx

Understand updates
SCENARIO: Mark Patten is a network engineer with Tailspin Toys. Tailspin Toys has asked Mark to find a way to
ensure that all of the systems on their network are updated on a regular basis. They also want Mike to discuss
updates with their software development team because developers sometimes run into issues with updates
conflicting with their custom software while they are in development process. Tailspin Toys’ desktop systems range
from Windows XP to Windows 7, both 32-bit and 64-bit. They also have a mix of server operating systems running
Windows Server 2003 R2 through Windows Server 2008 R2. This variety of computers and systems within a single
organization is not unusual, but requires strong network administration skill on Mark’s part!
1. What can Mark do to streamline update management for Tailspin Toys?

a. configure Windows Software Update Services (WSUS) to download and deploy updates based
on his needs
b. arrive early every Wednesday before Tailspin Toys opens and perform Windows Updates
c. allow the users to run the updates whenever they see fit
2. What can Mark do to solve the issues he will run into with the software development team?
a. disable updates for the software development team
b. configure a separate WSUS group and put all of the software development
computers and servers in that group
Use MBSA to detect
c. isolate the software development team on a separate segment and allow common security
them to manage their own updates misconfigurations and
3. What tool can Mark use to determine the security state in accordance with missing security updates
on computer systems.
Microsoft security recommendations?
a. Qchain.exe
b. Network Monitor
c. Microsoft Baseline Security Analyzer (MBSA)
Understand updates 51
Answers
1. To streamline update management for Tailspin Toys, Mark can:
a. configure Windows Software Update Services (WSUS) to download and deploy updates based
on his needs
2. To solve the issues with the software development team, Mark can:
b. configure WSUS to have a separate group and put all of the software development computers
and servers in that group. He can schedule updates to be selectively applied to their system.
3. To determine the security state in accordance with Microsoft security recommendations, Mark can use:
c. Microsoft Baseline Security Analyzer (MBSA)
Essential details
• A hotfix is a single package composed of one or more files used to address a problem in a product.
• Update management is the process of controlling the deployment and maintenance of interim software
releases into production environments.
• Service packs are cumulative set of hotfixes, security updates, critical updates, and updates since
the release of the product, including many resolved problems that have not been made available
through any other software updates
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/wsus/default.aspx
• http://technet.microsoft.com/en-us/library/cc700845.aspx _______ /3

Understand troubleshooting methodology
SCENARIO: Recent changes in the network configurations at Coho Winery have been successfully implemented.
Andrew Ma, the systems administrator, is pleased with his ability to organize network objects, apply group policies
to manage desktop computers, and manage security, but the changes have brought about the need to refresh the
skills of the helpdesk team.
Jeff Wang is responsible for updating the skills of the current team and training the new helpdesk hires at Coho
Winery. The helpdesk team is in charge of troubleshooting various issues that come in on a day-to-day basis from
the local winery and their remote winery locations located on both the east coast and the west coast.
Troubleshooting methodology is imperative for the success of the helpdesk team.
1. What is an example of a systemic problem?

a. a hard disk fails on a user’s computer
b. a worm propagates through the entire network
c. a user’s monitor will not turn on
2. What is the first tool in a Microsoft environment that should be used to
determine the time and type of problem a particular system may be having?
a. resource Monitor
b. task Manager Windows Resource
c. event Viewer Monitor allows you
to view a process wait
3. What application allows you to view all processes and either selectively chain and to end
end a single process or the entire process tree? processes that are
a. resource Monitor preventing a program
b. task Manger from working properly.
c. msconfig.exe
Understand troubleshooting methodology 53

Answers
1. An example of a systemic problem is when:
b. a worm propagates through the entire network. Answers A and C are specific to a single system’s
problems, not systemic.
2. The first tool in a Microsoft environment that should be used to determine the time and type of problem is:
c. Event Viewer
3. To view all processes an either selectively end a single process or the entire process tree, use the
a. Resource Monitor
Essential details
• Event Viewer maintains logs about program, security, and system events on your computer.
• Resource Monitor is a system tool that allows you to view information about the use of hardware
(CPU, memory, disk, and network) and software (file handles and modules) resources in real time.
• Event viewer can be accessed through Start->Programs->Administrative Tools->Server manager->
Diagnostics->Event Viewer.
• Default location for event logs:
• %systemroot%\system32\config
FAST TR ACK HELP
• http://www.microsoft.com/resources/documentation/windows/xp/all/
proddocs/en-us/snap_event_viewer.mspx?mfr=true _______ /3

MTA 98-366
NETWORKING
FUNDAMENTALS
1 Understanding
Networking
Infrastructures
IN THI S C HAP TE R
■ 1.1 Understand the concepts of the internet, intranet, and extranet
■ 1.2A Understand local area networks (LANs)
■ 1.2B Understand local area networks (LANs)
■ 1.3A Understand wide area networks (WANs)
■ 1.3B Understand wide area networks (WANs)
■ 1.4 Understand wireless networking
■ 1.5 Understand network topologies and access methods

OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . 1
Understand the concepts of the internet, intranet, and extranet
SCENARIO: Before going to class, Sidney stops by Fourth Coffee for an iced coffee. The owner of Fourth Coffee,
Josh, stops to talk with Sidney because he knows that she enjoys solving computer problems. Josh asks Sidney
if she can help him manage Fourth Coffee’s server and wireless network.
Josh has a few projects for Sidney to start working on immediately. He would like to be able to access Fourth
Coffee’s server from his home and mobile phones. In addition, he is concerned about keeping his customers’
computers safe from viruses and hackers. Also, Josh would like to provide internal company information such as
schedules and company policies to his employees.
Sidney thanks Josh and tells him that she’ll start working on his projects today right after class.
1. What will Sidney need to install for Josh to be able to access Fourth Coffee’s server from his home
and mobile phones?
a. a firewall
b. a VPN
c. an intranet
2. A firewall is to a network as:
a. a door is to a classroom
b. an eraser is to a pencil Even though a
browser’s security
c. a movie is to a screen settings may be set high,
3. The primary goal of an intranet is to: a firewall still should be
a. allow different businesses to share information used.
b. let users access different websites
c. provide company information to internal employees
Understand the concepts of the internet, intranet, and extranet 59

Answers
1. Josh wants to be able to access Fourth Coffee’s server from his home and mobile phones, so Sidney will
install a:
b. VPN. A VPN is a Virtual Private Network.
2. A firewall is to a network as:
a. a door is to a classroom. Firewalls keep computers safe and doors keep classrooms safe
and quiet so that students may study.
3. An intranet’s primary goal is to:
c. provide company information to internal employees. Extranets allow different business to share
information and the Internet lets users access different websites.
Essential details
• VPNs create a private network and provide a secure tunnel across the Internet.
• Firewalls can be hardware devices.
• For security zones, keep the security level as high as possible.
• In Microsoft® Internet Explorer® click Tools and then click Internet Options to set your security settings.
• Mobile phones can be used to connect to a company’s servers.
FAST TR ACK HELP
• http://msdn.microsoft.com/en-us/library/aa503420.aspx
• http://support.microsoft.com/kb/174360 _______ /3
• http://msdn.microsoft.com/en-us/library/ms953581.aspx
60 CHAPTER 1: Understanding Networking Infrastructures

OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . 2 A
Understand local area networks (LANs)
SCENARIO: Kim is studying to become an animator at the Graphic Design Institute. Michael, Kim’s friend from
class, asks Kim to study with him after class in the school’s computer lab.
When Kim arrives in the lab she sees that Michael has already started his laptop and is connected to the school’s
network. Kim starts her laptop and attempts to connect to the school’s network when she realizes that she forgot
her wireless card. Kim tells Michael that she’ll have to run home and get her wireless card. Michael tells her that
she does not need to have her wireless card because she can connect directly to the network.
Kim asks Michael to show her how and he pulls out a cable and starts connecting it to her laptop’s internal, wired
NIC and explaining the steps.
1. What type of network is Kim trying to connect to?

a. WAN
b. LAN
c. PAN
2. To verify that Kim’s NIC (network interface card) works, Michael pings 127.0.0.1,
which is known as the:
a. loopback address
b. dynamic address When
troubleshooting
c. static address network connections,
3. A NIC is to a LAN as: use ping and ipconfig.
a. lyrics are to a song
b. a key is to a door
c. a movie is to a TV
Understand local area networks (LANs) 61

Answers
1. Kim is trying to connect to the school’s:
b. LAN. A LAN is a Local Area Network.
2. To test Kim’s NIC Michael pings the:
a. loopback address. The loopback address is 127.0.0.1 and a successful ping verifies that the NIC works.
3. A NIC is to a LAN as:
b. a key is to a door. A key provides access through a door just as a computer is required to have a NIC to
access a LAN.
Essential details
• LANs connect local computers together in a small geographical area.
• Perimeter networks provide an extra layer of security for a company’s internal network.
• Computers connect to a LAN through a NIC (network interface card).
• The loopback address is a reserved, static address of 127.0.0.1.
• In Microsoft Windows® 7, right-click Network and select Properties to view your network configuration.
FAST TR ACK HELP
• http://windows.microsoft.com/en-US/windows7/
Why-can-t-I-connect-to-a-network
_______ /3
• http://msdn.microsoft.com/en-us/library/ee494910.aspx

OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . 2 B
Understand local area networks (LANs)
SCENARIO: Brian just graduated from his local community college in IT and started working for Adventure Works
as an IT Technician. His new boss, Annie, decides to send him on a business trip to Seattle where he will help set
up the computers in their new store.
When Brian arrives in Seattle he immediately checks into his hotel. He asks Erin, the hotel manager, if the hotel
has Internet access. Erin tells Brian that the hotel has both wired and wireless LAN connections available, which
he may use to access the Internet for free! Plus the hotel will be expanding Internet connectivity to the pool area
soon.
Brian is thrilled that the hotel provides free Internet access so that he can work at night, if necessary, to succeed
in his first IT job.
1. When Brian connects a cable from his laptop’s NIC into an RJ45 jack he is connecting to the:
a. VLAN
b. wired LAN
c. wireless LAN
2. A VLAN is also called a:
a. logical network
b. internal network Access points are
used to connect
c. external network wireless devices to
3. What will be Erin’s best solution for providing Internet connectivity wired networks.
to the pool area?
a. expand the hotel’s wired network
b. expand the hotel’s wireless network
c. add a new WAN
Understand local area networks (LANs) 63

Answers
1. Connecting a cable from a laptop’s NIC into a RJ45 jack allows Brian to use the hotel’s:
b. wired LAN. Wired LANs use cables and wireless LANs use radio, microwave, or infrared light.
2. Another name for a VLAN is:
a. logical network. VLANs segment broadcast traffic, which in turn increases network performance.
3. The best solution Erin should implement to expand Internet connectivity to the pool area is:
b. expand the hotel’s wireless network. A wireless LAN is easy to install in locations such as pool areas
and hotel lobbies where it can be difficult to run cables.
Essential details
• VLANs are created on switches and help improve network performance.
• Wired networks take time to install because wires need to be pulled to all of the connection jacks.
• Wireless LANs are easy to expand to remote areas.
• Security can be implemented in both wired and wireless LANs.
• In Microsoft Windows 7, click the wireless network icon (on the right side of the taskbar) to view the available
wireless networks.
FAST TR ACK HELP
What-you-need-to-set-up-a-home-network
• http://www.microsoft.com/protect/data/home/wireless.aspx
_______ /3
View-and-connect-to-available-wireless-networks

OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . 3A
Understand wide area networks (WANs)
SCENARIO: Fourth Coffee’s business is booming! Josh, the owner, decides that now is the time to expand his
business. In the next month he will open one new location 30 miles south. In three months he will open another
location 30 miles north.
Josh wants to have a network between all three coffee shops. He is also concerned about security over the
existing VPN that provides him with access to the coffee shop’s network from his home and mobile phones.
When Josh shares his expansion plans and IT concerns with Sidney, his IT Consultant, she tells Josh that she has
the solutions. Sidney can easily expand the network because she has been studying WANs in her college classes.
1. To link all three of Fourth Coffee’s LANs together, Sidney will create a:
a. LAN
b. PAN
c. WAN
2. Between the original coffee shop and the first expansion location, Sidney decides to order
a private, dedicated line from the phone company known as:
a. a leased line
b. dial-up
Always choose the
c. ISDN
most efficient
3. Sidney reassures Josh that the existing VPN is secure because the data IT solution to meet the
transferred across the public network is: goals of a given
a. defragmented IT situation.
b. encrypted
c. zipped
Understand wide area networks ( WANs) 65

Answers
1. Sidney will link all three of Fourth Coffee’s LANs together by creating a:
c. WAN. A WAN is a Wide Area Network which spans a large geographical area.
2. The private, dedicated line that Sidney orders from the phone company to connect the original coffee shop
and the first expansion location is called a:
a. leased line. The cost for a leased line depends upon the speed.
3. Fourth Coffee’s VPN is secure because the data transferred across the public network is:
b. encrypted. Encrypted data is scrambled, which protects it from unauthorized network clients.
Essential details
• WANs can span completely around the world–from the United States to Australia!
• A WAN link selection depends upon a company’s goals for speed, availability, cost, and so on.
• The Plain Old Telephone Service (POTS) is the oldest communications network.
• For small companies, leased lines are a great WAN solution for connecting two locations.
• Always protect data by encrypting it prior to transferring it across the Internet.
FAST TR ACK HELP
• http://www.cisco.com/en/US/docs/internetworking/technology/handbook/
Intro-to-WAN.html
_______ /3
• http://www.microsoft.com/windows/windows-7/features/bitlocker.aspx

OBJECTIVE U N D E R S TA N D I N G N E T WO R K I N G I N F R A S T R U C T U R E S 1 . 3 B
Understand wide area networks (WANs)
SCENARIO: While attending college, Allie accepts an IT internship at Tailspin Toys in Denver, Colorado. She realizes
that this is an amazing opportunity for her to apply the skills that she has learned in her networking classes.
Richard, Tailspin Toys’ CIO, informs her that she will be working with Cristian, another IT intern, who works for
Tailspin Toys in Paris, France. Together they will determine the different types of WAN connections available
in the United States and France. Both locations will use point-to-point, dedicated, digital circuits between their
two local offices within their respective countries. Speed for the digital circuits needs to be a minimum bandwidth
of 1 Mbps. In addition, Allie will need to research different home connection subscriptions available for Tailspin
Toys’ employees so that they can access the company’s network via the Internet.
Allie and Cristian have fun challenges to solve!
1. Cristian determines that the point-to-point, dedicated, digital circuit that is available in Paris and
meets the minimum bandwidth of 1 Mbps is the:
a. E1
b. F1
c. T1
2. Allie determines that the United States’ equivalent to Cristian’s chosen
digital circuit is the: Every country has
a. E1 its own unique
IT standards
b. T1
and procedures.
c. U1
3. One home connection that Allie researches is a high-speed digital
communication technology over standard copper telephone wire called:
a. Cable TV
b. DSL
c. VPN
Understand wide area networks ( WANs) 67

Answers
1. In Paris, the point-to-point, dedicated, digital circuit that Cristian finds that meets the 1 Mbps minimum
bandwidth is the:
a. E1. The E1 is available through Europe and has a bandwidth of 2.048 Mbps.
2. In the United States, Allie determines that the equivalent digital circuit to the E1 is the:
b. T1. The T1 is available through the United States and has a bandwidth of 1.544 Mbps.
3. For home connections, Allie finds a high-speed digital communication technology that operates
over standard copper telephone wire, which is called:
b. DSL. DSL and Cable broadband Internet access technologies are popular choices for connecting home
or small business systems to the Internet.
Essential details
• E1 and E3 are WAN connections available in Europe versus T1 and T3 for the United States.
• DSL and Cable broadband Internet access technologies each have a corresponding modem.
• Dial-up and ISDN have decreased in popularity while DSL and Cable have become more popular.
• Even more WAN technologies exist, such as Frame Relay and ATM (Asynchronous Transfer Mode).
• WAN links need to be optimized for efficient and fast performance.
FAST TR ACK HELP
• http://speedtest.emea.microsoftonline.com/
_______ /3

Understand wireless networking
SCENARIO: Scott wants to set up a wireless network in his family’s house for Internet connectivity. If he is successful
in creating a secure wireless network, his parents will pay for his first semester in IT at college! To ensure his success,
Scott enlists his friend Susan, who has already set up a secure wireless network for her family.
Susan takes Scott on a shopping trip to their local electronics store to purchase the necessary equipment of a
wireless router which supports the most current wireless networking standards. The family’s desktop system will
be wired and their new laptop will use wireless. The family uses DSL for their Internet connection.
After their shopping trip, Susan and Scott start setting up the wireless network. Will Scott succeed and earn a free
semester at college?
1. The most current wireless networking standard is:

a. 802.11n
b. 802.3
c. Bluetooth
2. To provide strong encryption protection without an enterprise authentication
server, Scott uses:
a. SSID
b. WEP Always secure a
wireless network
c. WPA-PSK so that your data
3. After the wireless network is completed, Scott’s Dad sits on the deck and stays safe.
successfully connects the laptop to the Internet through their new,
private, and secure:
a. Gigahertz
b. VLAN
c. Wi-Fi hotspot
Understand wireless networking 69

Answers
1. The wireless networking standard that is most current is:
a. 802.11n. Two of the popular networking standards being used are 802.11g and 802.11n.
2. Strong encryption protection without an enterprise authentication server is provided through:
c. WPA-PSK. WPA-PSK is for personal/small business use; WPA-Enterprise, which uses authentication serv-
ers, is for an enterprise business.
3. On the deck, Scott’s Dad connects his laptop to the Internet through their private and secure:
c. Wi-Fi hotspot. Public Wi-Fi hotspots are available in a variety of locations such as coffee shops,
schools, airports, and restaurants.
Essential details
• Each of the wireless networking standards has different characteristics, such as speed, distance, frequency,
and so on.
• Connect a WAP (wireless access point) to a wired router to provide connectivity between the wireless devices
and wired network.
• WPA (Wi-Fi Protected Access) and WPA2 is more secure than WEP (Wired Equivalent Privacy).
• WP-Enterprise and WP2-Enterprise are used in business environments and work with an
802.1X authentication server.
• The 802.1X authentication method is used in business environments and requires
a certificate or smart card for network access.
_______ /3
FAST TR ACK HELP
• http://standards.ieee.org/getieee802/802.11.html
Set-up-a-security-key-for-a-wireless-network
What-are-the-different-wireless-network-security-methods

Understand network topologies and access methods
SCENARIO: During winter break from college, Jack decides to go skiing at Alpine Ski House, a small wilderness
resort. He brings his laptop to the resort and finds out that wireless Internet connectivity is not available to the
skiers. Alpine Ski House has only one desktop computer connected to the Internet.
Jack decides that this would be a great opportunity for him to apply the skills he is learning in class, so he asks to
speak with the owner of Alpine Ski House, Molly. She willingly discusses her networking dilemmas with Jack. Should
she implement a star or bus network topology? What is a mesh? Does she need a switch? Molly has too many
IT questions and not enough answers, so she decides to hire Jack.
Jack starts to design a network solution for Alpine Ski House between his skiing sessions.
1. The topology concerned with how data gets transferred within the network is the:
a. logical topology
b. mesh topology
c. physical topology
2. The topology considered more reliable because all of the nodes are connected
to each other is the:
a. bus topology
b. mesh topology It is important to
know the advantages
c. star topology and disadvantages
3. What topology should Jack choose for Molly’s network? of various topologies.
a. bus
b. ring
c. star
Understand network topologies and access methods 71

Answers
1. Within the network, the topology that deals with how data gets transferred is the:
a. logical topology. The logical topology works with the physical topology, which is concerned with how
the devices are physically connected together.
2. The topology where all the nodes are connected to each other to form a reliable network is the:
b. mesh topology. Mesh topologies contain redundant wiring that provides multiple paths to the same
destination.
3. For Molly’s network at Alpine Ski House, the topology Jack should choose is the:
c. star. The star is the one of the most popular topologies implemented today because of its low cost and
ease of installation.
Essential details
• Bus topologies were popular along with coaxial cable.
• Mesh topologies are more expensive because of the redundant wiring.
• In star topologies a switch is usually used as the central device along with twisted pair cable.
• Ring topologies are used as backbones for large networks with fiber cable and may contain redundant rings.
• CSMA/CD is similar to a chat room, while CSMA/CA (Collision Avoidance) is similar
to a classroom.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/library/bb632621.aspx _______ /3
• http://www.cisco.com/en/US/docs/internetworking/technology/
handbook/Intro-to-LAN.html
• http://www.giac.org/resources/whitepaper/network/32.php

2 Understanding
Network Hardware
IN THI S C HAP TE R
■ 2.1A Understand switches
■ 2.1B Understand switches
■ 2.2 Understand routers
■ 2.3A Understand media types
■ 2.3B Understand media types

OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . 1 A
Understand switches
SCENARIO: Michelle is logged into one of her social networking sites when she receives an urgent text message
from her friend Robert. Robert is trying to study for his IT networking class final and has some questions
regarding the concepts and needs help. Michelle offers to meet Robert at Fourth Coffee.
While Michelle and Robert are studying at Fourth Coffee, Sidney, the IT Consultant at Fourth Coffee, stops by the
table to say hi to Michelle, who is a friend of hers. Michelle tells Sidney that she is helping Robert study for a test.
Sidney tells Robert that it is more fun to look at real equipment to learn the concepts and offers them a tour of
Fourth Coffee’s IT network.
While on the tour, Sidney starts to quiz Robert about the different networking components. Robert passes
Sidney’s test. What about you?
1. A computer’s MAC address is:

a. assigned by a Network Administrator
b. located on the NIC
c. acquired from an ISP (Internet Service Provider)
2. The OSI model is to networking as:
a. music is to a Zune
b. cookies are to milk A MAC address is
c. fashion rules are to fashion also called a physical
address and can be
3. A smart Layer 2 device that has an IP address, connects the office computers viewed with ipconfig/all.
together, and provides full bandwidth to each port is called a:
a. managed hub
b. managed switch
c. unmanaged switch
Understand switches 75
Answers
1. The MAC address for a computer is:
b. located on the NIC. The MAC address is determined by the vendor of the NIC.
2. The OSI model is to networking as:
c. fashion rules are to fashion. Just as stripes and solids do not usually match, networking devices
perform certain functions and follow specific rules based on their OSI model layer.
3. A device that provides full bandwidth to each port, connects computers together, has an IP address, and
operates at Layer 2 of the OSI model is a:
b. managed switch. Switches that are managed contain an IP address.
Essential details
• Know the layers of the ISO’s (International Standards Organization) OSI model.
• Hubs and repeaters are Layer 1 devices, switches and NICs are Layer 2, and routers are Layer 3.
• Switches can create VLANs (Virtual Local Area Networks), which isolate network broadcast traffic.
• Bandwidth is the throughput or the data transfer rate.
• If you have a fast port but a slow cable, the network will operate at the slowest speed, which is the cable’s
speed.
FAST TR ACK HELP
• http://www.cisco.com/cisco/web/solutions/small_business/resource_center/
articles/connect_employees_and_offices/what_is_a_network_switch/index.html _______ /3
Intro-to-Internet.html
• http://www.cisco.com/en/US/prod/switches/
networking_solutions_products_genericcontent0900aecd806c7afe.pdf
76 CHAPTER 2: Understanding Network Hardware

OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . 1B
Understand switches
SCENARIO: Joel is working in his college dorm room on a term paper when he loses Internet connectivity.
Because his laptop seems fine, Joel decides to enlist his friend Scott, who manages the dorm’s network, to help
him out.
Joel finds Scott and they go to the dorm’s network room to determine what has happened. While in the network
room, Joel learns more about how the dorm’s LAN is configured. Joel remembers that switches operate at
Layer 2 and shares that with Scott. However, Scott informs Joel that there are actually Layer 3 switches, too! Scott
also tells Joel that a new switch module is expected next week and hardware redundancy is being added.
After the issue is resolved, Joel returns to his dorm room to work on the term paper. However, he keeps thinking
about all he has learned and realizes that IT is both challenging and fun!
1. A Layer 3 switch performs:

a. Layer 2 forwarding and Layer 3 switching in hardware
b. Layer 2 segmenting and Layer 3 switching in hardware
c. Layer 2 switching and Layer 3 forwarding in hardware
2. A switch is to a network as:
a. a frame is to a picture
b. a portal is to the web It is important to
c. a case is to a computer know the layers of
the OSI model and
3. A motherboard is to a computer as: how they operate.
a. a backplane is to a switch
b. a MAC address is to a switch
c. a certificate is to a switch
Understand switches 77
Answers
1. The sophisticated Layer 3 switch performs:
c. Layer 2 switching and Layer 3 forwarding in hardware. This is a very smart device operating
at a higher layer!
2. A switch is to a network as:
b. a portal is to the web. A switch is a connection point for all local clients just like a portal is a collection
point for different web resources.
3. A motherboard is to a computer as:
a. a backplane is to a switch. Modules may be inserted into a switch’s backplane for expansion and
upgrading purposes.
Essential details
• Switches are more than just a connection point for computers in a LAN.
• Choose the right networking device for the specific goal.
• Hardware redundancy provides highly available networks.
• Managed switches provide more options for network support.
• Use VLANs to segment systems from each other, which in turn enhances security.
FAST TR ACK HELP
• http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-2/
switch_evolution.html _______ /3
How-do-hubs-switches-routers-and-access-points-differ

OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . 2
Understand routers
SCENARIO: After setting up his family’s wireless network, Scott decides that he needs to acquire more hands-on
experience using routers. Ty, his friend, recommends volunteering at the local Humane Society because he has
heard that they have a lot of IT issues.
Scott approaches the Director of the Humane Society, Justin, about volunteering. Justin immediately welcomes
Scott to his team! Justin would like Scott to install a network that will connect the five desktop systems that they
currently have in the office to a server. Through the network the employees should have Internet access. Plus, he
would like to establish a connection to a different Humane Society’s server in a neighboring town so that they
can share information. Justin anticipates expansion and would like to plan accordingly.
Scott is thrilled to receive this opportunity and knows he has a lot of studying to do!
1. The Humane Society cannot afford a router but they do have a switch and a Windows Server.
What should Scott do?
a. tell Justin that they’ll have to wait until they can afford a router
b. use the switch because a Layer 2 device can perform the same functions as a router
c. use the switch to connect the desktops and servers and then install routing software
on the server
2. One week later a router is installed and Scott needs to figure out what routes Routers are very
the router knows, so he: smart Layer 3 devices
a. accesses the router’s NAT database and views the routes that are used to connect
b. accesses the router’s routing table and views the routes networks together.
c. pings the router and it returns the routes
3. When Scott views the routes he sees that the router is learning new routes
because of:
a. dynamic routing
b. NAT
c. static routing
Understand routers 79
Answers
1. Because the Humane Society has a switch and a Windows Server, Scott should:
c. use the switch to connect the desktops and servers and then install routing software on the
server. Through software, Windows Server can act just like a router and perform the same functions.
2. To determine what routes the router knows, Scott:
b. accesses the router’s routing table and views the routes. The routing table contains static and
dynamic routes.
3. The router is learning new routes as a result of:
a. dynamic routing. The router continuously learns about new routes and routes that are no longer
available.
Essential details
• Routing tables are shared between neighboring routers.
• The router always chooses the best path with the lowest cost from source to destination.
• NAT allows a private address to be translated to a public address for Internet access.
• Computers, routers, and other IP devices need a unique 32-bit IP address and a 32-bit IP subnet mask to
communicate in an IP network.
• Computers also need a gateway address, which is the connected router’s IP address.
FAST TR ACK HELP
• http://www.cisco.com/en/US/tech/tk648/tk361/ _______ /3
technologies_tech_note09186a0080094831.shtml
• http://www.cisco.com/cisco/web/solutions/small_business/resource_center/
articles/connect_employees_and_offices/
what_is_a_network_switch/index.html
• http://technet.microsoft.com/en-us/network/bb545655.aspx

OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . 3A
Understand media types
SCENARIO: Ever since The School of Fine Art has been actively participating in different social networking sites,
their enrollment has been exceeding their building’s capacity! Jon, the CIO, and Brian, the IT Manager, are
working through the different options available for wiring the new building they are planning to build in spring
and possibly updating the existing building.
Jon is concerned about the planned long distance between the two buildings, interference from different
electrical issues the School of Fine Art has been experiencing, and choosing the best media for the their goals.
Brian and Jon discuss the best cabling options available for their new building and start planning the long-term
goals for the School of Fine Art.
1. The best media choice for data to travel long distances without the risk of interference is:
a. fiber
b. thin coax
c. unshielded twisted-pair
2. Fiber:
a. can only be used for short distances
b. is extremely inexpensive
c. transmits data in the form of light It is important to
know the advantages
3. Any type of undesirable electromagnetic emission or electrical/electronic and disadvantages of
disturbance is known as: the different cable types!
a. EIGRP
b. EMI
c. STP
Understand media types 81

Answers
1. The best media choice for data to travel long distances without the risk of interference is:
a. fiber. Fiber is an excellent choice for long distances and it keeps data secure.
2. Fiber:
c. Transmits data in the form of light. Data traveling via fiber cable is transferred extremely fast for
long distances.
3. Interference in the form of electromagnetic emission or electrical/electronic disturbance is known as:
b. EMI. Interference can alter, modify, and drop data as it is transferred across media.
Essential details
• Fiber has a variety of different type of connectors that connect into switches, routers, and so on.
• Fiber is available in single-mode and multimode.
• Coax is commonly used for TV connections today rather than enterprise network installations.
• UTP is commonly used today in star and extended star topologies because it is inexpensive and easy
to install.
• Wireless provides many advantages over traditional cabling choices and therefore continues to increase
in popularity.
FAST TR ACK HELP
• http://www.ciscopress.com/articles/article.asp?p=31276&seqNum=4
_______ /3
• http://www.youtube.com/watch#!v=PqmFne1gel4&feature=related
• http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/
networking_solutions_package.html

OBJECTIVE U N D E R S TA N D I N G N E T WO R K H A R DWA R E 2 . 3 B
Understand media types
SCENARIO: The School of Fine Art created a project plan to design a network closet for their new building on
campus. Jon, the CIO, would like to recruit students from a local community college to assist with this project.
Mary Kay, one of the recruited students, becomes the project leader. The first task assigned to the students will
be to choose the appropriate cable type to use for wiring the required classrooms and the backbone of the LAN.
The media goals for the cable running to the classrooms include ease of installation, keeping costs low, and being
wired. The media goals for the backbone include being fast and being redundant. The backbone cabling will be
more expensive and that is incorporated into the budget.
Mary Kay and her team of students are ready for the challenge! Are you ready to join the team?
1. Based on the media goals, the type of cable that should be run to the classrooms is:
a. coaxial
b. fiber
c. UTP
2. Based on the media goals, the type of cable that should be used for the backbone is:
a. fiber
b. STP
c. wireless The speed and
intended distance
3. Jon asks Mary Kay what media she would recommend for the common areas. are critical factors
She replies: in selecting transmission
a. “Wireless, because of ease of installation and flexibility.” media.
b. “Fiber, because of its low cost.”
c. “Wireless because it is secure by default without any configuration.”
Understand media types 83

Answers
1. Mary Kay and her team analyze the media goals for the classroom and choose:
c. UTP. UTP is the popular choice for a variety of wired installations because it is inexpensive and
easy to install.
2. Mary Kay and her team analyze the media goals for the backbone and choose:
a. fiber. Fiber is the popular choice for enterprise backbones and may be implemented in dual rings to
provide redundancy.
3. For the type of media to install in the common areas, Mary Kay quickly and easily answers:
a. “Wireless, because of ease of installation and flexibility.” Wireless is the preferred choice even
though it will have to be configured to make it more secure.
Essential details
• UTP cables in LANs contain RJ45 connectors.
• Cat 5e and 6 are popular for new UTP installations.
• Because of safety concerns, it is relatively easy to create UTP cables and a lot more difficult
to create fiber cables.
• Cables need to be organized efficiently and properly labeled.
• Know and follow the maximum distances for cable runs and even for wireless
deployments.

• http://www.belden.com/03Products/03_CableBasics.cfm
• http://www.ciscopress.com/articles/article.asp?p=169686

3 Understanding
Protocols and Services
IN THI S C HAP TE R
■ 3.1A Understand the OSI model
■ 3.1B Understand the OSI model
■ 3.2 Understand IPv4
■ 3.3A Understand IPv6
■ 3.3B Understand IPv6
■ 3.4 Understand names resolution
■ 3.5 Understand networking services
■ 3.6 Understand TCP/IP

OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . 1 A
Understand the OSI model
SCENARIO: Cassie and her friend Christian have just accepted new jobs at Lucerne Publishing. Cassie will be an IT
Networking Technician supporting Microsoft Windows Servers. Christian will be an IT Web Developer working on
Lucerne Publishing’s website.
On their first day of work they attended Lucerne Publishing’s new employee orientation to learn all about the
company’s policies. Various individuals provided lots of detailed information regarding policies and procedures
related to their various departments.
After the orientation Cassie turned to Christian and began talking with him about what they had just learned
during their orientation. Christian tells Cassie that the conversation reminds him of when they were in school and
she would quiz him on what they had just learned in class. Can you pass Cassie’s quiz on the OSI model?
1. The OSI model contains:

a. three layers
b. five layers
c. seven layers
2. Data is placed onto the physical network medium at the:
a. application layer
b. network layer Remember the
c. physical layer OSI model’s layers
and their order via a
3. OSI is to networking as: mnemonic phrase – All
People Seem To Need
a. a text message is to a mobile phone Daily Praise!
b. a game rule is to football
c. a word is to a book
Understand the OSI model 87

Answers
1. In the ISO’s OSI model there are:
c. seven layers
2. The layer where data is placed onto the physical network medium is called the:
c. physical layer. The Physical layer (Layer 1) puts the data onto the wire at the source computer and then
it is sent to the destination computer.
3. OSI is to networking as:
b. a game rule is to football. It is important to follow the standards when networking just like it is
important to follow the game rules when playing football.
Essential details
• Know the OSI model’s seven layers and the standards they represent.
• Standards are followed so that computers and devices can speak the same language in order to
communicate with each other.
• Each layer communicates with the other layers directly above and below.
• Data is encapsulated or wrapped up at each layer within a different wrapper.
• Protocols are a set of rules that provide guidelines for computer communication.
FAST TR ACK HELP
_______ /3
Intro-to-Internet.html
88 CHAPTER 3: Understanding Protocols and Services

OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . 1B
Understand the OSI model
SCENARIO: Cassie is excited as she arrives for her second day on the job at Lucerne Publishing as an IT Network-
ing Technician. She will job shadow Holly for a couple of days to learn more about her job responsibilities.
Holly gives Cassie a tour of Lucerne Publishing’s datacenter, which contains all of the Microsoft Windows Servers
that Cassie will help support. As they are leaving the datacenter, Brian from the Accounting Department stops
Holly to tell her that he has been having a problem connecting to the network. Holly tells Brian that she and
Cassie will help solve the problem.
To solve Brian’s problem, Holly and Cassie use tools to gather information about his IP address and then work
through the layers of the TCP/IP model to determine why his computer is having networking problems. The prob-
lem will be solved quickly with knowledge of the OSI model!
1. The TCP/IP model contains:

a. four layers and is not used today
b. four layers and follows the standards of the OSI reference model
c. seven layers and was created before the OSI model
2. All hosts participating in a TCP/IP network, including Brian’s computer,
are assigned:
a. a MAC address The ipconfig
b. a port number and ipconfig/all
c. an IP address commands provide
information that is
3. A packet at Layer 3 becomes: useful for troubleshooting
a. a frame at Layer 2 networks.
b. a packet at Layer 2
c. a network address
Understand the OSI model 89

Answers
1. The TCP/IP model contains:
b. four layers and follows the standards of the OSI reference model. The TCP/IP model is an actual
implementation of the OSI reference model even though it contains fewer layers.
2. All hosts participating in a TCP/IP network, including Brian’s computer, are assigned:
c. an IP address. All computers and devices in a TCP/IP network need an IP address, subnet mask, and
default gateway.
3. A Layer 3 packet becomes:
a. a frame at Layer 2. Data encapsulation at Layer 3 takes the form of a packet and at Layer 2 turns
into a frame.
Essential details
• The TCP/IP model, or the TCP/IP protocol suit, contains four layers and protocols at each layer.
• Different encapsulation types exist at the different layers, such as packets at the Network layer.
• TCP operates at the Transport layer and IP operates at the Network layer.
• All computers and devices participating in a TCP/IP network require an IP address,
subnet mask, and default gateway.
• There are a few ports that should be remembered including: 53 (DNS),
80 (HTTP), 25 (SMTP), 110 (POP3).

• http://windows.microsoft.com/en-US/windows-vista/Change-TCP-IP-settings
• http://technet.microsoft.com/en-us/sysinternals/bb897557.aspx

OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . 2
Understand
U N DIPv4
OBJECTIVE E R S TA N D I N G AC T I V E D I R E C TO RY 3 . 3
SCENARIO: Today is the first day of college classes for Paul and he is looking forward to learning more about
networking mobile devices.
Paul has several items on his to-do list before going to his first class. First, he stops by the registration desk to
make a quick change to his schedule. The Registrar asks him for his student identification number so that she
can process the change. Next, he stops by the bookstore and the cashier asks him for his student identification
number so that she can process his book order. Luckily, he finds his classroom just in time for the class to begin.
After class, Paul tells his friend Scott that the professor talked about IP version 4 addresses. Scott decides to quiz
Paul because Scott has already taken the class and is sure he knows what Paul should have learned today!
1. An IP address is to a computer as:

a. a student identification number is to a student
b. chocolate is to a chocolate chip cookie
c. fur is to a polar bear
2. Characteristics of IPv4 include:

a. classes and 32-bit addresses
b. classes and 64-bit addresses
c. zones and 32-bit addresses IPv4 is still used
everywhere even
3. A default gateway is also known as: though IPv6 is also
a. an access point available.
b. a switch
c. a router
Understand IPv4 91
Answers
1. An IP address is to a computer as:
a. a student identification number is to a student. An IP address is unique to a computer just like each
student has a unique identification number that is different from all of the other students’ identification
numbers.
2. IPv4 characteristics include:
a. classes and 32-bit addresses. IPv4 contains Class A through E classes and all IP addresses
are 32-bit in length.
3. Another name for a default gateway is:
c. a router. The router provides a way for local subnet traffic to exit their subnet and travel to another
network as their final destination.
Essential details
• IP addresses contain four octets and each octet contains eight bits.
• Ranges of IP addresses are reserved for private networks.
• A broadcast address is similar to an e-mail distribution list because information that is sent to a specific
broadcast address will be sent to all devices on that specific subnet.
• Servers use static addresses; clients use dynamic IP addresses.
• DHCP servers provide IP addresses to clients for a set lease time.


OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . 3A
Understand
OBJECTIVE
IPv6
U N D E R S TA N D I N G AC T I V E D I R E C TO RY 3 . 4
SCENARIO: Today is finally the day that Randy is going to upgrade his current mobile phone!
When Randy arrives at The Phone Company, which sells almost every phone available, he is approached by
sales associate Laura. Laura is eager to help him choose a phone to meet his needs. Randy has some questions
regarding the two models he has preselected. Laura does an excellent job in explaining the differences between
the two phones. One economy model has a touch screen but does not offer scalability, or expansion, for future
needs because it only supports IPv4 addresses. Another model has the best of everything, including a large touch
screen and support for both IPv4 and IPv6.
Randy is torn between saving money and having a leading-edge phone. Laura tells him to consider his goals
regarding how he will use his phone and how long he intends to keep his phone. If you were Randy, which phone
would you choose?
1. IPv4 is to IPv6 as:

a. English is to Danish
b. Microsoft Windows XP is to Microsoft Windows 7
c. Microsoft Word 2010 is to Microsoft Word 2007
2. If Randy buys the IPv6 phone and uninstalls IPv4 support, he can still
communicate with an IPv4 device when he: An IPv6 address
a. is connected to a IPv4 default gateway contains eight groups
b. is connected to a Dual Stack Architecture network of hexadecimal
c. converts his IPv6 address to an IPv4 address manually characters separated by
colons. Example: 3ffe:
3. Randy’s new IPv6 phone would have a: ffff:0000:2f3b:02aa:
a. 32-bit IP address 00ff:fe28:9c5a!
b. 64-bit IP address
c. 128-bit IP address
Understand IPv6 93
Answers
1. IPv4 is to IPv6 as:
b. Microsoft Windows XP is to Microsoft Windows 7. Because businesses are moving to Windows 7,
it is becoming the new standard, similar to the way businesses are migrating to IPv6.
2. IPv4 devices and Randy’s IPv6 phone may still communicate with each other when Randy:
b. is connected to a Dual Stack Architecture network. A network environment that is running both
IPv4 and IPv6 simultaneously will provide communication between the two standards.
3. The new IPv6 phone that Randy may buy would have a:
c. 128-bit IP address. IPv4 addresses are 32 bits and IPv6 addresses are 128 bits.
Essential details
• IPv4 addresses contain the numbers 0-255 and IPv6 addresses contain hexadecimal characters.
• Hexadecimal characters include the numbers 0-9 and letters A-F.
• IPv6 is becoming the new standard.
• Windows provides support for both IPv4 and IPv6 through the Dual Stack Architecture.
• Teredo, ISATAP, and 6to4 are tunneling technologies that provide transitional and
backward compatibility between IPv6 and IPv4 networks.
FAST TR ACK HELP
_______ /3
IPv6-frequently-asked-questions
• http://technet.microsoft.com/en-us/network/cc917486.aspx

OBJECTIVE U N D E R S TA N D I N G PR OTO C O L S A N D S E RV I C E S 3 . 3 B
Understand IPv6
SCENARIO: Classes are finished for the semester and winter break has begun. Next semester all classes will use
e-books, so Doug has decided to sell his current physical books to make a little extra money to buy great
holiday gifts for his family and friends. Doug chooses to sell his books through Lucerne Publishing’s new website.
He registers on the website, lists his books, and is ecstatic that one of the books sells immediately.
After receiving the shipping details and packaging the book, it occurs to him that the process of addressing and
packaging the book is similar to the way IP packets are structured and encapsulated. The book is encapsulated
into an envelope and the envelope contains both his return address and the address for its final destination—just
like an IP packet contains a source and destination address!
1. At the Networking Layer, in an IPv6 network, data is encapsulated into an IPv6:

a. envelope
b. header
c. packet
2. An IPv6 subnet mask is written in:

a. decimal
b. hexadecimal
c. octal Ipconfig displays
both IPv4 and IPv6
3. Subnet masks are to an IP address as a: addresses.
a. keyboard is to a computer
b. website is to a link
c. zip code is to a postal address
Understand IPv6 95
Answers
1. In an IPv6 network, at the networking layer, data is encapsulated into an IPv6:
c. packet
2. A subnet mask for IPv6 is written in :
b. hexadecimal. IPv6 subnet masks are written in hexadecimal; IPv4 subnet masks are in decimal.
3. Subnet masks are to an IP address as a:
c. zip code is to a postal address. A zip code determines the city and state a package is to be
delivered to, which is similar to performing a bitwise AND operation of the subnet mask
and IP address to determine the subnet of the IP address.
Essential details
• IPv4 and IPv6 packets both contain the source and destination IP addresses that are used by the router to
route the packet.
• IPv6 addresses contain a dedicated subnetting portion.
• Identify the subnet that an IP address belongs to in a network by performing a bitwise AND operation of the
subnet mask and IP address.
• The loopback address for IPv4 is 127.0.0.1 and for IPv6 is 0:0:0:0:0:0:0:1 or ::1 (compressed
format).
FAST TR ACK HELP
• http://www.cisco.com/en/US/products/ps6553/ _______ /3
products_ios_technology_home.html
• http://msdn.microsoft.com/en-us/library/aa915659.aspx
• http://www.juniper.net/techpubs/en_US/junos9.6/
information-products/topic-collections/config-guide-routing/
id-10122335.html

Understand names resolution
SCENARIO: Laura Steele is packing for her big trip to Australia. Her IT Internship class is travelling to Australia
to study IT best practices in a different country. She is looking forward to the adventure and to expanding her
knowledge. She knows that her career could take her any place in the world!
At the airport, Laura and her classmates check in at the Blue Yonder Airlines ticket counter. The ticket agent asks
Laura her name and she tells the agent that her full name is Laura Steele Polly. Next, the ticket agent asks Laura
for her driver’s license number and Laura provides it to the ticket agent. The names and license number indicate
that both refer to the same individual. Finally, after the ticket agent is fully satisfied that “Laura Steele” is really
“Laura Steele Polly,” Laura is given her boarding pass.
After receiving their boarding passes the students stand in the security line. While waiting for their turn, the
students talk about the ticket check-in procedures. Laura Steele shares with her classmates that the
check-in procedure reminds her of name resolution. Is it similar?
1. A domain name is to an IP address as:

a. a kangaroo is to Australia
b. Laura Steele’s name is to her driver’s license number
c. Laura Steele’s student identification number is to her name
2. When Laura Steele browses the Web on her mobile phone and types It is usually easier
in http://www.microsoft.com and presses Enter: to remember domain
a. the domain name Microsoft.com is resolved to an IP address names and more
b. the IP address is a calculated address based on the domain name difficult to remember
IP addresses.
c. WINS checks the local LMHOSTS file and determines the MAC address
of the domain name
3. The server that translates domain names to their corresponding

IP addresses is called a:
a. DHCP server
b. DNS server
c. WINS server Understand names resolution 97
Answers
1. A domain name is to an IP address as:
b. Laura Steele’s name is to her driver’s license number. Both resolve a name to a number
and identify the same location or person.
2. On her mobile phone, when Laura Steele types in http://www.microsoft.com and presses Enter:
a. the domain name microsoft.com is resolved to an IP address. The domain name microsoft.com will
be translated by a DNS server to its respective IP address.
3. Domain names are resolved to their corresponding IP addresses by the:
b. DNS server. DHCP servers provide dynamic IP addresses to clients, DNS servers resolve domain names
to IP addresses, and WINS servers map computer NetBIOS names to IP addresses.
Essential details
• WINS servers resolve NetBIOS names to IP addresses and assist in reducing NetBIOS traffic on subnets.
• DNS servers resolve domain names to IP addresses.
• DNS servers are part of the Internet’s infrastructure.
• DNS servers are also used in both enterprise and small business networks.
• Different DNS record types exist on a DNS server.
FAST TR ACK HELP
_______ /3

Understand networking services
SCENARIO: Fourth Coffee’s business continues to grow. Josh, Fourth Coffee’s owner, has decided to expand to
California. Sidney, his IT consultant, will travel to Santa Clara, California and set up a remote wireless network that
will be connected to Fourth Coffee headquarters in Seattle, Washington. Sidney will configure the wireless router
to act as a DHCP server. There will be an onsite file server which will provide access to local resources, as well as
provide DNS services. In addition, Josh would like to be able to access the network remotely so that he can keep
up with business while on the road.
As Sidney leaves Fourth Coffee to catch her flight home, Josh stops her and asks how IPsec could be used in their
network infrastructure. Sidney laughs and asks Josh if he has been busy reading his latest computer magazine
online. He smiles and wishes her a safe trip.
1. The DHCP server will provide a:

a. dynamic IP addresses to the clients
b. static IP addresses to the clients
c. static IP addresses to the servers
2. A Remote Access Server is to a client as a:

a. lion is to Africa
b. locked car door is to a car When a system
c. pixel is to a digital camera boots up it requests an
IP address from a DHCP
3. Regarding Josh’s question, IPsec is: server through the DORA
a. a protocol suite used for securing IP communications (Discover, Offer, Request,
b. used to assign static and dynamic IPv6 address to clients Acknowledge) process
c. used to provide security to IPv6 addresses
Understand networking ser vices 99

Answers
1. Servers that offer DHCP services provide a:
a. dynamic IP address to the clients. Dynamic IP addresses are assigned to clients and can change when
a lease is renewed. Static IP addresses are assigned to a server so they retain the same address and can
be easily located.
2. A Remote Access Server is to a client as a:
b. locked car door is to a car. A Remote Access Server (RAS) is protected by a firewalls, and if a client
is authenticated the client will be able to access the RAS’s services just like a key will allow a driver to
access a car.
3. To answer Josh’s question, IPsec is :
a. a protocol suite used for securing IP communications. IPsec consists of open standards and uses
cryptographic security services.
Essential details
• Clients are generally assigned dynamic address.
• Servers are assigned static address so that they may be easily located on a network.
• DHCP servers assign dynamic addresses to clients.
• Remote Access Servers, also known as Communication Servers, provide access
to remote network resources.
• IPsec, created by IETF (Internet Engineering Task Force), secures IP communications
through secure authentication and encryption.
_______ /3
FAST TR ACK HELP

Understand TCP/IP
SCENARIO: Sara just received an interesting e-mail from Andrew. Sara met Andrew a year ago in her first
networking class at Maple College and ever since then they have been spending a lot of time together
studying. However, now things have changed and Andrew has just asked her out on a real date!
She immediately replies to the e-mail and says, “Yes!” Immediately after hitting “send,” Sara receives an
e-mail indicating that her reply e-mail to Andrew was not delivered. Sara reaches for her mobile phone and
begins texting Andrew when it dawns on her that she might possibly fix this computer problem—or at least
determine what might have gone wrong.
Will she be able to resolve the problem so that she can go on a date with Andrew? Can you help her?
1. Sara first decides to use the pathping tool because it:

a. acts as a terminal emulation program that will automatically troubleshoot the issue
b. determines the degree of packet loss along the path the data is traveling
c. shows the route that is taken by the packet as it moves across the IP network
2. Next Sara tries to see if she can reach the default gateway by using the…
a. netstat tool
b. ping tool
c. loopback address Using the
analytical tools in the
3. Based on the results, Sara decides that she needs to refresh her most efficient order
DHCP settings by using the: will save time.
a. telnet tool
b. ipconfig tool
c. local loopback IP
Understand TCP/IP 101

Answers
1. The pathping tool that Sara used:
b. determines the degree of packet loss along the path the data is traveling. This is a useful tool;
however, Sara could have saved time by first checking her computer’s connectivity to the default
gateway.
2. To see whether her computer can reach the default gateway she used the:
b. ping tool. Depending upon the issue, the ping tool is usually one of the first tools used during
troubleshooting.
3. To refresh her DHCP settings, Sara used the:
b. ipconfig tool. The ipconfig/release will release Sara’s current IP address and the ipconfig/renew will
give her computer a new IP address.
Essential details
• To check connectivity, first ping your loopback address (127.0.0.1), then ping your computer’s IP address, then
ping your default gateway, and finally ping the remote host.
• Ping contains different options for IPv4 and IPv6.
• Ipconfig/all displays lots of useful information, including DNS servers.
• Tracert traces the route a packet takes from the source to destination.
• Telnet logs into a router or computer.

Using-command-line-tools-for-networking-information
• http://www.cisco.com/en/US/tech/tk828/
technologies_tech_note09186a00800a61c7.shtml

MTA 98-367
SECURITY
FUNDAMENTALS
1 Understanding
Security Layers
IN THI S C HAP TE R
■ 1.1 Understand core security principles
■ 1.2 Understand physical security
■ 1.3 Understand Internet security
■ 1.4 Understand wireless security

OBJECTIVE U N D E R S TA N D I N G S E C U R I T Y L AY E R S 1 . 1
Understand core security principles
SCENARIO: Blue Yonder Airlines has expanded over the past 18 months and has recently gone through a security
audit to ensure that the technical system is secure. Several areas needing improvement were identified. The CIO
has asked Toni Poe, Blue Yonder Airlines’ security consultant, to provide some essential security training for the
front-line staff. The goal is to minimize the risk for potential security threats by educating staff members in the
area of social engineering, as well as some basic security principles.
Toni has assessed the security rights of each staff member related to computer access and perimeter access.
Toni notes that some staff members have elevated privileges to access Blue Yonder Airlines intranet site. He also
knows that it is important to stress the Confidentiality, Integrity, and Availability triangle in his training.
1. Toni plans to implement the principle of least privilege. How will this affect the staff members?
a. staff members will maintain their current access to all resources
b. staff members will be granted the smallest set of privileges to the resources
c. staff members will have to log on as administrator to have access to their resources
2. What would be an example of providing availability as it relates to security training?
a. making sure all the workstations are turned on
b. ensuring that all staff members have perfect attendance for work
c. protecting against a Distributed Denial of Services attack Social engineering
is not related to social
3. What is an example of social engineering? networking. The ultimate
a. calling a staff member while pretending to be someone else to gain information goal of a hacker is to
that can provide access to sensitive information obtain as much information
b. developing social awareness of security threats within an organization by exploiting the human
side of security.
c. building a social networking website
Understand core security principles 107

Answers
1. Implementing the principle of least privilege means that:
b. staff members will be granted the smallest set of privileges to the resources
2. Providing availability as it relates to security training means:
c. protecting against a Distributed Denial of Services attack
3. An example of social engineering could include:
a. calling a staff member while pretending to be someone else to gain information that can
provide access to sensitive information
Essential details
• The CIA (confidentiality, Integrity and Availability) Triangle is the concept of ensuring the prevention
of unauthorized disclosure of information, the erroneous modification of information, and the prevention of
unauthorized withholding of information or resources.
• The principle of least privilege requires that each subject in a system be granted the most restrictive set of
privileges (or lowest clearance) needed for the performance of authorized tasks.
• Social engineering is any type of behavior that can inadvertently or deliberately aid an attacker in gaining
access to a user’s password or other sensitive information.
FAST TR ACK HELP
_______ /3
108 CHAPTER 1: Understanding Security Layers

Understand physical security
SCENARIO: Erin Hagens has just been promoted to security officer for Woodgrove Bank. This position carries
huge responsibility for the safety of the customer’s money and information, not to mention the bank’s
reputation. This role necessitates that she keep current on a long list of requirements for securing Woodgrove
Bank. A banking industry regulatory agency has informed Erin that the bank will undergo a security audit to
ensure that they are in compliance with industry regulations and standards. Erin understands the request and
must do her due diligence to provide whatever information the regulators need as they target potential security
holes. Her biggest concern is the physical security of the bank’s systems.
1. What can Erin do to ensure physical security of the bank desktop computers?
a. disable the use of floppy drives or USB drives by using group policies
b. have a guard posted in every cubical area
c. obtain locking mechanisms for each desktop so they cannot be carried away
2. Erin has a concern that people can authenticate to the servers in the data center. What can she do
to prevent normal users from logging onto those systems?
a. make sure the server is locked up
b. remove the keyboards from all servers
c. create a group policy that applies to the servers to Deny Log on Locally It may not be
for all non-administrative users financially feasible or
3. What can Erin do to prevent the use of key loggers in the bank? physically possible for
the bank to convert
a. ensure that the terminals are locked and do a periodic inspection of the ports
all systems to touch
on the systems screens.
b. nothing—Erin cannot control what gets plugged into her computers
c. convert all computers to touch screen monitors
Understand physical security 109

Answers
1. To ensure physical security of desktop computers, Erin can:
a. disable the use of floppy drives or USB drives by using group policies. Most computers do have a
mechanism to attach a locking device to the desktops, however, disabling USB and floppy drives
disables a larger threat.
2. To prevent normal users from logging onto the systems, Erin can:
c. create a group policy that applies to the servers to Deny Log on Locally for all
non-administrative users. A bigger issue is people are in the data center with physical
access. However, normal users should not have the ability to log on locally.
3. To prevent the use of key loggers in the bank, Erin will have to:
a. ensure that the terminals are locked and do a periodic inspection of the ports on the systems
Essential details
• Keystroke logging (often called key logging) is the process of recording the keys typed on a keyboard,
typically without the users’ knowledge.
• Access controls are the mechanisms for limiting access to certain items of information or to certain controls
based on users’ identities and their membership in various predefined security groups..
FAST TR ACK HELP
• http://www.microsoft.com/smallbusiness/security.aspx
_______ /3

Understand Internet security
SCENARIO: Terry Adams is the desktop administrator for Tailspin Toys. To stay current with the latest Internet
technologies, Tailspin Toys has decided to upgrade their browsers to Internet Explorer (IE) 8. Terry wants to
make sure that they utilize many of the security features built into the browser while still maintaining functionality
within the company’s intranet. Terry also would like to educate his users to be good “Internet citizens” and
practice safe web surfing. He knows that the first line of defense in Internet security is an informed and
skilled user.
1. Terry wants to configure the Internet zone feature in IE 8 in such a way that users can easily access
content on the local intranet while still maintaining a high level of security. What should he do?
a. create a perimeter network and make sure the intranet site is located there and have a single PC in each
department designated the Intranet Browsing PC (IBPC)
b. go into the Internet Options, choose Security and add their intranet site to the list of Local Intranet Sites
c. print the content of the intranet site weekly and distribute it through interoffice mail
2. What can Terry tell his staff to look for to be assured that they are on a secured website?
a. a padlock in the lower right corner of the browser and https:// in the address bar
b. the contact information on the site
c. they should not be browsing secure sites because you can’t trust any site
The default level in
3. What is the security level set to in the Restricted Sites zone? the restricted sites
a. low; the sites are restricted and therefore not a concern zone is set to High.
b. high; disables most features, has the maximum safeguards, and protects
against harmful content
c. medium; a nice balance between too restrictive and too open
Understand Internet security 111

Answers
1. To configure the Internet zone feature in IE 8 and enable users to easily browse the local intranet, Terry
should:
b. go into the Internet Options, choose Security and add their intranet site to the list of Local
Intranet Sites
2. To be sure that they are on a secure site, staff members can look for a:
a. a padlock in the lower right corner of the browser and https:// in the address bar. This does not
guarantee that the site is secure. However, it is a start.
3. The security level in the Restricted Sites zone is:
b. high; disables most features, has the maximum safeguards, and protects against harmful
content
Essential details
• An Internet zone contains websites that are not on your computer or on your local intranet, or that are not
already assigned to another zone. The default security level is Medium.
• A secure site is a website with the capability of providing secure transactions, ensuring that credit
card numbers and other personal information will not be accessible to unauthorized parties..
FAST TR ACK HELP
_______ /3

Understand wireless security
SCENARIO: Pilar Ackerman is the systems administrator for Fourth Coffee—a national chain of very popular and
profitable coffee cafés. Competition in the coffee café business is fierce! To maintain a competitive edge, Fourth
Coffee plans to add open, high-speed, wireless access for their customers and secured wireless for employees at
all 200 Fourth Coffee locations. Pilar is faced with several security concerns and must ensure that their business
traffic is secured. In addition to that, he is under pressure to make this new feature a winning strategy.
1. What is the most secure protocol that Pilar can implement to ensure that the business-related
traffic is encrypted?
a. Wired Equivalent Privacy (WEP)
b. WiFi Protected Access (WPA) 2
c. Extensible Authentication Protocol (EAP)
2. Aside from encrypting the business wireless traffic, what else can Pilar do to add another
level of security?
a. implement access point isolation and hide the Service Set Identifier (SSID)
b. turn off the business access points when customers come in
c. enable MAC filtering
3. Pilar would like his employees to be independent in troubleshooting their own Power cycling the
wireless connections before contacting him. What basic troubleshooting step access point would
that he can instruct them to do? disconnect other users
from the network.
a. reboot their computers
b. power cycle the wireless access points
c. right-click the network icon in the system tray and select Troubleshoot Problems
Understand wireless security 113

Answers
1. The most secure protocol that Pilar can implement to ensure that the business-related traffic is encrypted is:
b. WiFi Protected Access (WPA) 2. EAP is a feature of security that handles authentication
and WPA is more secure than WEP.
2. Pilar can add another level of security by:
a. implementing access point isolation and hiding the Service Set Identifier (SSID). MAC filtering
is an option; however, MAC addresses can be “faked” or “spoofed.” Hiding the SSID is a simple security
measure that can be implemented.
3. Pilar can instruct the staff to troubleshoot by:
c. right-click the network icon in the system tray and selecting Troubleshoot Problems
Essential details
• A Service set identifier (SSID) is a 32-character, unique identifier attached to the header of packets sent
over a WLAN that acts as a password when a mobile device tries to connect to the communicating stations
on a wireless LAN.
• Wi-Fi protected access (WPA) is a Wi-Fi standard that was designed to improve upon the security features
of WEP.
• Wired equivalent privacy (WEP) is an encryption algorithm system included as part
of the 802.11 standard, developed by the Institute of Electrical and Electronics Engineers
neerss
as a security measure to protect wireless LANs from casual eavesdropping.

• http://technet.microsoft.com/en-us/magazine/2005.11.securitywatch.aspx
What-are-the-different-wireless-network-security-methods
• http://www.windowsnetworking.com/articles_tutorials/
Securing-Wireless-Network-Traffic-Part1.html

2 Understanding
Operating System
Security
IN THI S C HAP TE R
■ 2.1A Understand user authentication
■ 2.1B Understand user authentication
■ 2.2 Understand permissions
■ 2.3 Understand password policies
■ 2.4 Understand audit policies
■ 2.5A Understand encryption
■ 2.5B Understand encryption
■ 2.6 Understand malware

OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . 1 A
Understand user authentication
SCENARIO: Jim Hance is a security administrator for Coho Winery. A variety of security threats have occurred
over the past few months and management is more than a little concerned. They cannot afford to have the
system jeopardized; their customers expect a reliable and secure site. Jim is reviewing the security policies
for Coho Winery to determine where the company may need stronger policies or at least to update the
existing policies and security measures. His first task is determining the company’s strengths as it relates
to user authentication.
1. Jim knows that stronger passwords are a critical element in the security plan. What characteristics
make up a strong password?
a. contains 7+ characters; does not contain the user name, real name, or company name
b. contains sequential numbers embedded within the company name
c. contains the user’s last name and email address
2. What protocol can be used to secure workstation and computer authentication across the network?
a. TCP/IP
b. Kerberos
c. Lightweight Directory Access Protocol
3. What strategy can Jim implement to reduce the number of times a user would Reducing the
have to authenticate to access a particular resource? number of times a
a. two-factor authentication user has to authenticate
b. digital certificates can reduce the
possibilities of his or her
c. Single Sign-on (SSO)
credentials being
captured.
Understand user authentication 117
BETA COURSEWARE EXPIRES NOVEMBER 26, 2010

Answers
1. A strong password:
a. contains 7+ characters; does not contain the user name, real name, or company name
2. To secure workstation and computer authentication across the network, Jim can use:
b. Kerberos
3. To reduce the number of times a user would have to authenticate to access a particular resource, Jim can
implement:
c. Single Sign-on (SSO)
Essential details
• Authentication is the process of obtaining identification credentials such as name and password from a user
and validating those credentials against some authority.
• Kerberos authenticates the identity of users attempting to log on to a network and encrypts their
communications through secret-key cryptography.
• Lightweight directory access protocol (LDAP) is a network protocol designed to work on TCP/IP stacks to
extract information from a hierarchical directory such as X.500.
• Remote authentication dial-in user service (RADIUS) is an Internet protocol in which
an authentication server provides authorization and authentication information
to a network server to which a user is attempting to link.
FAST TR ACK HELP

_______ /3
• http://www.microsoft.com/windowsserver2008/en/us/ad-main.asp
• http://web.mit.edu/Kerberos/#what_is
118 CHAPTER 2: Understanding Operating System Security

OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . 1B
Understand user authentication
SCENARIO: The Graphic Design Institute (GDI) has more than 30,000 students. The security of the students’ personal
information, including financial data, address, family contacts, special health needs, and grades, is the top priority of
the network administrative team. However, over the past few months student data has been compromised on several
occasions. Personal data has shown up on a social networking site, much to the embarrassment of the network team.
GDI officers have asked the network administrator, Todd Rowe, to implement stronger authentication measures for
the students, as well as eliminate IT staff from logging on with elevated privileges. Todd has several options, but is
aware of the need to keep the processes fairly easy for the helpdesk staff.
1. Todd wants to implement two-factor authentications. What can he use?

a. smart card and user password
b. two passwords
c. two user IDs with two passwords
2. What service can the GDI staff use instead of signing in with elevate privileges?
a. Remote Desktop
b. Secondary Logon-Run As
c. User Manager for Domains
3. What is a disadvantage of using biometric identification? Biometric
a. the user must have hands identification is
b. cost is prohibitive for many organizations extremely secure;
c. a retina scan can be faked however, the devices to
support biometrics are
cost-prohibitive.
Understand user authentication 119

Answers
1. To implement two-factor authentications, Todd can use:
a. smart card and user password
2. Instead of signing in with elevated privileges, the staff can use:
b. Secondary Logon-Run As
3. A disadvantage of biometric identification is:
b. cost is prohibitive for many organizations
Essential details
• A certificate is an electronic credential that authenticates a user on the Internet and intranets.
• Public key infrastructure (PKI) is an asymmetric scheme that uses a pair of keys for encryption: the public
key encrypts data, and a corresponding secret key decrypts it.
• The Run As command allows a user to run specific tools and programs with different permissions than the
user’s current logon provides.
• Steps to change your password:
• Press <control><alt><delete> and select Change Password
• Steps to use Secondary Logon or Run As. . .
• Right-click the application icon and select Run As Administrator

• http://technet.microsoft.com/en-us/library/cc261673(office.12).aspx

OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . 2
Understand permissions
SCENARIO: Fabrikam, Inc. has recently under gone a basic reorganization and a variety of corporate changes. Shawn
Richardson is the network administrator at Fabrikam and has been assigned the task of aligning the company servers
with the new organizational reality. As a first step, Shawn has completed a security audit of the company’s Microsoft®
Windows Server® 2008 R2 file servers and has determined that folder and share security needs to be revised based on
corporate reorganization. Shawn must present his plan to management and give directions to his team members to
complete the project.
1. Shawn has noticed that some shares on the file system are not secured. What is the default
permission setting when a share is created?
a. everyone with Read permission
b. administrators with the Full Control permission
c. everybody with the Full Control permission
2. Why should Shawn enforce User Account Control (UAC) across the domain?
a. so that he can control the user accounts
b. to help prevent unauthorized changes to computers on the domain
c. to allow the users to authenticate with the administrator password to perform
an administrative task
Inheritance allows
3. What feature (also available with Active Directory objects) will make Shawn’s job the propagation for
easier when reassigning permissions by not having to assign permissions rights or permissions
to every parent and child folder? from a parent object
a. batch files to a child object. This
b. inheritance feature can be blocked
or removed.
c. staff people
Understand permissions 121

Answers
1. When a share is created, the default permission is:
a. everyone with Read permission
2. Shawn should enforce User Account Control (UAC) across the domain because:
b. it will help prevent unauthorized changes to computers on the domain
3. Shawn’s job can be made easier when reassigning permissions by using:
b. inheritance
Essential details
• Permissions include Full control, Modify, Read & Execute, List folder Contents, Read, and Write and can be
applied to both folder and file objects. Permissions can also be applied to Active Directory objects.
• Inheritance is the concept of permissions that are propagated to an object from a parent object.
Inheritance is found in both file system permissions and Active Directory permissions. It does
not apply to share permissions.
• New Technology File System (NTFS), FAT, and FAT32. The primary difference between NTFS and FAT file
systems is the ability apply security to the file system. You can grant or deny various permissions
on NTFS. NTFS also supports the ability to encrypt data.
• Share and NTFS permissions are applied based on how the resource is accessed.
Share permissions are effective when the resource is being accessed through the
network whereas NTFS permissions are effective all the time. When share and
NTFS permissions are applying to the same resource, the most restrictive
permission wins. _______ /3
FAST TR ACK HELP

Understand password policies
SCENARIO: Jay Hamlin has been given the unenviable task of enforcing stronger password policies for
Wingtip Toys. He understands the need for complex passwords of a minimum length, but is having a difficult
time making the staff understand how the security of the entire Wingtip Toys organization can depend upon
these couple requirements along with a few more that he plans to put into place. He must also determine how
many times a user can attempt to log in before his or her account is locked out, how often users must change
passwords, and how often users can reuse a favorite password.
His plan for a Password Complexity Policy includes the following criteria for passwords:
• Cannot contain the user’s login name
• Must be at least 6 characters or greater
• Must contain three of the following four characters: upper case, lower case, number, and special character
1. What dilemma is Jay facing if he makes his password requirements too difficult?
a. a complex password can be hard to guess and difficult to remember
b. Jay will no longer have friends at work
c. users will not use the passwords
2. What does the policy of maximum password age mean?
a. determines how old the user must be to create a password Password history
b. refers to the duration before a password has to be changed prevents users from
c. refers to how old the password must be before the user is allowed to change it reusing their passwords.
3. What happens when you set the value of Enforce Password History to 10?
a. the user has 10 attempts to validate his or her password
b. the password must be used for at least 10 days before it can be changed
c. the system remembers the last 10 passwords and will not allow the user to reuse
any of the previous 10
Understand password policies 123

Answers
1. The dilemma Jay faces with difficult password requirements is that:
a. a complex password can be hard to guess and difficult to remember
2. Maximum password age:
b. refers to the duration before a password has to be changed
3. When you set the value of Enforce Password History to 10:
c. the system remembers the last 10 passwords and will not allow the user to reuse any
of the previous 10
Essential details
• Account lockout is a security feature in Windows that locks a user account if a number of failed logon
attempts occur within a specified amount of time, based on security policy lockout settings.
• A password attack is an attack on a computer or network in which a password is stolen and decrypted or is
revealed by a password dictionary program.
• Password sniffing is a technique employed by hackers to capture passwords by intercepting data packets
and searching them for passwords.
• Microsoft Windows Server 2008 allows for fine-grained password policies, which allows
for more flexible password policy assignment throughout an organization within
Active Directory®.
FAST TR ACK HELP

_______ /3
• http://technet.microsoft.com/en-us/library/cc875814.asp

Understand audit policies
SCENARIO: The network for Margie’s Travel must be very secure. The files contain customer information including
credit card numbers, birthdates, and addresses, as well as photocopies of passports. Identity theft would be a real
possibility if the system was hacked into. Obviously, this is not an acceptable risk for Margie’s Travel.
Arlene Huff is the systems administrator for Margie’s Travel. The company has asked her to track who attempts to
log into the system and at what times of the day the attempts occur. They also have asked her to create a system
to track when confidential files are opened and by whom. Arlene gladly took on this task and did not raise a huff.
1. Arlene wants to log when someone fails to log into the system as administrator, but why would she
want to log when they are successful also?
a. to determine if and when someone is authenticating successfully with elevated privileges
b. to make sure they are getting in without any problems
c. to monitor drive space on the computer
2. Where are file audit events written when auditing is enabled?
a. audit event log
b. pfirewall.log
c. security event log
3. Why is it important to properly secure audit logs? Skilled computer
a. so that potential hackers cannot delete the event logs to cover their tracks hackers will modify
the audit logs when
b. it’s not important, no one looks at audit logs
they are finished obtaining
c. so only authorized personnel can view the log files information so that it
will appear as though they
were never there.
Understand audit policies 125

Answers
1. Arlene wants to log when someone successfully logs into the system as well as when they fail:
a. to determine if and when someone is authenticating successfully with elevated privileges.
If someone failed four times and was then successful the fifth time it could indicate hacker activity.
2. Enabled file auditing events are written in the:
c. security event log
3. It important to properly secure audit logs
a. so that potential hackers cannot delete the event logs to cover their tracks
Essential details
• Auditing is the process an operating system uses to detect and record security-related events, such as an
attempt to create, access, or delete objects such as files and directories.
• An audit policy is a policy that determines the security events to be reported to the network administrator.
• The security log, which can be generated by a firewall or other security device, lists events that could affect
security, such as access attempts or commands, and the names of the users involved.
FAST TR ACK HELP
_______ /3

OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . 5A
Understand encryption
SCENARIO: Adventure Works has recently expanded its mobile sales force. The management team has recently
come to recognize the unique security considerations associated with hundreds of laptop computers
simultaneously located in hundreds of unsecure locations.
David Johnson is the network administrator in charge of the Adventure Works mobile sales force. He has recently
come under fire from the management team regarding the sensitive data that could potentially fall into the
competition’s hands if any of the laptop computers were to be stolen or misplaced. They must have a solution
that can ensure the confidentiality of data on the mobile stations that are all running Windows® 7 Enterprise—
and they need it soon!
1. What can David enable to make sure their data is safe?

a. Encrypting File System (EFS)
b. password protected screen saver
c. BitLocker
2. What must be configured to ensure that the Bitlocker® storage can be reclaimed?
a. the salesperson’s personal identification and login credentials
b. BitLocker to use data recovery agents
c. the Secret Retrieval Agent Bitlocker requires
3. What are some considerations David will have to ponder when deciding a system-reserved
to use BitLocker? partition created during
a. the conscientiousness and self-discipline of the sales staff a standard installation.
b. the deployment of hardware because BitLocker requires a system reserved partition
c. it’s so easy that there aren’t any serious considerations
Understand encr yption 127

Answers
1. To make sure the data is safe, David must enable:
c. BitLocker
2. To ensure that the secured data can be reclaimed in the event that Bitlocker protected storage is moved to
another computer, the administrator must create and properly store:
b. BitLocker to use data recovery agents
3. When using BitLocker, the administrator must consider:
b. the deployment of hardware because BitLocker requires a system reserved partition
Essential details
• BitLocker (ToGo) drive encryption is a data-protection feature available in Windows Server 2008 R2 and
in some editions of Windows 7.
• Encrypting file system (EFS) is a feature of Windows that allows you to store information on your hard disk
in an encrypted format.
• Encryption is the process of encoding data to prevent unauthorized access, especially during transmission.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/windows/dd408739.aspx
• http://technet.microsoft.com/en-us/library/ee706523(WS.10).aspx
_______ /3

OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 . 5 B
Understand encryption
SCENARIO: The owner of Southridge Video takes great pride in the close relationship that she has with the
managers in the various branch offices up and down the coast. Weekly communication is the key to maintaining
the relationships and keeping on top of business progress and challenges.
The owner and managers would like to replace their Monday morning conference call with a secure Monday
morning video conference between corporate headquarters and the various branch offices. They have asked the
WAN administrator, Jeff Wang, to create a cost-effective solution. The solution must work between the remote
branch offices, so having a dedicated connection between offices is too expensive. The best solution is to utilize
each office’s Internet connection.
1. What will create a secured connection over an unsecured network?

a. Virtual Private Network (VPN)
b. configuring the callback feature on their Routing and Remote Access Server
c. using a social networking site to have the conference meetings
2. Jeff needs to decide between Point to Point Tunneling Protocol (PPTP) or Layer 2 Tunneling
Protocol (L2TP). Which protocol is more secure?
a. PPTP
b. L2TP
A private key
c. neither, they both pass information in clear text certificate is a portion
3. What is a public certificate? of two-part encryption
that resides with the
a. an award given in recognition of superior business security policies
originating computer
b. part of a two-part encryption that is not shared with other parties and is not shared.
c. a digitally signed statement that is commonly used for authentication and to secure
information on open networks
Understand encr yption 129

Answers
1. A secured connection over an unsecured network can be created with a:
a. Virtual Private Network (VPN)
2. The more secure protocol is:
b. L2TP. PPTP uses MPPE for security, which is less secure than L2TP, which uses IPsec as its encryption
method.
3. A public certificate is:
c. a digitally signed statement that is commonly used for authentication and to secure
information on open networks
Essential details
• Layer 2 tunneling protocol with Internet protocol security (L2TP/IPSec) is a combination of PPTP and
Layer 2 Forwarding (L2F) that uses IPsec for encryption.
• The user keeps the private key secret and uses it to encrypt digital signatures and to decrypt received
messages.
• The user releases the public key to the public, who can use it for encrypting messages to be sent to the user
and for decrypting the user’s digital signature.
• A virtual private network (VPN) is a secured tunnel running over a public network
such as the Internet that uses encryption technology so that data is safe from being
ng
intercepted and understood by unauthorized users.
_______ /3
FAST TR ACK HELP

OBJECTIVE U N D E R S TA N D I N G O PE R AT I N G S YS T E M S E C U R I T Y 2 .6
Understand malware
SCENARIO: Consolidated Messenger handles customer feedback for many area businesses. Each day they receive
thousands of email messages from happy and unhappy customers, which they funnel to the appropriate
individuals at their client companies.
Mary Kay Anderson is the systems administrator for Consolidated Messenger. The company has had several
outbreaks of viruses on the network that seem to have been propagated through email. They have asked Mary
Kay to host a “lunch and learn” session to educate Consolidated Messenger staff about malicious software and
email. Mary Kay has also been assigned the task to find a solution that will better protect the system.
1. What should the staff members do when they receive a suspicious email from a customer or
coworker that contains an embedded hyperlink?
a. delete the email and then contact Mary Kay and the customer or coworker
b. quickly click the hyperlink to see what might happen to assess the threat themselves
c. forward the email to other coworkers warning them that the email is not legitimate
2. What can Mary Kay do to prevent suspicious emails from entering their network?
a. install Microsoft® Forefront® and Threat Management Gateway and configure it to
block malicious emails
b. disable internet email
A malicious
c. threaten coworkers that they will be dismissed if they forward any email software removal
3. What tool can Mary Kay download to remove malicious software (malware)? tool is included in
Windows updates.
a. Remote Server Administration Tools (RSAT)
b. Microsoft Windows Malicious Software Removal Tool
c. any web-advertised security software tools—they are all the same
Understand malware 131

Answers
1. When staff members receive a suspicious email that contains an embedded hyperlink they should:
a. delete the email and then contact Mary Kay and the customer or coworker. Never forward an
email with suspicious content. If an email has an attachment or link in it, contact the sender and verify
that he or she sent the message.
2. To prevent suspicious emails from entering the network, Mary Kay can:
a. install Microsoft Forefront and Threat Management Gateway and configure it to block any
malicious emails. Exchange server has several spam filtering tools. Forefront and TMG are additional
security measures to better protect the system.
3. To remove malicious software (malware), Mary Kay can download:
b. Microsoft Windows Malicious Software Removal Tool
Essential details
• A bot is a program that performs some task on a network, especially a task that is repetitive or
time-consuming.
• A rootkit is collection of software programs that a hacker can use to gain unauthorized remote access to a
computer and launch additional attacks.
• Spyware is software sometimes referred to as spybot or tracking software. Spyware
uses other forms of deceptive software and programs that conduct certain activities
ies
on a computer without obtaining appropriate consent from the user.
• A trojan is a program that appears to be useful or harmless but contains hidden code
designed to exploit or damage the system on which it is run. _______ /3
• A worm uses self-propagating malicious code that can automatically distribute
itself from one computer to another through network connections.
FAST TR ACK HELP
• http://www.microsoft.com/downloads/details.aspx?FamilyId=F24A8CE3-
63A4-45A1-97B6-3FEF52F63ABB&displaylang=en
3 Understanding
Network Security
IN THI S C HAP TE R
■ 3.1 Understand dedicated firewalls
■ 3.2 Understand Network Access Protection (NAP)
■ 3.3A Understand Network Isolation
■ 3.3B Understand Network Isolation
■ 3.4 Understand protocol security

BETA COURSEWARE EXPIRES NOVEMBER 26, 2010

OBJECTIVE U N D E R S TA N D I N G N E T WO R K S E C U R I T Y 3 . 1
Understand dedicated firewalls
SCENARIO: Matt Berg has earned several Microsoft certifications and is now his own boss as an independent
security consultant. Trey Research has retained his services to perform a security assessment of their network.
Trey Research has several servers that are exposed to the Internet and they fear that their internal network may
be vulnerable to an attack. They have a single perimeter firewall, but they don’t know if that is enough. Matt’s job
is to assess the situation and make recommendations as to how Trey Research can protect their data.
1. What should Matt recommend that Trey Research to do with their Internet exposed servers?
a. create a perimeter network to isolate those servers from the internal network
b. outsource the associated services
c. no action is needed—the servers are fine where they are on the internal network
2. Is a single perimeter firewall sufficient for Trey Research?
a. yes—a single firewall provides more than enough protection in any environment
b. no—Trey Research’s concerns are justified. They should have several security appliances that provide
“defense in depth” for their organization as well as enabling workstation software firewalls and antivirus
c. no—they should also create a DMZ
3. Does stateful packet inspection or stateless packet inspection provide
better security? Stateless packet
a. a stateless packet inspection because it is more efficient and can stop more inspection is a faster
packets type of security and
b. neither—they do not provide any type of security requires less memory
but is not completely
c. stateful because it inspects the packets as they pass through the connection
reliable.
Understand dedicated firewalls 135

Answers
1. Matt should recommend that Trey Research:
a. create a perimeter network to isolate those servers from the internal network. Internet-exposed
servers and devices should not reside on an internal network. They should be segmented or
isolated into a secured part of the network.
2. Is a single perimeter firewall sufficient for Trey Research?
b. no—Trey Research’s concerns are justified. They should have several security appliances that
provide “defense in depth” for their organization as well as enabling workstation software
firewalls and antivirus. No single solution can secure a network; however, providing several layers of
security reduces a company’s exposure.
3. The better packet inspection choice is:
c. stateful, because it inspects the packets as they pass through the connection
Essential details
• A firewall is a security system intended to protect an organization’s network against external threats—such
as hackers—coming from another network, such as the Internet.
• Packet filtering is the process of controlling network access based on IP addresses.
Firewalls will often incorporate filters that allow or deny users the ability to enter
or leave a local area network (LAN).
• A proxy server is a security appliance that manages Internet traffic to and from a
local area network and can provide other features, such as document caching and
access control. _______ /3
FAST TR ACK HELP
• http://www.microsoft.com/windowsxp/using/security/internet/
sp2_wfintro.mspx
136 CHAPTER 3: Understanding Network Security

Understand Network Access Protection (NAP)
SCENARIO: Adventure Works is one of the nation’s largest suppliers of high-end sporting equipment. Twenty-five
Adventure Works sales associates travel throughout the country selling sporting equipment to retailers. They
return to corporate headquarters every Friday with their laptops for meetings and training.
Allie Bellew is the network administrator for Adventure Works and would like to implement a method for ensur-
ing that the mobile devices are in a good state of security “health” when they access the corporate network
during these Friday meetings.
1. What control or strategy can Allie implement to assure security health?

a. Network Access Protection, which will verify the integrity of each mobile device
b. virus scans each time sales associates log in
c. re-imaging each laptop prior to connecting to the network
2. Aside from protecting against a virus infected laptop, what else can NAP do?
a. protect against lost data
b. nothing else—it is simply a glorified virus scan
c. verify the complete integrity of the device by checking that it has the most recent
software updates or configuration changes
3. What can Allie do about computers that are not compatible with NAP? Exceptions can be
a. upgrade the computers that are not compatible defined for “mission-
necessary” systems until
b. define exceptions in NAP for those devices that are not compatible
they can be upgraded.
c. prevent those devices from using the network
Understand Network Access Protection (NAP) 137

Answers
1. Allie can implement:
a. Network Access Protection, which will verify the integrity of each mobile device
2. Aside from protecting against a virus infected laptop, NAP can:
c. verify the complete integrity of the device by checking that it has the most recent software
updates or configuration changes. Systems that have not received updates can be as problematic as
systems infected by malware.
3. For computers that are not compatible with NAP, Allie should:
b. define exceptions in NAP for those devices that are not compatible
Essential details
• Network Access Protection (NAP) is a new platform and solution that controls access to network resources
based on a client computer’s identity and compliance with corporate governance policy.
• NAP enforcement points are computers or network access devices that use NAP or can be used with
NAP to require the evaluation of a NAP client’s health state and provide restricted network access or
communication.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/network/cc984252.aspx
• http://www.microsoft.com/windowsserver2008/en/us/nap-faq.aspx _______ /3

OBJECTIVE U N D E R S TA N D I N G N E T WO R K S E C U R I T Y 3 . 3A
Understand Network Isolation
SCENARIO: Coho Winery has been in the winery business for three generations. They still produce quality wine
from the same vineyards and in the same ancient cellars. Even most of their business organization has remained
the same for decades. It’s now time to update the corporate side of Coho with new technologies related to their
data-keeping infrastructure.
Karen Berg has been assigned the task of assessing Coho Winery’s network infrastructure and to provide recom-
mendations based on their specific needs:
• Most of the employees need Internet access.

• The computers in the winery plant are isolated and don’t need Internet access.
• “Work at home” employees should have Virtual Private Network access using IP Security.
1. What can Karen do to prevent the plant computers from gaining Internet access?
a. create a VLAN that does not allow Internet access but is trunked to the main network
b. manually configure each computer so it doesn’t have a gateway
c. remove Internet Explorer from the computers
2. What technology will Karen have to implement to allow Internet access for
office employees without exposing them to the Internet?
a. set up one walk-up computer that has a public IP address so it can access the Most server
Internet operating systems have
some form of routing
b. give each office user a dialup modem to establish an Internet connection technology. Minimum
c. implement a router to perform Network Address Translation that will allow several requirements include
private addresses to participate on a public network having multiple network
interface cards (NICs).
3. What Microsoft Windows Server 2008 R2 role can accomplish both the
Internet access and VPN solution?
a. DHCP
b. Remote Desktop Service
c. Routing and Remote Access Service
Understand Network Isolation 139
Answers
1. To prevent the plant computers from gaining internet access, Karen can:
a. create a VLAN that does not allow Internet access but is trunked to the main network
2. To allow Internet access for office employees without exposing them to the Internet, Karen can:
c. implement a router to perform Network Address Translation that will allow several private
addresses participate on a public network. Most retail wireless routers perform Network Address
Translation or Port Address translation, which will allow home network devices (Xbox, laptops, and so
on) to have Internet access.
3. Microsoft Windows Server 2008 R2 can accomplish both the Internet access and VPN solution with:
c. Routing and Remote Access Service (RRAS). RRAS can serve as both a VPN and Internet gateway.
VPN access can be secured using several security protocols including IP Security (IPsec).
Essential details
• Network Address Translation (NAT) is the process of converting between IP addresses used within an
intranet or other private network and Internet IP addresses.
• Routing is the process of forwarding packets between networks from source to destination.
• A Virtual LAN (VLAN) is a group of hosts with a common set of requirements that communicate as if they
were attached to the same broadcast domain, regardless of their physical location.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/network/bb531150.aspx _______ /3
• http://www.microsoft.com/downloads/en/details.
aspx?FamilyID=7E973087-3D2D-4CAC-ABDF-CC7BDE298847&displaylang=en
n
• http://en.wikipedia.org/wiki/Virtual_LAN

OBJECTIVE U N D E R S TA N D I N G N E T WO R K S E C U R I T Y 3 . 3 B
Understand Network Isolation
SCENARIO: Arlene Huff is the systems administrator for Margie’s Travel and has been very busy in recent weeks
securing company and customer data. There had been suspicious activity on the network, but thankfully Arlene’s
actions to track network users have secured the system. But the challenge of securing confidential data is an
ongoing task.
The owner of the company, Margie, would like her remote travel agents to have access to the corporate network
so that they can check email and post appointments booked for that day. Margie has decided to allow the travel
agents to use their home computers but must be assured that the information is secured. The security of client
information is her top priority.
1. What would be the best general solution for Margie’s Travel?

a. implement a VPN server to allow the travel agents remote access
b. set up a modem bank and have the travel agents purchase modems for their home computers so they
can dial the office
c. there isn’t a solution for what Margie wants
2. What is a potential risk in having the travel agents use their home computers
for VPN access?
a. nothing—the VPN handles everything and encrypts the data
Honeypots are
b. the travel agents may forget to disconnect which will keep the VPN connection
located all across the
open preventing others from connecting Internet and are used to
c. simply having a VPN does not prevent potential viruses and malware on the discover methods that
home computer from infecting the network attackers might use to
compromise a system.
3. Arlene is worried about would-be attackers penetrating the VPN. What can
she set up to “lure” attackers to better understand their methods?
a. a honeypot outside the perimeter network, which is a falsified program that can
emulate a VPN or service
b. a fancy website that says “Nothing to see here”
c. a fake VPN that never answers
Understand Network Isolation 141
Answers
1. The best general solution for Margie’s Travel is to:
a. implement a VPN server to allow the travel agents remote access. She can configure the VPN to
use several methods of encryption.
2. The risk in having the travel agents use home computers for VPN access is that::
c. simply having a VPN does not prevent potential viruses and malware on the home computer
from infecting the network. Arlene can use Direct Access, which is new with Windows 7 and Windows
Server 2008 R2, to help mitigate potential risks.
3. To “lure” attackers to better understand their methods Arlene can create:
a. a honeypot outside the perimeter network, which is a falsified program that can emulate
a VPN or service
Essential details
• A perimeter network (also known as DMZ, demilitarized zone, and screened subnet) is a physical or logical
network that contains and exposes an organization’s external services to a larger, untrusted network, usually
the Internet.
• Internet Protocol Security (IPsec) is an Internet protocol security standard that provides a general
policy–based IP layer security mechanism that is ideal for providing host-by-host
authentication. IPsec policies are defined as having security rules and settings that
control the flow of inbound data.
• Virtual private network (VPN) nodes on a public network such as the Internet
communicate among themselves using encryption technology so that the messages es are _______ /3
as safe from being intercepted and understood by unauthorized users, as though the
nodes were connected by private lines.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/network/dd420463.aspx

Understand protocol security
SCENARIO: Since Todd Rowe, the network administrator at the Graphic Design Institute, implemented stronger
security measures to protect student data, the number of reported leaks has fallen to zero! The administration is
pleased but Todd knows it is a constant battle to keep data secure from attacks.
Todd’s friend Neil Black is an expert on the methods used to attack private data stores. Todd has asked Neil to
give a presentation to the administration and office employees on network security, protocol security measures,
attack methods, and prevention. Todd knows that an informed staff is part of the complete strategy in preventing
and intercepting attacks.
1. What type of attack configures a computer to appear as another computer on a trusted network by
using the IP address or the physical address?
a. identity spoofing
b. computer faking
c. application-layer attack
2. What security protocol can help protect data from being modified, corrupted,
or accessed without authorization?
a. DNSSEC
b. IP Security (IPsec)
There are several
c. NetBIOS forms of distributed
3. What type of an attack poisons a network or computer to the point denial of services (DOS)
where the system is rendered unusable? attacks that can either
hinder a computer, server,
a. man-in-the-middle attack
or application from
b. password attack functioning.
c. denial of service (DOS) attack
Understand protocol security 143

Answers
1. An attack that configures a computer to appear as another computer on a trusted network is:
a. identity spoofing
2. The security protocol that can help protect data from being modified, corrupted, or accessed without
authorization is:
b. IP Security (IPsec). Ipsec can be used not only for VPN security but also with local area network traffic.
80 percent of most security attacks come from within the organization. Assuming that the data inside
the perimeter firewall is safe is a dangerous assumption.
3. An attack that poisons a network or computer to the point where the system is rendered unusable is a:
c. denial of service (DOS) attack
Essential details
• Sniffing is the act of monitoring network traffic for data, such as cleartext passwords or configuration
information.
• Identity spoofing (IP address spoofing) occurs when the attacker uses an IP address of a network,
computer, or network component without being authorized to do so.
• Internet protocol security (IPsec) supports network-level data integrity, data confidentiality, data origin
authentication, and replay protection. Because IPsec is integrated at the Internet layer
(layer 3), it provides security for almost all protocols in the TCP/IP suite.
• Domain name system (DNS) is a hierarchical, distributed database that contains
mappings between names and other information, such as IP addresses. DNS allows users
to locate resources on the network by converting friendly, human-readable names _______ /3
such as www.microsoft.com to IP addresses that computers can connect to.
FAST TR ACK HELP

4 Understanding
Security Software
IN THI S C HAP TE R
■ 4.1 Understand client protection
■ 4.2 Understand email protection
■ 4.3 Understand server protection

146 CHAPTER 4: Understanding Security Sof tware
OBJECTIVE U N D E R S TA N D I N G S E C U R I T Y S O F T WA R E 4 . 1
Understand client protection
SCENARIO: Jeff Hay is the network administrator for Tailspin Toys. During the off-season for toy sales, the Tail-
spin technology staff is kept busy maintaining and upgrading various systems in preparation for the busy holiday
sales spike.
Jeff is eager to have this time to service all of the computers and update the software. He is concerned about
company employees installing software from the Internet. Jeff realizes that using reputable antivirus software can
only do so much. The network consists of a mix of Windows XP, Windows 7, and Windows Server 2008 R2.
1. What can Jeff do to ensure that the computers have the latest security updates?
a. implement Windows Software Update Services to control all Microsoft updates
for both the operating systems and any Microsoft product in use
b. come in early every Monday and run Windows Updates on each computer
c. email company employees and instruct them to perform Windows Updates during their lunch breaks
2. What can Jeff do to prevent company employees from downloading and installing software from
the Internet?
a. enable User Account Control on all Windows 7 computers as well as configure
software restriction policies
b. send a strongly worded email with the Internet Usage Policy attached to all users The hash rule
c. disable Internet access for all users creates a hash checksum
based on the executable.
3. What method should Jeff use to identify Internet software in Software The path rule restricts
Restriction Policies? software located within a
a. hash rule certain path.
b. path rule
c. zone rule
Understand client protection 147

Answers
1. To ensure that the computers have the latest security updates, Jeff can:
a. implement Windows Software Update Services to control all Microsoft updates for both
the operating systems and any Microsoft product in use
2. To prevent employees from downloading and installing software from the Internet, Jeff can:
a. enable User Account Control on all Windows 7 computers as well as configure software
restriction policies
3. To identify Internet software in Software Restriction Policies, Jeff can use:
c. zone rule
Essential details
• Antivirus is a computer program that scans a computer’s memory and mass storage to identify, isolate, and
eliminate viruses, and also examines incoming files for viruses as the computer receives them.
• User account control (UAC) helps prevent malicious programs (malware) from damaging a computer and
helps organizations deploy a better-managed desktop. With UAC, applications and tasks always run in the
security context of a non-administrator account, unless an administrator specifically authorizes
administrator-level access to the system.
FAST TR ACK HELP
• http://www.microsoft.com/security_essentials/market.aspx
_______ /3
• http://windows.microsoft.com/en-ZA/windows7/what-is-user-account-control
trol

Understand email protection
SCENARIO: Recently the Coho Winery has experienced a series of problems with email spam; some employees
have even fallen prey to identity theft through phishing scams. John Kane is the systems administrator for Coho
Winery and the task of resolving the problems has landed directly on his desk. After some research he has come
up with some solutions. John intends to address these issues by implementing various security measures and
most important, providing some much-needed company education as it relates to best practices while using
email.
1. What can John do to help reduce the amount of spam that hits their Microsoft Exchange server?
a. at a minimum, enable reverse DNS lookup on the SMTP virtual server
b. disable Internet email
c. change their domain name
2. What should Coho users do when they receive an email from a company they know with a request
to click the link to “verify their account information?”
a. delete the email
b. forward to the rest of the company with a warning not to click on the link
c. click the link because they “know” that it is a legitimate message based on
the company name Antivirus software
3. Aside from enabling reverse DNS lookups, what else can John do to secure on an email server
his Exchange server? does not provide
protection against
a. enable Autodiscover
spam.
b. add Sender Policy Framework (SPF)
c. update the antivirus software
Understand email protection 149

Answers
1. To help reduce the amount of spam that hits their Microsoft Exchange server, John can:
a. at a minimum, enable reverse DNS lookup on the SMTP virtual server. Configuring the system to do
a reverse DNS lookup crosschecks the domain name with a PTR record that is the IP address associated
with that domain name. If the IP address does not match the record associated with that domain name, it
is not delivered.
2. When users receive an email from a company they know with a request to “verify their account information,”
they should:
a. delete the email. Companies will not ask for account information through email in today’s climate.
Users should be diligent when receiving an email like this. They can also call the company to alert them
of the message.
3. Aside from enabling reverse DNS lookups, John can:
b. add Sender Policy Framework (SPF). SPF allows the administrator to configure the server to establish
who is allowed to send email from their domain.
Essential details
• Spam is unsolicited, unwanted email sent by someone with whom the recipient has no personal or business
relationship.
• Phishing and pharming are techniques used to trick computer users into revealing
personal or financial information.
• An SPF record is an extension of the SMTP protocol that prevents spammers from m
forging the From fields in email messages by verifying that the IP address in the
SMTP Received header is authorized to send email for the sender’s domain. _______ /3
at
• Spoofing is the impersonation of an email sender, IP connection, or a domain that
han
causes an email message to appear as though it originates from a sender other than
the actual sender of the message.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/exchange/dd251269.aspx
• http://www.microsoft.com/athome/security/email/phishing/video1.mspx
• http://www.microsoft.com/presspass/features/2003/nov03/11-17spamfilter.mspx
Understand server protection
SCENARIO: A few years ago Humongous Insurance (HI) reorganized their business and technology infrastructure.
Alfons Parovsky has recently been hired as the server administrator for HI. The records regarding the security
updates are rather sketchy and he does not want any major security lapses to occur during his time as the
administrator. To be sure everything is up to standards, Alfons has decided to immediately perform a security
assessment on the datacenter. He would like to ensure that the servers meet all the necessary security
requirements and are being updated regularly. Alfons also wants to ensure that HI does not have any
exposures to the networks in their remote locations.
1. What tool can Alfons use to assess HI servers have any vulnerabilities related to the operating
system and installed software?
a. Microsoft Baseline Security Analyzer
b. Event Viewer
c. Resource Monitor
2. What service can Alfons enable to ensure that the servers are receiving all necessary software
updates?
a. Windows Backup Service
b. Routing and Remote Access Service
Stronger passwords
c. Windows Software Update Service do not reduce the
3. What can Alfons do to ensure that the domain is secure in the remote locations? exposure of a domain
controller.
a. install a Read-Only domain controller in the remote sites
b. remove any servers in the remote sites and have employees transfer files
using email
c. enforce stronger password policies in the remote sites using fine-grained passwords
Understand ser ver protection 151

Answers
1. To assess vulnerabilities related to the operating system and installed software, Alfons can use:
a. Microsoft Baseline Security Analyzer. MBSA is an easy-to-use tool that can provide instant feedback
and resources to identify potential vulnerabilities on servers and workstations. It analyzes the operating
system and any installed Microsoft software.
2. To ensure that the servers are receiving all necessary software updates, Alfons can enable:
c. Windows Software Update Service. Alfons can create a separate group for his servers so that he can
selectively manage what updates are installed and when.
3. To ensure that the domain is secure in the remote locations, he can:
a. install a Read-Only domain controller (RODC) in his remote sites. Read-only domain
controller (RODC) is a new type of domain controller in the Windows Server 2008 operating system.
With an RODC, organizations can easily deploy a domain controller in locations where physical security
cannot be guaranteed.
Essential details
• DNS dynamic update enables DNS client computers to register and dynamically update their resource
records with a DNS server whenever changes occur.
• Microsoft Baseline Security Analyzer (MBSA) is a tool designed for the IT professional
that helps small and medium-sized businesses determine their security state
in accordance with Microsoft security recommendations and offers specific
remediation guidance.
• Windows Server Update Services (WSUS) enables information technology
administrators to deploy the latest Microsoft product updates to computers
_______ /3
that are running the Windows operating system.
FAST TR ACK HELP
• http://technet.microsoft.com/en-us/security/cc184923.aspx
• http://technet.microsoft.com/en-us/security/cc185712.aspx

MTA

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

MTA

Diunggah oleh

Hak Cipta:

Format Tersedia

MTA Student Study Guide

Preparing for MTA Certification

Student Study Guide

98-365 Windows Server Administration

Exploring Job Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Value of Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

98-365 WINDOWS SERVER ADMINISTRATION FUNDAMENTALS

CHAPTER 1 Understanding Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.1/1/2 Understand device drivers; Understand services . . . . . . . . . . . . . . 5

CHAPTER 2 Understanding Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.1 Identify application servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3.1 Understand accounts and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

CHAPTER 4 Understanding Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

4.1/4.2 Identify storage technologies; Understand RAID . . . . . . . . . . . . . 33

CHAPTER 5 Understanding Server Performance Management . . . . . . . . . . . . . . 37

5.1 Identify major server hardware components. . . . . . . . . . . . . . . . . . . . 39

CHAPTER 6 Understanding Server Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 45

6.1 Identify steps in the startup process . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

98-366 NETWORKING FUNDAMENTALS

CHAPTER 1 Understanding Networking Infrastructures . . . . . . . . . . . . . . . . . . . . 57

1.1 Understand the concepts of the internet, intranet, and extranet. . . 59

CHAPTER 2 Understanding Network Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

2.1A Understand switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

CHAPTER 3 Understanding Protocols and Services . . . . . . . . . . . . . . . . . . . . . . . . 85

3.1A Understand the OSI model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

CHAPTER 1 Understanding Security Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

CHAPTER 2 Understanding Operating System Security . . . . . . . . . . . . . . . . . . . 115

2.1A Understand user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

CHAPTER 3 Understanding Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

3.1 Understand dedicated firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

4.1 Understand client protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

M TA validates building-block technology concepts

M ost IT solutions or infrastructure built on

C hoosing a career path is a big decision and it’s

Database Administrator Computer Support Technician

Exploring Job Roles xi

Web Developer and n-tier applications, and knowing how to work

xii Exploring Job Roles

T echnology plays a role in virtually everything

Value of Cer tification xiii

■ 1.1/1.2 Understand device drivers; Understand services

■ 1.3 Understand server installation options

Understand device drivers; Understand services

1. What could be a possible reason for Maurice’s video problems?

Understand device drivers; Understand ser vices 5

FAST TR ACK HELP

6 CHAPTER 1: Understanding Ser ver Installation

Understand server installation options

Understand ser ver installation options 7

FAST TR ACK HELP

8 CHAPTER 1: Understanding Ser ver Installation

■ 2.1 Identify application servers

■ 2.2 Understand Web services

■ 2.3 Understand remote access

■ 2.4 Understand file and print services

■ 2.5 Understand server virtualization

Identify application servers

1. What would be Cari’s best solution for their messaging system?

FAST TR ACK HELP

12 CHAPTER 2: Understanding Server Roles

Understand Web services

1. The port Alicia needs open for SharePoint is:

FAST TR ACK HELP