mta ssg it pro without crop

Student Study GuideIT Pro Edition

M I C R O S O F T T E C H N O L O G Y A S S O C I A T E

Preparing for MTA Certifi cation

EXAM 98-365 Windows Server Administration FundamentalsEXAM 98-366 Networking FundamentalsEXAM 98-367 Security Fundamentals

MTA Student Study Guide

IT PRO ED

ITION

MTA EXAMS

MICROSOFT TECHNOLOGY ASSOCIATE (MTA)STUDENT STUDY GUIDE FOR IT PROS

Preparing for MTA Certifi cation MICROSOFT TECCHNOLOGY SSOCIATE ((MMTSTUDENT STUDY GUIDE F

Preparing ffoor MTA Certtiifi caation A

n AASSOCIATE

FOR IT PROS

CCeerrttiififi ccaaECHNOLOGY ASSOCIATE (MTAUDY GUIDE FOR IT PROS

for MTA Certifi cationA)

98-365 Windows Server AdministrationFundamentals

98-366 Networking Fundamentals

98-367 Security Fundamentals

Tim McMichael (Software Development and Windows Development). Tim has been a high school computer science teacher for the past 11 years. He currently teaches Advanced Placement Computer Science, .NET programming, and computer game programming at Raymond S. Kellis High School in Glendale, Arizona. He also serves as Curriculum Coordinator for IT classes within the Peoria Unifi ed School District. Prior to teaching, Tim worked for several years as a database application developer. Tim earned his B.A. from Colorado State University and his M.Ed. in Secondary Education from Arizona State University. In his free time he enjoys creating games with XNA Game Studio and spending time with his young daughter. Tim is the author of the Windows Development Exam Review Kit in the MTA Exam Review Kit series.

Peggy Fisher (Web Development and Database Administration). Peggy teaches computer science at a rural high school in central, Pennsylvania. Indian Valley High School offers courses in programming (C#, VB, and Java for the AP course), and Web design (Expression Web, HTML, JavaScript, and CSS). Peggy worked for a large insurance company outside Philadelphia, Pennsylvania, prior to leaving the corporate world to join the fi eld of education. She has been at IVHS for the past eight years and truly enjoys her new career. Peggy also teaches part-time at Pennsylvania State University in the Continuing Education program. Her goal in teaching is to instill the love of learning so that her students will graduate and become life-long learners. Peggy is the co-author of the Web Development Exam Review Kit in the MTA Exam Review Kit series.

Michael Teske (Windows Server Administration and Security). Michael has been teaching in the Network Specialist Program for 10 years at Northeast Wisconsin Technical College and has been involved as an engineer for 15 years. He has a passion for both teaching and technology and loves helping people fi nd happiness in a career. Mike believes that learning technology should be fun but recognizes that the networking fi eld is continually changing and can challenge even the brightest

students. Mike also works as an independent consultant for several small businesses in northeast Wisconsin and enjoys bringing that real-world experience to the classroom on a daily basis. Michael has become known as “the Microsoft Guy” on campus. Michael’s goal is to continue to teach network technology with the same enthusiasm and passion for many years to come and to help his students fi nd the same joy and passion he has found in an amazing industry and career. Mike is the author of the Windows Server Exam Review Kit in the MTA Exam Review Kit series.

Shari Due (Networking). Shari is an IT Network Specialist Instructor at Gateway Technical College in Racine, Wisconsin where she has worked for the past 15 years. Previously, she worked for Digital Equipment Corporation (DEC) in Elk Grove, Illinois. She holds a Bachelor of Science from the University of Wisconsin-Parkside in Math and Economics with a minor in Computer Science and a MBA from the University of Wisconsin-Eau Claire. Shari’s current industry certifi cations include: Comptia Server+, Linux+, A+, Network+, and i-Net+. Her past certifi cations include: MCSE-NT 4.0, CCNA, and Pathworks for Macintosh. She is a Cisco Certifi ed Instructor for Cisco’s Network Academy and teaches the CCNA curriculum. She is the author of Advanced WordPerfect Using Macro Power: A Guide for VMS and DOS Users from Digital Press.

Patricia Phillips (Lead Author and Project Manager). Patricia taught computer science for 20 years in Janesville, Wisconsin. She served on Microsoft’s National K-12 Faculty Advisory Board and edited the Microsoft MainFunction website for technology teachers for two years. For the past fi ve years she has worked with Microsoft in a variety of roles related to K-12 curriculum development and pilot programs including Expression Studio web design and XNA game development. In her role as an author and editor, Patricia wrote several articles and a student workbook on topics including computer science, web design, and computational thinking. She is currently the editor of the Computer Science Teachers Association newsletter, the Voice.

Authors

This content is only for use by or provision to students for their personal use.

Some examples depicted herein are provided for illustration only and are fi ctitious. No real association or connection is intended or should be inferred.

Microsoft and other trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners.

© 2010 Microsoft Corporation. All Rights Reserved. This content is provided “as-is” and Microsoft makes no warranties, express or implied.

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

Career Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Exploring Job Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Value of Certifi cation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

98-365 WINDOWS SERVER ADMINISTRATION FUNDAMENTALS

CHAPTER 1 Understanding Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.1/1/2 Understand device drivers; Understand services . . . . . . . . . . . . . . 5 1.3 Understand server installation options . . . . . . . . . . . . . . . . . . . . . . . . . . 7

CHAPTER 2 Understanding Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.1 Identify application servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2 Understand Web services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.3 Understand remote access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.4 Understand fi le and print services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.5 Understand server virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

98-365 WINDOWS SERVER ADMINISTRATION FUNDAMENTALS

CHAPTER 1

CHAPTER 2

Contents

CHAPTER 3 Understanding Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.1 Understand accounts and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.2 Understand organizational units (OUs) and containers . . . . . . . . . . 25 3.3 Understand Active Directory infrastructure . . . . . . . . . . . . . . . . . . . . 27 3.4 Understand group policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

CHAPTER 4 Understanding Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

4.1/4.2 Identify storage technologies; Understand RAID . . . . . . . . . . . . . 33 4.3 Understand disk types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

CHAPTER 5 Understanding Server Performance Management . . . . . . . . . . . . . . 37

5.1 Identify major server hardware components. . . . . . . . . . . . . . . . . . . . 39 5.2 Understand performance monitoring . . . . . . . . . . . . . . . . . . . . . . . . . 41 5.3 Understand logs and alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

CHAPTER 6 Understanding Server Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 45

6.1 Identify steps in the startup process . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 6.2 Understand business continuity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 6.3 Understand updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 6.4 Understand troubleshooting methodology . . . . . . . . . . . . . . . . . . . . . 53

98-366 NETWORKING FUNDAMENTALS

CHAPTER 1 Understanding Networking Infrastructures . . . . . . . . . . . . . . . . . . . . 57

1.1 Understand the concepts of the internet, intranet, and extranet . . . 59

CHAPTER 3

CHAPTER 4

CHAPTER 5

CHAPTER 6

CHAPTER 1

98-366 NETWORKING FUNDAMENTALS

iv Contents

1.2A Understand local area networks (LANs) . . . . . . . . . . . . . . . . . . . . . . 61 1.2B Understand local area networks (LANs) . . . . . . . . . . . . . . . . . . . . . . . 63 1.3A Understand wide area networks (WANs) . . . . . . . . . . . . . . . . . . . . . . 65 1.3B Understand wide area networks (WANs) . . . . . . . . . . . . . . . . . . . . . . 67 1.4 Understand wireless networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 1.5 Understand network topologies and access methods . . . . . . . . . . . . . 71

CHAPTER 2 Understanding Network Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

2.1A Understand switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 2.1B Understand switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 2.2 Understand routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 2.3A Understand media types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 2.3B Understand media types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

CHAPTER 3 Understanding Protocols and Services . . . . . . . . . . . . . . . . . . . . . . . .85

3.1A Understand the OSI model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 3.1B Understand the OSI model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

3.2 Understand IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 3.3A Understand IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 3.3B Understand IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 3.4 Understand names resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 3.5 Understand networking services . . . . . . . . . . . . . . . . . . . . . . . . . . 99 3.6 Understand TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

CHAPTER 3

Contents v

98-367 SECURITY FUNDAMENTALS

CHAPTER 1 Understanding Security Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105 1.1 Understand core security principles . . . . . . . . . . . . . . . . . . . . . . . . . 107 1.2 Understand physical security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 1.3 Understand Internet security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 1.4 Understand wireless security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

CHAPTER 2 Understanding Operating System Security . . . . . . . . . . . . . . . . . . . 115

2.1A Understand user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 2.1B Understand user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

2.2 Understand permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 2.3 Understand password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 2.4 Understand audit policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

2.5A Understand encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 2.5B Understand encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 2.6 Understand malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

CHAPTER 3 Understanding Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

3.1 Understand dedicated fi rewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 3.2 Understand Network Access Protection (NAP) . . . . . . . . . . . . . . . . 137

3.3A Understand Network Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 3.3B Understand Network Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

3.4 Understand protocol security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

CHAPTER 2

CHAPTER 1

CHAPTER 3

vi Contents

CHAPTER 4 Understanding Security Software . . . . . . . . . . . . . . . . . . . . . . . . . . .145

4.1 Understand client protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 4.2 Understand email protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 4.3 Understand server protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

CHAPTER 4

Contents vii

MTA validates building-block technology concepts and helps students explore, discover and

pursue successful careers in Information Technology (IT) in an exciting and rewarding way! As the fi rst step in the Microsoft Technology Certifi cation Series, this new, entry-level certifi cation provides students with confi dence, credibility, and differentiation.

Explore IT career options without committing a lot of time and resources MTA exams validate the core technology knowledge that is in demand today by businesses around the world. Whether you want to explore becoming a network administrator, software engineer, web developer, or database analyst, MTA gets you started on the right path.

Prepare to compete A little investment in IT can go a long way in today’s job market. Becoming MTA certifi ed helps you build a solid foundation to prepare for intermediate technology studies and for Microsoft Certifi ed Technology Specialist (MCTS) certifi cations. It can also help you compete on college admissions and jumpstart your IT career planning!

Empower yourself As the fi rst step toward becoming an MCTS, MTA shows your commitment to technology while connecting you with a community of more than fi ve million Microsoft Certifi ed Professionals. Learn from them and show them what you know by becoming MTA certifi ed!

This MTA Student Study Guide serves as a study tool to help students prepare for their MTA certifi cation exam. Students are challenged with real-life situations for each of the major topics covered in the exam. Although successful completion of the study guide exercises does not guarantee that you will pass your MTA exam, it is an excellent way to gauge your readiness to take the exam and build confi dence that you know your stuff on exam day.

I wish you all the best as you prepare for a successful career in technology!

Victoria Pohto

Victoria PohtoMTA Product Marketing Manager

Introduction

viii Introduction

Career Planning

Most IT solutions or infrastructure built on Microsoft technologies require profi ciency

with one or all of the following products, often referred to as “The Microsoft Stack.”

• Microsoft Windows® Server® as the data center or development platform

• Microsoft SQL Server® as the data and business intelligence (BI) platform

• Microsoft Visual Studio® as the suite of application life-cycle management tools

MTA is the starting point of Microsoft technology certifi cations, providing aspiring technologists with the fundamental knowledge essential to succeed with continued studies and a successful career with technology.

Preparing for and becoming MTA certifi ed helps you explore a variety of career paths in technology with-out investing a lot of time and money in a specialized career path. When you fi nd a path that is right for you, Microsoft learning products and certifi cation can help you prepare and guide your longer-term career planning.

If you already know that you want to start building a career in technology, MTA preparation and certi-fi cation is the recommended entry point. Becoming MTA certifi ed shows that you have a fi rm working

knowledge of the fundamental IT concepts critical for success with intermediate learning and certifi cations such as Microsoft Certifi ed Technology Specialist (MCTS). Moreover, Microsoft certifi cations demonstrate an individual’s commitment of self-investment and confi dence to take his or her knowledge and skills to the next level with an industry-recognized credential.

MTA is not a “career certifi cation,” meaning that employers recognize you as “job ready,” but it is the fi rst step toward that career goal and can help differentiate you for an internship or to college admissions committees. As you prepare for your fi rst job focusing on technology, be sure that you are equipped with an MCTS credential—the intermediate level certifi cation that validates Microsoft product and technology skills.

The MTA Certifi cation path on the next page shows you the MTA exams that are recommended prior to taking on some of Microsoft’s intermediate technology certifi cation, MCTS.

Career Planning ix

x Career Planning

Exploring Job Roles

Choosing a career path is a big decision and it’s not always easy, but you’re not alone! Microsoft

created a career site to help students understand the options and possibilities of pursuing a career in IT. The site also connects you with learning resources, student techie communities, and much more to help you prepare for a career in technology.

To chart your career with Microsoft technology, visit www.microsoft.com/learning/career/en/us/career-org-charts.aspx.

Database AdministratorAs a database administrator, you are in charge of important databases that span multiple platforms and environments. You are a strong team player who thrives in a fast-paced

environment. You build complex, highly scalable databases that meet business needs and security requirements. You are an expert in optimizing, maintaining, and troubleshooting databases, but also in designing archival, data distribution, and high-availability solutions.

Server AdministratorAs a server administrator, you are in charge of implementing and managing some of the most important technology in your organization—the servers. You use extensive

monitoring and profi ling tools to manage the network and tune systems so they perform at optimal levels. You are an expert in Active Directory®, and you have an in-depth understanding of network protocols, and fi le and directory security.

Computer Support TechnicianConsider starting your IT career by becoming a consumer support technician. You don’t need any formal work experience, but a company might require that you know how to

install, administer, and troubleshoot operating systems in a home network environment that has desktop computers, laptops, and printers. As a consumer support technician, you’ll also handle network, virus, malicious software, and hardware support issues. You’ll typically fi nd this position in small to medium-sized organizations.

Exploring Job Roles xi

Exploring Job Roles

xii Exploring Job Roles

Web DeveloperAs a web developer, you are an expert in using the dynamic programming tools and languages that fuel the web. You might work independently or be part of a team that builds

and integrates interactive web sites, applications, and services for both internal and public sites. Your role is to make it work, which means developing web applications and testing them on various browsers, enhancing and modifying them as necessary to ensure the best experience for the user. As a web developer, you might also architect websites, design data-driven applications, and fi nd effi cient client-server solutions. You must have an in-depth under-standing of the software development life cycle and be able to communicate project status, issues, and resolutions.

Windows DeveloperAs a Windows client developer, knowing how to optimize Windows code and track bugs is a given. But you also know how to use Microsoft Visual Studio® and the Microsoft .NET frame-

work to design, develop, test, and deploy Windows-based applications that run on both corporate servers and desktop computers. Your key talents include understanding multiple Windows application models

and n-tier applications, and knowing how to work with object-oriented programming, algorithms, data structures, and multithreading. Windows developers have an in-depth understanding of software engi-neering principles, software life cycles, and security principles.

Additional Online Resources for New Developers:

http://msdn.microsoft.com/beginner

http://msdn.microsoft.com/rampup

Imagine CupThe Imagine Cup is the world’s premier student technology competition where students from

around the world can learn new skills, make new friends, and change the world. Competitions include Software Design, Embedded Development, Game Design, Digital Media and Windows Phone 7. The brightest young minds harness the power of technology to take on the world’s toughest problems.

www.imaginecup.com

Value of Certifi cation

Technology plays a role in virtually everything we do. In the 20-plus years since Microsoft has

been certifying people on its products and technolo-gies, millions of people have gained the knowledge, expertise, and credentials to enhance their careers, optimize business solutions, and create innovation within just about every business and social sector imaginable. Today’s Information Technology (IT) hiring managers are more often using professional credentials, such as Microsoft certifi cation, to identify properly skilled IT candidates. Certifi cation becomes a way to easily differentiate qualifi ed candidates in a sea of resumes.

The job outlook for IT professionals, as reported in a study prepared by the U.S. Department of Labor’s Bureau of Labor Statistics (BLS), is positive! The BLS indicates an increase that will be “faster than the average for all occupations through 2014” for Computer Support Specialists, Systems Engineers, Database Administrators, and Computer Software Engineers. One signifi cant message resulting from this study is that information and communications

technology (ICT) skills are the entry ticket to the job market, regardless of the country, industry, or job function. Information Technology is clearly an area worth investing time, resources, and education in – and technology certifi cation is a key part of the education process, validating product and technology expertise as a result of their learning experiences.

Microsoft IT Certifi cations provide objective validation of the ability to perform critical IT functions success-fully for worldwide IT professionals, developers, and information workers. Microsoft certifi cations repre-sent a rich and varied spectrum of knowledge, job roles, and responsibilities. Further, earning a specifi c certifi cation provides objective validation of thecandidate’s ability to perform critical IT functions successfully. Embraced by industry professionals worldwide, Microsoft certifi cation remains one of the most effective ways to help reach long-term career goals.

Value of Certif ication xiii

MTA 98-365

WINDOWS SERVER ADMINISTRATION FUNDAMENTALS

1 Understanding Server Installation

IN THIS CHAPTER

■ 1.1/1.2 Understand device drivers; Understand services

■ 1.3 Understand server installation options

Understand device drivers; Understand services 5

Understand device drivers; Understand services

SCENARIO: Maurice Taylor is the network administrator for Fabrikam, Inc. A workstation that he plans to image and roll out to production is having issues with the video display. The display worked initially when he fi rst set up the system. After applying several system and driver updates, the video has degraded to standard VGA 640x800 and performance has really stunk. He knows this won’t be acceptable.

Maurice also is having an issue with the fi rewall service on his Windows® Server® 2008 R2 Web server. The service fails to start when the system starts; however, Maurice can start it manually after he logs in. Maurice does not want to manually start that service every time maintenance on the web server is required, and he realizes that he’ll be in big trouble if he doesn’t secure the web server by forgetting to turn on the fi rewall service.

1. What could be a possible reason for Maurice’s video problems? a. Maurice installed the wrong video driver b. Maurice installed an incompatible or corrupted video driver c. the video adapter is not properly seated on the system board

2. Where should Maurice check to verify if he has a proper driver installed? a. Event Viewer b. Disk Management c. Device Manager

3. What can Maurice do with the web service to ensure that it will start after the other system services finish their startup?

a. configure a delayed startup for the web service through the services.msc b. write a batch program to start the service as a scheduled task c. configure the service to restart after first failure

OBJECTIVE UNDERSTANDING SERVER INSTALLATION 1 .1/1 .2

Performance suffers if a service is failing to start.

6 CHAPTER 1: Understanding Server Installation

Answers1. Maurice’s video problem occurred because:

b. Maurice installed an incompatible or corrupted video driver

2. Driver problems can be found in the: c. Device Manager

3. The interim solution to the web service is: a. configure a delayed startup for the web service through the services.msc. Maurice can open

services.msc and configure the service for a delayed start for the startup type. This will allow the remaining services to finish starting. Maurice should investigate what possible services would be causing these issues.

Essential details• A device driver is a software component that permits an operating system to communicate with a device.

• A service is a long-running executable that performs specific functions and that is designed not to require user intervention.

FAST TRACK HELP

• http://www.microsoft.com/whdc/driver/install/drvsign/default.mspx

• http://technet.microsoft.com/en-us/library/dd919230(WS.10).aspx

• http://technet.microsoft.com/en-us/library/cc732482.aspx

FAST TRACK HELP

_______ /3

Understand server installation options 7

OBJECTIVE UNDERSTANDING SERVER INSTALLATION 1 .3

Understand server installation options

SCENARIO: On Thursday, Pat was tasked with setting up 10 servers and 20 workstations per specifi cation. Pat is aware that if he sets up each one individually, he will be at work through the weekend, and he doesn’t want to do that because he has plans to go to a concert with some friends. Pat knows the company uses Windows Deployment Services whenever a new workstation or server is rolled out. Pat would like to automate these installations with as little human interaction as possible.

1. What can Pat do to make sure he can make it to the concert this weekend? a. start his installations manually and hope they finish in time b. create one completed installation, setup and configuration of a server and a workstation and use those

two copies to image the remaining systems using Windows Deployment Services and ImageX c. sell his tickets to his buddy—it’s not going to happen

2. What is ImageX? a. a picture editing utility b. a personal image enhancement service c. a system imaging software that takes a “snapshot” of an existing, configured server

or workstation and creates an “imaged” or “cloned” version of that system and saves it to a file

3. What can Pat use to solve the last part of his problem, which requires as little human interaction as possible?

a. have a robot do the installations b. use Windows System Image Manager to create an answer file that will automatically

provide the answers to the setup questions throughout installation as well as configure and install any necessary software during the installation

c. create a DVD that will contain all of the necessary software that will be installed on the servers and workstations

Answer fi les have a variety of features that can be used through Windows Deployment Services to create a custom installation DVD.

8 CHAPTER 1: Understanding Server Installation

Answers1. Pat can complete the installs if he:

b. creates one completed installation, setup and configuration of a server and a workstation and use those two copies to image the remaining systems using Windows Deployment Services and ImageX. Creating the two images or clones will allow Pat to duplicate those installations by “pushing” those files (images) onto the hard drives of the remaining systems.

2. ImageX is: c. a system imaging software that takes a “snapshot” of an existing, configured server or

workstation and creates an “imaged” or “cloned” version of that system and saves it to a file. ImageX can be copied to a bootable CD/DVD/USB and used to create image files of an existing system for duplicating or backup purposes.

3. Pat can eliminate interactions during the installs if he: b. uses Windows System Image Manager to create an answer file that will automatically provide

the answers to the setup questions throughout installation as well as configure and install any necessary software during the installation.

Essential details• An unattended installation is a process of automating operating system installations by providing the

setup/install file with a configuration file or “answer file” to perform and answer normal install tasks and questions.

• An answer file is an XML-based file that contains setting definitions and values to use during Windows Setup. In an answer file, you specify various setup options, including how to partition disks, the location of the Windows image to install, and the product key to apply.

FAST TRACK HELP

• http://technet.microsoft.com/en-us/library/cc785644(WS.10).aspx



FAST TRACK HELP

o use dingding ucttuct _______ /3

2 Understanding Server Roles

IN THIS CHAPTER

■ 2.1 Identify application servers

■ 2.2 Understand Web services

■ 2.3 Understand remote access

■ 2.4 Understand fi le and print services

■ 2.5 Understand server virtualization

Identify application servers

SCENARIO: Cari is a systems administrator for Contoso, Ltd. She needs to develop a systems design so her company can use an email messaging system that allows for message and calendar collaboration. Contoso, Ltd. uses Microsoft® Offi ce 2010 as their mainline offi ce production suite. Her company also wants a collaboration server for their intranet. The collaboration server should support dynamic updating from the employees of Contoso, Ltd. Company offi cers would like to have the intranet monitored and protected with a threat management solution.

1. What would be Cari’s best solution for their messaging system? a. use a third party email provider and a custom developed calendaring program b. include Microsoft Exchange Server 2010 c. not recommend any solution because of the potential loss of production with an email messaging

system

2. What can meet the needs of the Contoso. Ltd. Intranet collaboration server? a. implement SharePoint® Portal Server 2010 which uses Microsoft SQL as an option to support dynamic

updating b. solicit bids from various web development firms to meet their intranet needs c. create a Microsoft Word document and send a link to it throughout the company

and call it their messaging board

3. What would be the best fit to meet the company’s needs so that they can manage their employees’ internet access through Active Directory?

a. have all employees sign an internet usage contract and document the sites they visit and promise not to install any malicious software onto their systems

b. recommend Microsoft’s Threat Management Gateway, which provides integration with Microsoft Forefront® antivirus and can grant or deny various types of internet behavior either by user name or group

c. only allow internet access from one computer that employees can sign up to use in 30-minute increments

Identif y application servers 11

OBJECTIVE UNDERSTANDING SERVER ROLES 2 .1

h or

0 i

Providing integrated solutions that will also integrate with existing applications provides fewer potential compatibility issues.

12 CHAPTER 2: Understanding Server Roles

Answers1. The best solution for their messaging system is to:

b. include Microsoft Exchange Server 2010. Microsoft Exchange will integrate with the Contoso, Ltd. Existing core production suite with reduced learning curves for their employees.

2. The collaboration server needs can be met by: a. implementing SharePoint Portal Server 2010 which uses Microsoft SQL as an option to support

dynamic updating

3. The best fit to meet the company’s needs so they can manage their employee’s internet access through Active Directory is:

b. Microsoft’s Threat Management Gateway, which provides integration with Microsoft Forefront antivirus and can grant or deny various types of internet behavior either by user name or group

Essential details• Active Directory® is the central location for configuration information, authentication requests,

and information about all of the objects that are stored within your forest.

• SharePoint provides a turnkey solution that will integrate with the existing core production suite as well as a communications server. Data will be stored with the inherent SQL application incorporated.

FAST TRACK HELP

• http://www.microsoft.com/exchange/2010/en/us/default.aspx

• http://sharepoint.microsoft.com/en-us/Pages/default.aspx

• http://www.microsoft.com/forefront/threat-management-gateway/en/us/overview.aspx

• http://office.microsoft.com/en-us/sharepoint-server-help/CH010030543.aspx

FAST TRACK HELP

_______ /3

Understand Web services 13

Understand Web services

SCENARIO: Alicia is a server administrator for Tailspin Toys. Security personnel have contacted her to provide them with security information regarding her web exposed servers. They want to know which servers will have access from beyond the perimeter security appliance so that they can accommodate the incoming and outgoing traffi c. Alicia responds that two of her three servers require perimeter access: First, the intranet server, which is running SharePoint, will need SSL access for the remote toy salespeople. Her second server is the company’s web server, where online customers can buy their toys from the comfort of their own homes. Customer transactions must be secured in some fashion. Their web developers also request FTP access to the web server so that they can upload and download updated content.

1. The security people have asked for the ports Alicia wants available for the intranet server running Microsoft SharePoint. What will her response be?

a. 445 b. 443 c. 80

2. Alicia wants all transactions to the storefront on their web server to be encrypted. What security protocol encrypts web traffic?

a. Secure Socket Layer, SSL b. Point to Point Tunneling Protocol, PPTP c. Central Intelligence Agency, CIA

3. What does is FTP and what port(s) does it communicate on? a. FTP is File Transport Protocol, a fast, application-level protocol widely

used for copying files to and from remote computer systems on a network using TCP/IP, such as the internet. It communicates on ports 20 and 21

b. FTP is File Tuning Package, which tunes the file packages and communicates on port 3399.

c. FTP is a proprietary file protocol that only allows the transmission of encrypted files to and from remote systems and uses port 20.


d fd f

You can assume you are using SSL if your web address starts with https://, which is typical when performing any online transactions or

authentications.


AnAnswers1. The port Alicia needs open for SharePoint is:

b. 443

2. The security protocol that encrypts web traffic is: a. Secure Socket Layer, SSL

3. FTP is: a. File Transport Protocol. It is a fast, application-level protocol widely used for copying files

to and from remote computer systems on a network using TCP/IP, such as the internet. It communicates on ports 20 and 21.

Essential details• A port is an application-specific communications endpoint used by Transport Layer protocols of the

Internet Protocol Suite. A specific port is identified by its number, commonly known as the port number, the IP address with which it is associated, and the protocol used for communication.

• SSL supports authentication of client, server, or both, as well as encryptions during a communications session.

FAST TRACK HELP

• http://www.iis.net

• http://sharepoint.microsoft.com/en-us/Pages/default.aspx

FAST TRACK HELP

_______ /3

Understand remote access 15


Understand remote access

SCENARIO: Craig works for Fourth Coffee as their network administrator. Fourth Coffee provides coffee and coffee-making products throughout the United States. Fourth Coffee wants their salespeople, who manage their own regions of the country, to be able to have access to their enterprise resource management application so that they can update their sales numbers regardless of where they are located. This access needs to be secured. Craig also needs to provide remote support for their sales force. Fourth Coffee’s server infrastructure is predomi-nantly Microsoft Server® 2008 R2 and their salespeople use Microsoft Windows® 7 Professional on their laptops.

1. What is the most cost-effective and efficient method to provide remote support for their sales force? a. enable Remote Assistance for all of the salespeople, which will enable Craig to remote into their systems

while they are logged on and simultaneously troubleshoot or monitor their activities. Remote Assistance is already a feature of Windows 7 at no additional cost.

b. make sure all salespeople have their own mobile phones so that Craig can provide phone support for the salespeople

c. purchase a third-party remote support software license for each laptop. This would require Craig to retrieve all remote laptops for installation and training purposes.

2. What can Craig do to provide secure access to Fourth Coffee’s enterprise software? a. have their sales people email all sales data three times a day to the corporate

headquarters where the data can be input b. enable and configure Remote Desktop Services for Microsoft Windows Server 2008

R2 through Virtual Private Network (VPN) tunnel and push the enterprise software as a Remote Application

c. install a third-party remote server on top of Windows Server 2008 R2 with additional licensing

3. By default, what communication port does Remote Desktop Protocol communicate on?

a. 443 b. 445 c. 3389

R2

Remote Desktop Services is an inherent application in Microsoft Windows Server 2008 R2 and the Remote Desktop Client is an inherent service on Microsoft Windows 7 Professional.


Answers1. The most cost-effective and efficient method is to:

a. enable Remote Assistance for all of the salespeople, which will enable Craig to remote into their systems while they are logged on and simultaneously troubleshoot or monitor their activities

2. To provide secure access Craig can: b. enable and configure Remote Desktop Services for Microsoft Windows Server 2008 R2 through

Virtual Private Network (VPN) tunnel and push the enterprise software as a Remote Application

3. By default, Remote Desktop Protocol communicates on port: c. 3389

Essential details• Remote Desktop is used for administration. Remote desktop is available on

Windows 7 and Server 2008 R2 by enabling it through Advanced System Settings. It allows a user to remote into a system when enabled and take control.

• Right-click Computer->Properties• Select Remote Settings on the left• Click the radio button to Allow Connections Only From Computers

Running Remote Desktop With Network Level Authentication as shown here:

• Remote Assistance is a technology in Windows that enables Windows users to help each other over the internet.

FAST TRACK HELP

• http://www.microsoft.com/systemcenter/appv/default.mspx

• http://technet.microsoft.com/en-us/windowsserver/ee236407.aspx

FAST TRACK HELP

elpelp

_______ /3

Understand f ile and print services 17


Understand fi le and print services

SCENARIO: Kern Sutton is the regional systems administrator for Wingtip Toys. The company has asked Kern to upgrade their existing fi le server to Microsoft Windows Server 2008 R2. They also want Kern to confi gure the new server to support print sharing as well. Kern eagerly accepts the challenge as he is excited to work with the new operating system. Kern must secure both the shares and folders using the appropriate rights and permissions. Kern discovers that this isn’t an old-time Windows Server!

1. What Role(s) are required for Kern to accomplish his task? a. Microsoft File and Printer sharing b. File Services Role and Print and Document Services Role c. File Services for MacIntosh

2. Is there an alternate method to install the File Services Role? a. No, the role must be installed through the Add Roles Wizard b. Yes, when Kern initially shares a folder, the Role will be added automatically c. Yes, through a separate download from Microsoft

3. What tasks can be accomplished through the Print Management console? a. deploy printers and print servers, manage printers, update drivers, and manage

print queues b. manage print queues only c. remove a printer from a user’s desktop

The Print Management console is a single landing zone for all print management needs.


Answers1. Required Roles include:

b. File Services Role and Print and Document Services Role. Microsoft File and Printer service has now been split into separate roles.

2. There is an alternate method: b. yes, when Kern initially shares a folder, the Role will be added automatically. Adding the Role

through the Add Role Wizard is a preferred method of installation

3. The tasks that can be accomplished include: a. deploy printers and print servers, manage printers, update drivers, and manage print queues

Essential details• A print server is a workstation that is dedicated to managing printers on a network. The print server can be

any station on the network.

• NTFS rights apply to a folder or file regardless of how it is being accessed. Share permissions apply to the resource when it is being accessed over the network.

• The effective right of a resource being accessed over the network is based on the most restrictive permission or right that is applied.

FAST TRACK HELP


• http://technet.microsoft.com/en-us/library/dd759058.aspx

FAST TRACK HELP

_______ /3

Understand server vir tualization 19


Understand server virtualization

SCENARIO: Molly Dempsey’s company, Northwind Traders, has more than 50 servers that are due to be upgraded. Molly must determine the most cost-effective method of upgrading these servers. She has several options that she must consider to make her decision. Northwind Traders has several older applications that are part of the problem because they are only supported on the existing legacy operating systems. Molly also has a desire to simplify her backup and disaster recovery procedures. Molly is considering virtualization to address these various needs.

1. What appears to be Molly’s best solution for the legacy applications? a. only upgrade the hardware the applications are running on and install the legacy operating system b. virtualize the legacy systems by performing a physical to virtual migration and run these systems on a

host Microsoft Hyper-V solution c. keep the legacy systems running on their legacy operating systems on the legacy hardware, which

would ensure her legacy at this current, soon-to-be legacy employer

2. How can virtualization help simplify Molly’s disaster recovery needs? a. allows for application portability and flexibility across hardware platforms b. can’t help simplify her situation—it will only complicate her procedures c. can help simplify her procedures—there isn’t a need for disaster recovery when

utilizing virtualization technologies because they perform virtual backups

3. What are the additional benefits that Northwind Traders will realize when they implement virtual technologies?

a. no additional benefits will be realized by using server virtualization b. they will not benefit from server virtualization but rather lose out as the costs

of virtualization are dramatically underestimated c. they will be able to consolidate their servers and reduce the number of physical

computers they will have to support

Most entry-level server virtualization platforms are free to the end user. Costs are added if the user requires additional management

features.


Answers1. Molly’s best solution is to:

b. virtualize the legacy systems by performing a physical to virtual migration and run these sys-tems on a host Microsoft Hyper-V solution

2. Virtualization can help simplify her disaster recovery needs by: a. allowing for application portability and flexibility across hardware platforms. The system

archives the virtual system or file. The virtual system is not dependent on the hardware platform it is running on.

3. The additional benefits that Northwind Traders will realize when they implement virtual technologies include:

c. they will be able to consolidate their servers and reduce the number of physical computers they will have to support. They will also reduce their carbon footprint because of reduced energy needs, making their company a greener company. They can also reduce the number of people needed to support their large number of servers.

Essential details• Server virtualization is the ability to run a full operating system on a platform so that the operating system

performs as though it were a real system.

• Physical to virtual (P2V) is a process in which an existing physical computer is converted into a virtual machine. Virtual to physical (V2P) is a process in which an existing virtual machine is converted or deployed to one or more physical computers.

FAST TRACK HELP



FAST TRACK HELP

anters. t

_______ /3

3 Understanding Active Directory

IN THIS CHAPTER

■ 3.1 Understand accounts and groups

■ 3.2 Understand organizational units (OUs) and containers

■ 3.3 Understand Active Directory infrastructure

■ 3.4 Understand group policy

Understand accounts and groups 23

OBJECTIVE UNDERSTANDING ACTIVE DIRECTORY 3.1

Understand accounts and groups

SCENARIO: Sara Davis is the helpdesk manager for Wide World Importers (WWI). WWI has asked Sara to provide procedures and training for her helpdesk staff that will allow them to be more profi cient at normal day-to-day administrative tasks, including creating domain and local user accounts, managing group memberships, and understanding what’s “under the hood” as it relates to managing user accounts. This includes technical details such as the location of the user database for both local and domain systems, acceptable naming conventions, and what characters are not allowed.

1. What is the name and location of the file that contains the local user and group objects? a. userDB: c:\userdb.mdb b. Security Accounts Manager Database: %systemroot%\system32\config c. ntds.dit: c:\windows\ntds

2. Which of the following is an unacceptable user account name? a. Abercrombie?kim b. Mu.Han c. MPatten

3. What is the rule related to nesting domain and local groups? a. domain groups can contain local groups, but local groups cannot contain domain

groups b. domain groups and local groups cannot be nested c. local groups can contain domain groups, but domain groups cannot contain

local groups

The local users and groups security boundary is limited to the system they are created on.

24 CHAPTER 3: Understanding Active Directory

Answers1. The name and location of the file that contains the local user and group objects is:

b. Security Accounts Manager Database: %systemroot%\system32\config. The Active Directory Domain Services database is named ntds.dit. The file is located by default in %systemroot%\ntds.

2. An unacceptable user account name is: a. Abercrombie?kim

“ / \ [ ] : ; | = , + * ? < > “ / \ [ ] : ; | = , + * ? < > @ are not accepted characters for user accounts.

3. The rule related to nesting domain and local groups is: c. local groups can contain domain groups, but domain groups cannot contain local groups

Essential details• The Security Accounts Manager (SAM) is a database present on servers running Windows Server 2008 R2

that stores user accounts and security descriptors for users on the local computer.

• The following steps create a local user account and add it to the Power Users group through the command line:

• Start->All Programs->Command Prompt Type: net user WHarp myP@ssword /fullname:”Walter Harp” /comment:”A member of the Power Users Group” /logonpasswordchg:yes /add

FAST TRACK HELP


• http://support.microsoft.com/kb/909264

FAST TRACK HELP

_______ /3

Understand organizational units (OUs) and containers 25

Delegation of control grants specifi c admini-strative tasks such as resetting passwords to individual users or groups without making them

domain administrators.


Understand organizational units (OUs) and containers

SCENARIO: Victoria Flores is the Directory Services administrator for Humongous Insurance. Humongous Insurance is a large insurance company with offi ces throughout the country. The IT needs and wishes of various branches vary greatly and it is a challenge to manage it all.

The company wants to design its Active Directory structure to better suit these various needs and allow for easier management of the various computers and departments. They have asked Victoria to create an organizational unit design that will fi t their goals. One of their main goals is to create a model with which they can maintain consistency and usability. They also want to be able to manage each department without granting particular users complete administrative privileges.

1. What can Victoria do to solve the administration issue? a. give the domain administrator password to the employee assigned to manage each departmental

organizational unit b. simply perform all the administrative tasks herself c. delegate control to the employee assigned to manage each departmental organizational unit and grant

specific administrative rights for that container

2. How can an organizational unit be created? a. Active Directory Users and Computers, PowerShell, command line,

Active Directory Administrative Center b. User Manager for Domains c. organizational units can only be created through Active Directory

Users and Computers

3. Which command creates an OU called Marketing in the domain HUMONGOUS.LOCAL?

a. dsadd ou “ou=Marketing,dc=humongous,dc=local” b. makeou=marketing.humongous.local c. “ou=marketing,dc=humongous,dc=local”


Answers1. Victoria can solve the administration issue if she:

c. delegates control to the employee assigned to manage each departmental organizational unit and grants specific administrative rights for that container

2. An organizational unit can be created through: a. Active Directory Users and Computers, PowerShell, command line, Active Directory Administra-

tive Center

3. An OU is created with the command: a. dsadd ou “ou=Marketing,dc=humongous,dc=local”

Essential details• Organizational units are Active Directory containers into which you can place users, groups, computers, and

other organizational units.

• Organizational units can be structured to meet various needs. They can be structured based on geographic location, business structure (departments), organizational need, specific role or function, operating system version, or platform and any combination mentioned.

FAST TRACK HELP

• http://technet.microsoft.com/en-us/library/cc758565(WS.10)


FAST TRACK HELP

_______ /3

Understand Active Directory infrastructure 27


Understand Active Directory infrastructure

SCENARIO: Andrew Ma is the systems administrator for Coho Winery. Recent changes in the business and in advertising strategies have increased the popularity of Coho wines beyond expectations. Because of the meteoric rise of Coho’s sales, the company has decided to migrate from a workgroup network to a centrally managed domain model using Microsoft Windows Server 2008 R2 Active Directory Domain Services.

This IT change will allow Andrew to utilize several benefi ts of a domain, including organizing network objects, applying group policies to manage desktop computers, and managing security. Andrew has decided to have multiple domain controllers for redundancy, as well as to split operations roles. The new organization system will support future company growth.

1. What is a benefit of having a domain model network as opposed to a workgroup? a. there isn’t any benefit—it is cost-prohibitive. It is easier to manage user accounts on 20 different

computers than a centrally managed option b. it allows for a centrally managed system where employees authenticate to the domain rather than to

each individual workstation c. the only benefit is that it is easier to secure than a workgroup model

2. What should Andrew do to determine which domain controller maintains the operations role of RID master?

a. contact the previous system administrator b. open Active Directory Users and Computers, right-click his domain, and select

Operation Masters c. create a batch file that will query each domain controller to determine

who is responsible for the RID master

3. What domain controller maintains all five operations roles by default? a. the first domain controller in the forest b. operations roles are automatically transferred to subsequent domain controllers

as they are added to the forest c. the domain controller is selected by the administrator when the system is being promoted

Migrating from a workgroup model to a domain model allows for ease of administration. It creates a centrally managed database that can be replicated across domain

controllers which adds fault tolerance.


_______ /3

Answers1. The primary benefit of a domain model network is:

b. having a centrally managed system where employees authenticate to the domain rather than to each individual workstation. This allows for better security policies and network management.

2. Andrew can determine which domain controller maintains the operations role of RID master if he b. opens Active Directory Users and Computers, right-clicks his domain, and selects Operation

Masters

3. The domain controller that maintains all five operations roles by default is: a. the first domain controller in the forest. The operations roles have to be transferred manually when

the additional domain controllers are promoted in the forest. NTDSUTIL is a command-line utility that can accomplish this task.

Essential details• A domain is a unit of replication.

• A domain controller is a server that is running a version of the Windows Server operating system and has Active Directory Domain Services installed.

• In a domain model, the user authenticates once to the domain, which maintains all information about other objects in the domain. Compare this to a workgroup model in which the administrator has to duplicate user accounts on any workstation that is sharing resources. This means that a single user would have to have a user account created for on each computer she accesses.

FAST TRACK HELP



FAST TRACK HELP

Understand group policy 29


Group Policy settings apply to users regardless of the workstation they authenticate to.

Understand group policy

SCENARIO: Benjamin Harris works for Wingtip Toys as their desktop administrator. Ben’s primary function is desktop management and support of the company’s desktop environment. His main goal is to have a quiet day at his desk so he can research new ideas for Wingtip Toys. He has several tools at his disposal to accomplish this but his most important tool is his use of group policies on their domain.

Some issues have arisen in various departments:

• Employees want to have customized desktops and features on their systems and still maintain consis-tency with Wingtip Toys

• Administrators at Wingtip Toys want some primary settings to remain consistent on all systems in the company but want to allow each department to have individual settings that will help them per-form their jobs more efficiently

1. Wingtip Toys only want password policies applied to their Testing Division. Ben wants to create a Group Policy Object for the Testing orga-nizational unit that sets these password policies. Will this accomplish what Wingtip Toys wants?

a. yes, the password policy set at the organiza-tional unit level will only apply to the users and computers in that OU

b. yes, the password policy will apply to the users in the Testing division no matter what computer they log onto

c. no, password policies can only be applied at the domain level

2. Ben wants to see if the policies he set are in effect. He does not want to reboot or wait for the system to refresh automatically in 90 minutes. What command can he issue to force the application of group policies?

a. gpupdate /NOW b. gpedit.msc /update c. gpupdate /force

3. Ben has a policy that sets his homepage in Internet Explorer to open to http://wingtip-toys.com. The testing department has their homepage in IE set to open to http://testing.wingtiptoys.com. What will the homepage display when Ben logs into a testing department workstation?

a. http://wingtiptoys.com.User Policy settings follow the user

b. http://testing.wingtiptoys.com. He is authenticating to a testing department station

c. Internet Explorer default MSN homepage. He is not a Testing user and it’s not his workstation


_______ /3

Answers1. Wingtip Toys want password policies applied only to their Testing division:

c. No, password policies can only be set and applied at the domain level. Password policies can only be set and applied at the domain level. The user has already authenticated by the time organizational unit policies are applied.

2. The command to force the application of group policies is: c. gpupdate /force

3. When Ben logs into a testing department workstation his homepage will display: a. http://wingtiptoys.com. User Policy settings follow the user

Essential details• A Group Policy is an infrastructure that enables administrators to implement specific configurations for users

and computers.

• Winlogon is a component of the Windows operating system that provides interactive logon support. Winlogon is the service in which the Group Policy engine runs.

• Group Policy Preference enables administrators to manage drive mappings, registry settings, local users and groups, services, files, and folders.

FAST TRACK HELP



• http://www.microsoft.com/downloads/details.aspx?FamilyID=18c90c80-8b0a-4906-a4f5-ff24cc2030fb&displaylang=en

FAST TRACK HELP

4 Understanding Storage

IN THIS CHAPTER

■ 4.1/4.2 Identify storage technologies; Understand RAID

■ 4.3 Understand disk types

Understand Windows application deployment methods

SCENARIO: Stepan spends much of his free time in the outdoors, camping, hiking, and canoeing. Whenever school is not is session, he tries to take at least one trip. He has developed two applications to help him enjoy his hobbies. The fi rst application helps him log his activities, downloads data from his GPS unit, and automatically posts updates to his favorite social media websites. The second is a relatively simple application for planning trips; it helps him organize his maps, plan the supplies he’ll need, and keep track of weather reports in the days before he leaves. Both programs are Windows Forms applications.

He has always run the applications from his own computer, but now that his friends have seen how well they work, he would like to distribute copies for others to enjoy.

1. The planning application is newer and Stepan is still making frequent changes. Which deployment option checks for updates before installing the application?

a. ClickOnce b. Windows Installer c. Both deployment options automatically check for updates.

2. The log application interfaces with a GPS and must install a device driver upon deployment. Which option is best suited for this application?

a. ClickOnce b. Windows Installer c. Neither deployment option can install a device driver.

3. Which option will allow Stepan to distribute his applications via USB drives? a. ClickOnce b. Windows Installer c. Both deployment options can be distributed via USB drive.

Answers1. If Stepan wants the installer to check for updates, the deployment method he should use is:

A. ClickOnce

Identif y storage technologies; Understand RAID 33

OBJECTIVE UNDERSTANDING STORAGE 4 .1/4.2

The amount of drive space used for redundancy is 1/n (total drive space) where n is the total number of drives in the array.

Identify storage technologies; Understand RAID

SCENARIO: Howard Gonzalez is the systems administrator for Humongous Insurance. The company is responsible for protecting the property of hundreds of thousands of clients across 14 states. Because of the time-critical nature of the data stored by Humongous Insurance, Howard is researching his best alternative to ensure that the customer service representatives have access to their client’s information whenever they need it. Server downtime is not an option for Humongous Insurance, where customer satisfaction is top priority. Howard is considering various form of Redundant Array of Independent Disks (RAID), possibly confi gured in a Network Attached Storage (NAS).

1. What is the minimum number of hard drives required if Howard wants to configure a RAID 5 solution?

a. 5 b. 2 c. 3

2. What is a benefit of NAS over Storage Area Network (SAN)? a. There isn’t any advantage; they are equal b. NAS provides file serving without the need for a server c. NAS benefits from being attached to a server on the network to provide

file abstraction

3. Howard is configuring a server with RAID 5. He is using four 750-GB hard drives in his RAID array. How much available free space will Howard have after RAID is configured?

a. 750 GB b. 2,250 GB c. 2,250 TB

34 CHAPTER 4: Understanding Storage

Answers1. The minimum number for hard drives required to configure a RAID 5 solution is:

c. 3

2. A benefit of NAS over Storage Area Network (SAN) is that:b. NAS provides file serving without the need for a server

3. After RAID is configured Howard will have:b. 2,250 GB of free space (3000-¼(3000)=2,250)

Essential details• Network-attached storage (NAS) is file-level computer data storage connected to a computer network

providing data access to heterogeneous clients.

• NAS does not require a server to provide services. SAN requires a server to provide file abstraction services. NAS reduces the number of servers on a network.

• A Redundant Array of Independent Disks (RAID) is a data storage method in which data is distributed across a group of computer disk drives that function as a single storage unit.

• Available free space after RAID 5 is configured =Total drive space-1/n (total drive space) 3000-¼(3000)=2,250

FAST TRACK HELP

• http://msdn.microsoft.com/en-us/library/ms184252(SQL.90).aspx

FAST TRACK HELP

_______ /3

Understand disk types 35

OBJECTIVE UNDERSTANDING STORAGE 4 .3

Self-healing NTFS does not protect against hardware malfunctions.

Understand disk types

SCENARIO: Luka Abrus works for City Power and Light as a systems administrator. Luka wants to increase the data availability for three servers without having to rebuild them from scratch and without incorporating a great deal of cost by purchasing array controllers. Luka also would like to be able to use data on one system and transport it to another system and have it appear as another hard drive.

1. What can Luka do to increase his server data availability without additional costs of an array controller or rebuilding each server?

a. make sure the servers are always on b. add another physical drive to each server, convert the drives from basic disks to a dynamic disk,

and establish a mirror (RAID 1) between the two drives c. make sure that his backups are running every night to ensure that he can restore data in the event

of a failure

2. What can Luka do to be able to transport data from one system to another and have it appear as a separate drive?

a. create a virtual hard disk (VHD) to store the data b. carry an external drive and attach it from one system to another c. compress the data and email the data to himself

3. What advantages will Luka experience when using self-healing NTFS in Microsoft Windows Server 2008 R2?

a. continuous data availability b. no concerns about physical drive failure c. no need to install antivirus software

36 CHAPTER 4: Understanding Storage

Answers1. To increase his server data availability without additional costs of an array controller or rebuilding each

server, Luka can:b. add another physical drive to each server, convert the drives from basic disks to a dynamic disk

and establish a mirror(RAID 1) between the two drives

2. To be able to transport data from one system to another and have it appear as a separate drive, Luka can:a. create a virtual hard disk (VHD) to store the data. The vhd can be stored to a network share and then

be utilized from one system to another and mounted as a virtual drive. A VHD can be mounted to any Windows system and appear as a separate physical drive

3. When using self-healing NTFS in Microsoft Windows Server 2008 R2, Luka will experience the advantage of:a. continuous data availability. Self-healing NTFS attempts to correct corruptions of the file system with-

out requiring the use of chkdsk.exe

Essential details• A dynamic disk is a physical disk that can use the master boot record (MBR) or GUID partition table (GPT)

partitioning scheme and has the ability to create fault tolerant volumes (mirrored and RAID-5 volumes).

• A mount point is an association between a volume and a directory on another volume.

• Microsoft virtual hard disk (VHD) file format specifies a virtual machine hard disk that can reside on a native host file system encapsulated within a single file.

FAST TRACK HELP


• http://windows.microsoft.com/en-US/windows-vista/What-are-basic-and-dynamic-disks


FAST TRACK HELP

_______ /3

5 Understanding Server Performance ManagementIN THIS CHAPTER

■ 5.1 Identify major server hardware components

■ 5.2 Understand performance monitoring

■ 5.3 Understand logs and alerts

2. If he wants to install a device driver he should use: B. Windows Installer

3. Stepan’s applications can be distributed via USB drives because: C. both deployment options can be distributed via USB drive.

Essential details• The .NET Framework provides two primary technologies for deploying applications: ClickOnce and Windows

Installer.

• Both technologies:• provide a user interface to guide users through the installation process.• allow for the creation of Start Menu and desktop shortcuts.• can be distributed by a website or by removable media. • can register file types.

• The advantages and features of ClickOnce include: • There is minimal user interaction during the installation process.• The technology automatically checks for updates.• Updates do not require complete reinstallation of application.

• Features of Windows Installer include the use of a “wizard” that assists the user with installation and the flexibility to handle a variety of installation situations.

• In general, ClickOnce is simpler and is ideal for applications that are updated frequently.

• Windows Installer provides more control over the installation process and is flexible enough to handle unusual or complicated setup requirements.

FAST TRACK HELP

• http://msdn.microsoft.com/en-us/library/y18k4htb.aspx

• http://msdn.microsoft.com/en-us/library/e2444w33.aspx

FAST TRACK HELP

Identif y major server hardware components 39

OBJECTIVE UNDERSTANDING SERVER PERFORMANCE MANAGEMENT 5.1

Identify major server hardware components

SCENARIO: Proseware Inc. has recently purchased land to expand their business center. A great deal of thought and research must go into planning for the technology needs of a business the size of Proseware.

Cari has been the server administrator at Proseware for several years and has a deep understanding of the technology needs related to the server components. Proseware has asked Cari to submit a plan for the redesigned datacenter that will ensure data redundancy and server availability. The overall business plan is dependent upon a dependable data system.

1. What technology can Cari implement that will allow for the replacement of server components while the servers are still running?

a. the technology does not exist b. component live swappable c. hot swappable/pluggable

2. What can Cari implement that will protect the servers from a power outage and allow the systems to be shut down gracefully in the event of a power loss?

a. uninterruptable power supply (UPS) b. a script that will shut down the server when the datacenter loses power c. several surge suppressors for the servers

3. Why is it important for Cari to have climate control within the datacenter? a. to be comfortable when she is working in the datacenter b. to prevent servers from overheating c. it is irrelevant— servers are configured with their own cooling systems

ASHRAE recommends a temperature range of 61 to 75 degrees Fahrenheit and a humidity range of 40 to 55 percent.

40 CHAPTER 5: Understanding Server Performance Management

Answers1. To allow for the replacement of server components while the servers are still running, Cari can implement:

c. hot swappable/pluggable. Various hot swappable components include hard disks and fans.

2. To protect the servers from a power outage and allow the systems to be shut down gracefully in the event of a power loss, Cari can implement:

a. uninterruptable power supply (UPS). A UPS only protects against power outages and is used to gracefully shut the systems down in the event of an extended power loss

3. It is important for Cari to have climate control within the datacenter: b. to prevent servers from overheating

Essential details• Hot pluggable technology includes replacing system components without shutting down the system.

• Memory is a hardware device where information can be stored and retrieved.

• A Network Interface Card (NIC) is a hardware device that handles an interface to a computer network and allows a network-capable device to access that network.

FAST TRACK HELP

• http://en.wikipedia.org/wiki/Hot_swapping

• http://upload.wikimedia.org/wikipedia/en/2/29/Chassis-Plans-Rack.jpg

FAST TRACK HELP

_______ /3

Understand performance monitoring 41


Understand performance monitoring

SCENARIO: Cliff Majors works for Southridge Video as a systems administrator. Southridge Video began as a start-up business in southern Georgia just a few years ago and its popularity has skyrocketed; Southridge has a unique ability to anticipate customer needs and provide services before customers are even aware that they would fi nd the services valuable.

A while ago the company introduced a service for customers to rent videos over the internet and stream the movies to their computers or internet-capable devices. In spite of their best planning and anticipation of prob-lems, calls have come in from the customers complaining that the quality of the video is poor or that the videos just aren’t available.

1. Cliff attempted to close a program on one of the video servers; however the application did not respond. What application can he open to end that process?

a. File Manager b. Task Manager c. Command Prompt

2. Cliff wants to compare the performance reports he created when he initially deployed the video servers. What application does he need to launch to create a comparison report?

a. Network Monitor b. netstat c. Performance Monitor

3. Cliff is analyzing Performance Monitor and adds a counter that tracks page file/usage and hits. Cliff notices that the page file is being accessed continuously. What can Cliff do to solve this issue?

a. add more RAM b. adjust the size of the page file c. move the page file to another physical drive on the system

Continuous page fi le hits are a result of a system not having enough RAM.


Answers1. To end a process that cannot be closed in the usual manner, Cliff can open the:

b. Task Manager

2. To create a comparison report, he must launch the: c. Performance Monitor. It is important to create a baseline performance report using Performance

Monitor when deploying a system. This allows the administrator to have a report to compare against. The reports can be overlapped within Performance Monitor to have a visual comparison.

3. To solve the problem of continuous page file hits, Cliff should: a. add more RAM

Essential details• A page file is a hidden file on the hard disk that operating systems use to hold parts of programs and data

files that do not fit in memory.

• A process is a program or part of a program.

• Performance is the measure of how quickly a computer completes application and system tasks.

FAST TRACK HELP





FAST TRACK HELP

_______ /3

Understand logs and alerts 43


Understand logs and alerts

SCENARIO: Walter Felhofer manages the network at Graphic Design Institute. He has been monitoring the network for several months to better understand the traffi c variations. The network performance seems to vary greatly and Walter suspects a variety of causes ranging from the time-of-day use to events that coincide with special promotions and cyclical events. Walter keeps this historical data as it relates to the systems performance. He reviews this data on a regular basis as well as reviewing the data in comparison mode because he knows that it contains details that will be valuable for justifying future technology acquisitions and creating business plans.

1. What benefit can Walter gain by maintaining a historical record of the system’s performance? a. use of the data to justify future upgrades as well as to identify performance trends throughout the year b. provide performance documentation if a supervisor asks for it c. there is no benefit to keeping a historical record of your systems performance because technology

changes so frequently

2. Walter’s job keeps him very busy. He is unable to watch performance logs and data all day long. What can Walter do so he can perform his other day-to-day tasks and not miss any major performance issues?

a. hire an intern to watch performance monitor and page him whenever something goes wrong

b. create a Performance Alert that will send a network message, write an event log, or run a program when certain criteria are met

c. remote into the systems periodically to check performance logs, regardless of whether he is busy

3. What is the default location for system performance logs? a. %systemroot%\logs b. #system#\perflogs c. %systemdrive%\PerfLogs

Performance monitoring is crucial for real-time system performance but is also important for scaling future systems and

upgrades.


Answers1. By maintaining a historical record of the system’s performance, Walter can:

a. use the data to justify future upgrades as well as to identify trends throughout the year.

2. To ensure that he doesn’t miss any major performance issues, Walter can: b. create a Performance Alert that will send a network message, write an event log, or run

a program when certain criteria are met.

3. The default location for system performance logs is: c. %systemdrive%\PerfLogs

Essential details• Objects are specific resources in the Performance Monitor that can be measured.

• Performance counters are measurements of system state or activity.

• Use of the overlay mode is only available in the Performance Monitor when it is running in stand-alone mode with comparison enabled:

• Click Start->click in the Start Search box, type perfmon/sys/comp and press Enter.• The Performance Monitor will open in stand-alone mode with comparison enabled.

FAST TRACK HELP


• http://technet.microsoft.com/en-us/library/cc722414.aspx#BKMK_alert

FAST TRACK HELP

_______ /3

6 Understanding Server Maintenance

IN THIS CHAPTER

■ 6.1 Identify steps in the startup process

■ 6.2 Understand business continuity

■ 6.3 Understand updates

■ 6.4 Understand troubleshooting methodology

Identif y steps in the startup process 47

OBJECTIVE UNDERSTANDING SERVER MAINTENANCE 6.1

Identify steps in the startup process

SCENARIO: Fourth Coffee has expanded its business to 20 new stores in neighboring states. The expansion meant that the company had to expand its IT department and hire several new technicians. It is critical that all of the new hires have knowledge and skills in maintaining the company’s technology infrastructure—the success of the company depends upon effective technology at every level of the business.

The CIO has asked the systems administrator, April Meyer, to provide training to her staff on Server 2008 R2. She wants everyone to have a fundamental understanding of the boot process as well as some troubleshooting techniques.

1. What command-line utility can April demonstrate to modify the boot configuration database? a. bcdedit.exe b. boot.ini c. ntloader.exe

2. What does the Power-On Self Test (POST) do? a. tests to see whether the power is on b. performs initial hardware checks, verifies devices, and retrieves system

configurations from CMOS c. calls programs such as autoexec.bat, config.sys, and win.ini 3. April want to demonstrate starting a computer in safe mode. What are the steps

to start a computer in safe mode? a. access the system BIOS and configure it to start in safe mode b. boot the installation media and select the safe mode option c. remove all media and then press and hold the F8 key before the

Windows Logo appears

Safe mode starts Windows with a limited set of fi les and drivers.

48 CHAPTER 6: Understanding Server Maintenance

Answers1. The utility that April can demonstrate to modify the boot configuration database is:

a. bcdedit.exe

2. The Power-on Self Test (POST): b. performs initial hardware checks, verifies devices, and retrieves system configurations from

CMOS

3. To start a computer in safe mode: c. remove all media and then press and hold the F8 key before the Windows Logo appears

Essential details• Power-On Self Test (POST) is a set of routines stored in a computer’s read-only memory (ROM) that tests

various system components such as RAM, the disk drives, and the keyboard to see whether they are properly connected and operating.

• The Master Boot Record (MBR) is the first sector of the first hard disk; it is a physically small but critical element in the startup process on an x86-based computer.

• To start a computer in safe mode remove all floppy disks, CDs, and DVDs from the computer and then restart the computer.

• If your computer has a single operating system installed, press and hold the F8 key as your computer restarts.

FAST TRACK HELP


• http://technet.microsoft.com/en-us/library/bb457123.aspx


• http://windows.microsoft.com/en-US/windows-vista/Start-your-computer-in-safe-mode

FAST TRACK HELP_______ /3

Understand business continuity 49

Understand business continuity

SCENARIO: Rachel Valdes is developing a strategic information technology plan for her company, Northwinds Traders. The main focus of this plan is to maintain business continuity by ensuring that critical business functions will be available for customers and business partners. Her plan must ensure that the needs and important activities of Northwinds customers, suppliers, regulators, and employees can be met in event of an unforeseen technology problem or a natural or human-induced disaster. She needs to plan for data redundancy as well as disaster recovery.

1. Northwinds Traders core infrastructure runs on Microsoft Windows Server 2008 R2. What inherent application can they use to implement the data redundancy portion of their strategic plan?

a. Windows Server Backup b. Active Directory Restore Mode c. NTBackup.exe 2. What benefit does folder redirection offer? a. allows administrators to direct folders to perform data backups and migrations b. allows users and administrators to redirect the path of a folder to a new

location that can provide backup on a network share c. converts a folder from one file system to another 3. Part of Rachel’s plan is to develop a disaster recovery plan. What is a disaster

recovery plan? a. the process, policies, and procedures related to preparing for recovery

or continuation of critical technology after a natural or human-induced disaster

b. a plan that dictates how to recover data and financial loss after a theft c. a procedure meant solely for recovering lost data

A disaster recovery plan is related to any technology infra-structure and should be updated on a regular basis.



Answers1. To implement the data redundancy portion of Northwinds’ strategic plan they can use:

a. Windows Server Backup

2. The benefit offered by folder redirection is to: b. allow users and administrators to redirect the path of a folder to a new location that can

provide backup on a network share. Folder redirection is a method that helps prevent users from keeping important information on their local hard drives by redirecting it to another location where it can be backed up for data redundancy.

3. A disaster recovery plan includes: a. the process, policies, and procedures related to preparing for recovery or continuation

of critical technology after a natural or human-induced disaster

Essential details• Data redundancy is a property of some disk arrays that provides fault tolerance so that all or part of

the data stored in the array can be recovered in the case of disk failure.

• Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster.

• Business continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions.

FAST TRACK HELP

• http://technet.microsoft.com/en-us/library/cc778976%28WS.10%29.aspx




FAST TRACK HELP _______ /3

Understand updates 51

Understand updates

SCENARIO: Mark Patten is a network engineer with Tailspin Toys. Tailspin Toys has asked Mark to fi nd a way to ensure that all of the systems on their network are updated on a regular basis. They also want Mike to discuss updates with their software development team because developers sometimes run into issues with updates confl icting with their custom software while they are in development process. Tailspin Toys’ desktop systems range from Windows XP to Windows 7, both 32-bit and 64-bit. They also have a mix of server operating systems running Windows Server 2003 R2 through Windows Server 2008 R2. This variety of computers and systems within a single organization is not unusual, but requires strong network administration skill on Mark’s part!

1. What can Mark do to streamline update management for Tailspin Toys? a. configure Windows Software Update Services (WSUS) to download and deploy updates based

on his needs b. arrive early every Wednesday before Tailspin Toys opens and perform Windows Updates c. allow the users to run the updates whenever they see fit

2. What can Mark do to solve the issues he will run into with the software development team? a. disable updates for the software development team b. configure a separate WSUS group and put all of the software development

computers and servers in that group c. isolate the software development team on a separate segment and allow

them to manage their own updates 3. What tool can Mark use to determine the security state in accordance with

Microsoft security recommendations? a. Qchain.exe b. Network Monitor c. Microsoft Baseline Security Analyzer (MBSA)

Use MBSA to detect common security misconfi gurations and missing security updates on computer systems.



Answers1. To streamline update management for Tailspin Toys, Mark can:

a. configure Windows Software Update Services (WSUS) to download and deploy updates based on his needs

2. To solve the issues with the software development team, Mark can: b. configure WSUS to have a separate group and put all of the software development computers

and servers in that group. He can schedule updates to be selectively applied to their system.

3. To determine the security state in accordance with Microsoft security recommendations, Mark can use: c. Microsoft Baseline Security Analyzer (MBSA)

Essential details• A hotfix is a single package composed of one or more files used to address a problem in a product.

• Update management is the process of controlling the deployment and maintenance of interim software releases into production environments.

• Service packs are cumulative set of hotfixes, security updates, critical updates, and updates since the release of the product, including many resolved problems that have not been made available through any other software updates

FAST TRACK HELP

• http://technet.microsoft.com/en-us/wsus/default.aspx


FAST TRACK HELP

_______ /3

Understand troubleshooting methodology 53


Understand troubleshooting methodology

SCENARIO: Recent changes in the network confi gurations at Coho Winery have been successfully implemented. Andrew Ma, the systems administrator, is pleased with his ability to organize network objects, apply group policies to manage desktop computers, and manage security, but the changes have brought about the need to refresh the skills of the helpdesk team.

Jeff Wang is responsible for updating the skills of the current team and training the new helpdesk hires at Coho Winery. The helpdesk team is in charge of troubleshooting various issues that come in on a day-to-day basis from the local winery and their remote winery locations located on both the east coast and the west coast. Troubleshooting methodology is imperative for the success of the helpdesk team.

1. What is an example of a systemic problem? a. a hard disk fails on a user’s computer b. a worm propagates through the entire network c. a user’s monitor will not turn on

2. What is the first tool in a Microsoft environment that should be used to determine the time and type of problem a particular system may be having?

a. resource Monitor b. task Manager c. event Viewer 3. What application allows you to view all processes and either selectively

end a single process or the entire process tree? a. resource Monitor b. task Manger c. msconfig.exe

Windows Resource Monitor allows you to view a process wait chain and to end processes that are preventing a program

from working properly.


Answers1. An example of a systemic problem is when:

b. a worm propagates through the entire network. Answers A and C are specific to a single system’s problems, not systemic.

2. The first tool in a Microsoft environment that should be used to determine the time and type of problem is: c. Event Viewer

3. To view all processes an either selectively end a single process or the entire process tree, use the a. Resource Monitor

Essential details• Event Viewer maintains logs about program, security, and system events on your computer.

• Resource Monitor is a system tool that allows you to view information about the use of hardware(CPU, memory, disk, and network) and software (file handles and modules) resources in real time.

• Event viewer can be accessed through Start->Programs->Administrative Tools->Server manager->Diagnostics->Event Viewer.

• Default location for event logs:• %systemroot%\system32\config

FAST TRACK HELP

• http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/snap_event_viewer.mspx?mfr=true



FAST TRACK HELP

_______ /3

MTA 98-366

NETWORKING FUNDAMENTALS

1 Understanding Networking InfrastructuresIN THIS CHAPTER

■ 1.1 Understand the concepts of the internet, intranet, and extranet

■ 1.2A Understand local area networks (LANs)

■ 1.2B Understand local area networks (LANs)

■ 1.3A Understand wide area networks (WANs)

■ 1.3B Understand wide area networks (WANs)

■ 1.4 Understand wireless networking

■ 1.5 Understand network topologies and access methods

Understand the concepts of the internet, intranet, and extranet 59

Understand the concepts of the internet, intranet, and extranet

SCENARIO: Before going to class, Sidney stops by Fourth Coffee for an iced coffee. The owner of Fourth Coffee, Josh, stops to talk with Sidney because he knows that she enjoys solving computer problems. Josh asks Sidney if she can help him manage Fourth Coffee’s server and wireless network.

Josh has a few projects for Sidney to start working on immediately. He would like to be able to access Fourth Coffee’s server from his home and mobile phones. In addition, he is concerned about keeping his customers’ computers safe from viruses and hackers. Also, Josh would like to provide internal company information such as schedules and company policies to his employees.

Sidney thanks Josh and tells him that she’ll start working on his projects today right after class.

1. What will Sidney need to install for Josh to be able to access Fourth Coffee’s server from his home and mobile phones?

a. a firewall b. a VPN c. an intranet

2. A firewall is to a network as: a. a door is to a classroom b. an eraser is to a pencil c. a movie is to a screen

3. The primary goal of an intranet is to: a. allow different businesses to share information b. let users access different websites c. provide company information to internal employees

OBJECTIVE UNDERSTANDING NETWORKING INFRASTRUCTURES 1 .1

Even though a browser’s security settings may be set high, a fi rewall still should be used.

60 CHAPTER 1: Understanding Networking Infrastructures

Answers1. Josh wants to be able to access Fourth Coffee’s server from his home and mobile phones, so Sidney will

install a: b. VPN. A VPN is a Virtual Private Network.

2. A firewall is to a network as: a. a door is to a classroom. Firewalls keep computers safe and doors keep classrooms safe

and quiet so that students may study.

3. An intranet’s primary goal is to: c. provide company information to internal employees. Extranets allow different business to share

information and the Internet lets users access different websites.

Essential details• VPNs create a private network and provide a secure tunnel across the Internet.

• Firewalls can be hardware devices.

• For security zones, keep the security level as high as possible.

• In Microsoft® Internet Explorer® click Tools and then click Internet Options to set your security settings.

• Mobile phones can be used to connect to a company’s servers.

FAST TRACK HELP

• http://msdn.microsoft.com/en-us/library/aa503420.aspx


• http://msdn.microsoft.com/en-us/library/ms953581.aspx

FAST TRACK HELP

_______ /3

Understand local area networks (LANs) 61

OBJECTIVE UNDERSTANDING NETWORKING INFRASTRUCTURES 1 .2A

Understand local area networks (LANs)

SCENARIO: Kim is studying to become an animator at the Graphic Design Institute. Michael, Kim’s friend from class, asks Kim to study with him after class in the school’s computer lab.

When Kim arrives in the lab she sees that Michael has already started his laptop and is connected to the school’s network. Kim starts her laptop and attempts to connect to the school’s network when she realizes that she forgot her wireless card. Kim tells Michael that she’ll have to run home and get her wireless card. Michael tells her that she does not need to have her wireless card because she can connect directly to the network.

Kim asks Michael to show her how and he pulls out a cable and starts connecting it to her laptop’s internal, wired NIC and explaining the steps.

1. What type of network is Kim trying to connect to? a. WAN b. LAN c. PAN

2. To verify that Kim’s NIC (network interface card) works, Michael pings 127.0.0.1, which is known as the:

a. loopback address b. dynamic address c. static address

3. A NIC is to a LAN as: a. lyrics are to a song b. a key is to a door c. a movie is to a TV

When troubleshooting network connections, use ping and ipconfi g.


Answers1. Kim is trying to connect to the school’s:

b. LAN. A LAN is a Local Area Network.

2. To test Kim’s NIC Michael pings the: a. loopback address. The loopback address is 127.0.0.1 and a successful ping verifies that the NIC works.

3. A NIC is to a LAN as: b. a key is to a door. A key provides access through a door just as a computer is required to have a NIC to

access a LAN.

Essential details• LANs connect local computers together in a small geographical area.

• Perimeter networks provide an extra layer of security for a company’s internal network.

• Computers connect to a LAN through a NIC (network interface card).

• The loopback address is a reserved, static address of 127.0.0.1.

• In Microsoft Windows® 7, right-click Network and select Properties to view your network configuration.

FAST TRACK HELP

• http://windows.microsoft.com/en-US/windows7/Why-can-t-I-connect-to-a-network


• http://msdn.microsoft.com/en-us/library/ee494910.aspx

FAST TRACK HELP

_______ /3

Understand local area networks (LANs) 63

Understand local area networks (LANs)

SCENARIO: Brian just graduated from his local community college in IT and started working for Adventure Works as an IT Technician. His new boss, Annie, decides to send him on a business trip to Seattle where he will help set up the computers in their new store.

When Brian arrives in Seattle he immediately checks into his hotel. He asks Erin, the hotel manager, if the hotel has Internet access. Erin tells Brian that the hotel has both wired and wireless LAN connections available, which he may use to access the Internet for free! Plus the hotel will be expanding Internet connectivity to the pool area soon.

Brian is thrilled that the hotel provides free Internet access so that he can work at night, if necessary, to succeed in his fi rst IT job.

1. When Brian connects a cable from his laptop’s NIC into an RJ45 jack he is connecting to the: a. VLAN b. wired LAN c. wireless LAN

2. A VLAN is also called a: a. logical network b. internal network c. external network

3. What will be Erin’s best solution for providing Internet connectivity to the pool area?

a. expand the hotel’s wired network b. expand the hotel’s wireless network c. add a new WAN

OBJECTIVE UNDERSTANDING NETWORKING INFRASTRUCTURES 1 .2B

Access points are used to connect wireless devices to wired networks.


Answers1. Connecting a cable from a laptop’s NIC into a RJ45 jack allows Brian to use the hotel’s:

b. wired LAN. Wired LANs use cables and wireless LANs use radio, microwave, or infrared light.

2. Another name for a VLAN is: a. logical network. VLANs segment broadcast traffic, which in turn increases network performance.

3. The best solution Erin should implement to expand Internet connectivity to the pool area is: b. expand the hotel’s wireless network. A wireless LAN is easy to install in locations such as pool areas

and hotel lobbies where it can be difficult to run cables.

Essential details• VLANs are created on switches and help improve network performance.

• Wired networks take time to install because wires need to be pulled to all of the connection jacks.

• Wireless LANs are easy to expand to remote areas.

• Security can be implemented in both wired and wireless LANs.

• In Microsoft Windows 7, click the wireless network icon (on the right side of the taskbar) to view the available wireless networks.

FAST TRACK HELP

• http://windows.microsoft.com/en-US/windows7/What-you-need-to-set-up-a-home-network

• http://www.microsoft.com/protect/data/home/wireless.aspx

• http://windows.microsoft.com/en-US/windows7/View-and-connect-to-available-wireless-networks

FAST TRACK HELP

_______ /3

Understand wide area networks (WANs) 65

Always choose the most effi cient IT solution to meet the goals of a given IT situation.

Understand wide area networks (WANs)

SCENARIO: Fourth Coffee’s business is booming! Josh, the owner, decides that now is the time to expand his business. In the next month he will open one new location 30 miles south. In three months he will open another location 30 miles north.

Josh wants to have a network between all three coffee shops. He is also concerned about security over the existing VPN that provides him with access to the coffee shop’s network from his home and mobile phones.

When Josh shares his expansion plans and IT concerns with Sidney, his IT Consultant, she tells Josh that she has the solutions. Sidney can easily expand the network because she has been studying WANs in her college classes.

1. To link all three of Fourth Coffee’s LANs together, Sidney will create a: a. LAN b. PAN c. WAN

2. Between the original coffee shop and the first expansion location, Sidney decides to order a private, dedicated line from the phone company known as:

a. a leased line b. dial-up c. ISDN

3. Sidney reassures Josh that the existing VPN is secure because the data transferred across the public network is:

a. defragmented b. encrypted c. zipped

OBJECTIVE UNDERSTANDING NETWORKING INFRASTRUCTURES 1 .3A


_______ /3

Answers1. Sidney will link all three of Fourth Coffee’s LANs together by creating a:

c. WAN. A WAN is a Wide Area Network which spans a large geographical area.

2. The private, dedicated line that Sidney orders from the phone company to connect the original coffee shop and the first expansion location is called a:

a. leased line. The cost for a leased line depends upon the speed.

3. Fourth Coffee’s VPN is secure because the data transferred across the public network is: b. encrypted. Encrypted data is scrambled, which protects it from unauthorized network clients.

Essential details• WANs can span completely around the world–from the United States to Australia!

• A WAN link selection depends upon a company’s goals for speed, availability, cost, and so on.

• The Plain Old Telephone Service (POTS) is the oldest communications network.

• For small companies, leased lines are a great WAN solution for connecting two locations.

• Always protect data by encrypting it prior to transferring it across the Internet.

FAST TRACK HELP


• http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Intro-to-WAN.html

• http://www.microsoft.com/windows/windows-7/features/bitlocker.aspx

FAST TRACK HELP

Understand wide area networks (WANs) 67

Every country has its own unique IT standards and procedures.

Understand wide area networks (WANs)

SCENARIO: While attending college, Allie accepts an IT internship at Tailspin Toys in Denver, Colorado. She realizes that this is an amazing opportunity for her to apply the skills that she has learned in her networking classes.

Richard, Tailspin Toys’ CIO, informs her that she will be working with Cristian, another IT intern, who works for Tailspin Toys in Paris, France. Together they will determine the different types of WAN connections available in the United States and France. Both locations will use point-to-point, dedicated, digital circuits between their two local offi ces within their respective countries. Speed for the digital circuits needs to be a minimum bandwidth of 1 Mbps. In addition, Allie will need to research different home connection subscriptions available for Tailspin Toys’ employees so that they can access the company’s network via the Internet.

Allie and Cristian have fun challenges to solve!

1. Cristian determines that the point-to-point, dedicated, digital circuit that is available in Paris and meets the minimum bandwidth of 1 Mbps is the:

a. E1 b. F1 c. T1

2. Allie determines that the United States’ equivalent to Cristian’s chosen digital circuit is the:

a. E1 b. T1 c. U1

3. One home connection that Allie researches is a high-speed digital communication technology over standard copper telephone wire called:

a. Cable TV b. DSL c. VPN

OBJECTIVE UNDERSTANDING NETWORKING INFRASTRUCTURES 1 .3B


_______ /3

Answers1. In Paris, the point-to-point, dedicated, digital circuit that Cristian finds that meets the 1 Mbps minimum

bandwidth is the: a. E1. The E1 is available through Europe and has a bandwidth of 2.048 Mbps.

2. In the United States, Allie determines that the equivalent digital circuit to the E1 is the: b. T1. The T1 is available through the United States and has a bandwidth of 1.544 Mbps.

3. For home connections, Allie finds a high-speed digital communication technology that operates over standard copper telephone wire, which is called:

b. DSL. DSL and Cable broadband Internet access technologies are popular choices for connecting home or small business systems to the Internet.

Essential details• E1 and E3 are WAN connections available in Europe versus T1 and T3 for the United States.

• DSL and Cable broadband Internet access technologies each have a corresponding modem.

• Dial-up and ISDN have decreased in popularity while DSL and Cable have become more popular.

• Even more WAN technologies exist, such as Frame Relay and ATM (Asynchronous Transfer Mode).

• WAN links need to be optimized for efficient and fast performance.

FAST TRACK HELP

• http://speedtest.emea.microsoftonline.com/



FAST TRACK HELP

Understand wireless networking 69

Always secure a wireless network so that your data stays safe.

Understand wireless networking

SCENARIO: Scott wants to set up a wireless network in his family’s house for Internet connectivity. If he is successful in creating a secure wireless network, his parents will pay for his fi rst semester in IT at college! To ensure his success, Scott enlists his friend Susan, who has already set up a secure wireless network for her family.

Susan takes Scott on a shopping trip to their local electronics store to purchase the necessary equipment of a wireless router which supports the most current wireless networking standards. The family’s desktop system will be wired and their new laptop will use wireless. The family uses DSL for their Internet connection.

After their shopping trip, Susan and Scott start setting up the wireless network. Will Scott succeed and earn a free semester at college?

1. The most current wireless networking standard is: a. 802.11n b. 802.3 c. Bluetooth

2. To provide strong encryption protection without an enterprise authentication server, Scott uses:

a. SSID b. WEP c. WPA-PSK

3. After the wireless network is completed, Scott’s Dad sits on the deck and successfully connects the laptop to the Internet through their new, private, and secure:

a. Gigahertz b. VLAN c. Wi-Fi hotspot



_______ /3

Answers1. The wireless networking standard that is most current is:

a. 802.11n. Two of the popular networking standards being used are 802.11g and 802.11n.

2. Strong encryption protection without an enterprise authentication server is provided through: c. WPA-PSK. WPA-PSK is for personal/small business use; WPA-Enterprise, which uses authentication serv-

ers, is for an enterprise business.

3. On the deck, Scott’s Dad connects his laptop to the Internet through their private and secure: c. Wi-Fi hotspot. Public Wi-Fi hotspots are available in a variety of locations such as coffee shops,

schools, airports, and restaurants.

Essential details• Each of the wireless networking standards has different characteristics, such as speed, distance, frequency,

and so on.

• Connect a WAP (wireless access point) to a wired router to provide connectivity between the wireless devices and wired network.

• WPA (Wi-Fi Protected Access) and WPA2 is more secure than WEP (Wired Equivalent Privacy).

• WP-Enterprise and WP2-Enterprise are used in business environments and work with an 802.1X authentication server.

• The 802.1X authentication method is used in business environments and requires a certificate or smart card for network access.

FAST TRACK HELP

• http://standards.ieee.org/getieee802/802.11.html

• http://windows.microsoft.com/en-US/windows7/Set-up-a-security-key-for-a-wireless-network

• http://windows.microsoft.com/en-US/windows-vista/What-are-the-different-wireless-network-security-methods

FAST TRACK HELP

Understand network topologies and access methods 71

It is important to know the advantages and disadvantages of various topologies.

Understand network topologies and access methods

SCENARIO: During winter break from college, Jack decides to go skiing at Alpine Ski House, a small wilderness resort. He brings his laptop to the resort and fi nds out that wireless Internet connectivity is not available to the skiers. Alpine Ski House has only one desktop computer connected to the Internet.

Jack decides that this would be a great opportunity for him to apply the skills he is learning in class, so he asks to speak with the owner of Alpine Ski House, Molly. She willingly discusses her networking dilemmas with Jack. Should she implement a star or bus network topology? What is a mesh? Does she need a switch? Molly has too many IT questions and not enough answers, so she decides to hire Jack.

Jack starts to design a network solution for Alpine Ski House between his skiing sessions.

1. The topology concerned with how data gets transferred within the network is the: a. logical topology b. mesh topology c. physical topology

2. The topology considered more reliable because all of the nodes are connected to each other is the:

a. bus topology b. mesh topology c. star topology

3. What topology should Jack choose for Molly’s network? a. bus b. ring c. star



_______ /3

Answers1. Within the network, the topology that deals with how data gets transferred is the:

a. logical topology. The logical topology works with the physical topology, which is concerned with how the devices are physically connected together.

2. The topology where all the nodes are connected to each other to form a reliable network is the: b. mesh topology. Mesh topologies contain redundant wiring that provides multiple paths to the same

destination.

3. For Molly’s network at Alpine Ski House, the topology Jack should choose is the: c. star. The star is the one of the most popular topologies implemented today because of its low cost and

ease of installation.

Essential details• Bus topologies were popular along with coaxial cable.

• Mesh topologies are more expensive because of the redundant wiring.

• In star topologies a switch is usually used as the central device along with twisted pair cable.

• Ring topologies are used as backbones for large networks with fiber cable and may contain redundant rings.

• CSMA/CD is similar to a chat room, while CSMA/CA (Collision Avoidance) is similar to a classroom.

FAST TRACK HELP


• http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Intro-to-LAN.html

• http://www.giac.org/resources/whitepaper/network/32.php

FAST TRACK HELP

2 Understanding Network Hardware

IN THIS CHAPTER

■ 2.1A Understand switches

■ 2.1B Understand switches

■ 2.2 Understand routers

■ 2.3A Understand media types

■ 2.3B Understand media types

Understand switches 75

OBJECTIVE UNDERSTANDING NETWORK HARDWARE 2 .1A

A MAC address is also called a physical address and can be viewed with ipconfi g/all.

Understand switches

SCENARIO: Michelle is logged into one of her social networking sites when she receives an urgent text message from her friend Robert. Robert is trying to study for his IT networking class fi nal and has some questions regarding the concepts and needs help. Michelle offers to meet Robert at Fourth Coffee.

While Michelle and Robert are studying at Fourth Coffee, Sidney, the IT Consultant at Fourth Coffee, stops by the table to say hi to Michelle, who is a friend of hers. Michelle tells Sidney that she is helping Robert study for a test. Sidney tells Robert that it is more fun to look at real equipment to learn the concepts and offers them a tour of Fourth Coffee’s IT network.

While on the tour, Sidney starts to quiz Robert about the different networking components. Robert passes Sidney’s test. What about you?

1. A computer’s MAC address is: a. assigned by a Network Administrator b. located on the NIC c. acquired from an ISP (Internet Service Provider)

2. The OSI model is to networking as: a. music is to a Zune b. cookies are to milk c. fashion rules are to fashion

3. A smart Layer 2 device that has an IP address, connects the office computers together, and provides full bandwidth to each port is called a:

a. managed hub b. managed switch c. unmanaged switch

76 CHAPTER 2: Understanding Network Hardware

_______ /3

Answers1. The MAC address for a computer is:

b. located on the NIC. The MAC address is determined by the vendor of the NIC.

2. The OSI model is to networking as:c. fashion rules are to fashion. Just as stripes and solids do not usually match, networking devices

perform certain functions and follow specific rules based on their OSI model layer.

3. A device that provides full bandwidth to each port, connects computers together, has an IP address, and operates at Layer 2 of the OSI model is a:b. managed switch. Switches that are managed contain an IP address.

E ssential details• Know the layers of the ISO’s (International Standards Organization) OSI model.

• Hubs and repeaters are Layer 1 devices, switches and NICs are Layer 2, and routers are Layer 3.

• Switches can create VLANs (Virtual Local Area Networks), which isolate network broadcast traffic.

• Bandwidth is the throughput or the data transfer rate.

• If you have a fast port but a slow cable, the network will operate at the slowest speed, which is the cable’s speed.

FAST TRACK HELP

• http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/connect_employees_and_offices/what_is_a_network_switch/index.html

• http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Intro-to-Internet.html

• http://www.cisco.com/en/US/prod/switches/networking_solutions_products_genericcontent0900aecd806c7afe.pdf

FAST TRACK HELP

Understand switches 77

OBJECTIVE UNDERSTANDING NETWORK HARDWARE 2 .1B

It is important to know the layers of the OSI model and how they operate.

Understand switches

SCENARIO: Joel is working in his college dorm room on a term paper when he loses Internet connectivity. Because his laptop seems fi ne, Joel decides to enlist his friend Scott, who manages the dorm’s network, to help him out.

Joel fi nds Scott and they go to the dorm’s network room to determine what has happened. While in the network room, Joel learns more about how the dorm’s LAN is confi gured. Joel remembers that switches operate at Layer 2 and shares that with Scott. However, Scott informs Joel that there are actually Layer 3 switches, too! Scott also tells Joel that a new switch module is expected next week and hardware redundancy is being added.

After the issue is resolved, Joel returns to his dorm room to work on the term paper. However, he keeps thinking about all he has learned and realizes that IT is both challenging and fun!

1. A Layer 3 switch performs: a. Layer 2 forwarding and Layer 3 switching in hardware b. Layer 2 segmenting and Layer 3 switching in hardware c. Layer 2 switching and Layer 3 forwarding in hardware

2. A switch is to a network as: a. a frame is to a picture b. a portal is to the web c. a case is to a computer

3. A motherboard is to a computer as: a. a backplane is to a switch b. a MAC address is to a switch c. a certificate is to a switch


_______ /3

Answers1. The sophisticated Layer 3 switch performs:

c. Layer 2 switching and Layer 3 forwarding in hardware. This is a very smart device operating at a higher layer!

2. A switch is to a network as:b. a portal is to the web. A switch is a connection point for all local clients just like a portal is a collection

point for different web resources.

3. A motherboard is to a computer as:a. a backplane is to a switch. Modules may be inserted into a switch’s backplane for expansion and

upgrading purposes.

E ssential details• Switches are more than just a connection point for computers in a LAN.

• Choose the right networking device for the specific goal.

• Hardware redundancy provides highly available networks.

• Managed switches provide more options for network support.

• Use VLANs to segment systems from each other, which in turn enhances security.

FAST TRACK HELP

• http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-2/switch_evolution.html

• http://windows.microsoft.com/en-US/windows7/How-do-hubs-switches-routers-and-access-points-differ


FAST TRACK HELP

Understand routers 79

Routers are very smart Layer 3 devices that are used to connect networks together.

OBJECTIVE UNDERSTANDING NETWORK HARDWARE 2 .2

Understand routers

SCENARIO: After setting up his family’s wireless network, Scott decides that he needs to acquire more hands-on experience using routers. Ty, his friend, recommends volunteering at the local Humane Society because he has heard that they have a lot of IT issues.

Scott approaches the Director of the Humane Society, Justin, about volunteering. Justin immediately welcomes Scott to his team! Justin would like Scott to install a network that will connect the fi ve desktop systems that they currently have in the offi ce to a server. Through the network the employees should have Internet access. Plus, he would like to establish a connection to a different Humane Society’s server in a neighboring town so that they can share information. Justin anticipates expansion and would like to plan accordingly.

Scott is thrilled to receive this opportunity and knows he has a lot of studying to do!

1. The Humane Society cannot afford a router but they do have a switch and a Windows Server. What should Scott do?

a. tell Justin that they’ll have to wait until they can afford a router b. use the switch because a Layer 2 device can perform the same functions as a router c. use the switch to connect the desktops and servers and then install routing software

on the server

2. One week later a router is installed and Scott needs to figure out what routes the router knows, so he:

a. accesses the router’s NAT database and views the routes b. accesses the router’s routing table and views the routes c. pings the router and it returns the routes

3. When Scott views the routes he sees that the router is learning new routes because of:

a. dynamic routing b. NAT c. static routing


_______ /3

Answers1. Because the Humane Society has a switch and a Windows Server, Scott should:

c. use the switch to connect the desktops and servers and then install routing software on the server. Through software, Windows Server can act just like a router and perform the same functions.

2. To determine what routes the router knows, Scott:b. accesses the router’s routing table and views the routes. The routing table contains static and

dynamic routes.

3. The router is learning new routes as a result of:a. dynamic routing. The router continuously learns about new routes and routes that are no longer

available.

E ssential details• Routing tables are shared between neighboring routers.

• The router always chooses the best path with the lowest cost from source to destination.

• NAT allows a private address to be translated to a public address for Internet access.

• Computers, routers, and other IP devices need a unique 32-bit IP address and a 32-bit IP subnet mask to communicate in an IP network.

• Computers also need a gateway address, which is the connected router’s IP address.

FAST TRACK HELP

• http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml

• http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/connect_employees_and_offices/what_is_a_network_switch/index.html

• http://technet.microsoft.com/en-us/network/bb545655.aspx

FAST TRACK HELP

Understand media types 81

It is important to know the advantages and disadvantages of the different cable types!

OBJECTIVE UNDERSTANDING NETWORK HARDWARE 2 .3A

Understand media types

SCENARIO: Ever since The School of Fine Art has been actively participating in different social networking sites, their enrollment has been exceeding their building’s capacity! Jon, the CIO, and Brian, the IT Manager, are working through the different options available for wiring the new building they are planning to build in spring and possibly updating the existing building.

Jon is concerned about the planned long distance between the two buildings, interference from different electrical issues the School of Fine Art has been experiencing, and choosing the best media for the their goals.

Brian and Jon discuss the best cabling options available for their new building and start planning the long-term goals for the School of Fine Art.

1. The best media choice for data to travel long distances without the risk of interference is: a. fiber b. thin coax c. unshielded twisted-pair

2. Fiber: a. can only be used for short distances b. is extremely inexpensive c. transmits data in the form of light

3. Any type of undesirable electromagnetic emission or electrical/electronic disturbance is known as:

a. EIGRP b. EMI c. STP


_______ /3

Answers1. The best media choice for data to travel long distances without the risk of interference is:

a. fiber. Fiber is an excellent choice for long distances and it keeps data secure.

2. Fiber: c. Transmits data in the form of light. Data traveling via fiber cable is transferred extremely fast for

long distances.

3. Interference in the form of electromagnetic emission or electrical/electronic disturbance is known as: b. EMI. Interference can alter, modify, and drop data as it is transferred across media.

E ssential details• Fiber has a variety of different type of connectors that connect into switches, routers, and so on.

• Fiber is available in single-mode and multimode.

• Coax is commonly used for TV connections today rather than enterprise network installations.

• UTP is commonly used today in star and extended star topologies because it is inexpensive and easy to install.

• Wireless provides many advantages over traditional cabling choices and therefore continues to increase in popularity.

FAST TRACK HELP

• http://www.ciscopress.com/articles/article.asp?p=31276&seqNum=4

• http://www.youtube.com/watch#!v=PqmFne1gel4&feature=related

• http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_package.html

FAST TRACK HELP

Understand media types 83

The speed and intended distance are critical factors in selecting transmission media.

OBJECTIVE UNDERSTANDING NETWORK HARDWARE 2 .3B

Understand media types

SCENARIO: The School of Fine Art created a project plan to design a network closet for their new building on campus. Jon, the CIO, would like to recruit students from a local community college to assist with this project.

Mary Kay, one of the recruited students, becomes the project leader. The fi rst task assigned to the students will be to choose the appropriate cable type to use for wiring the required classrooms and the backbone of the LAN. The media goals for the cable running to the classrooms include ease of installation, keeping costs low, and being wired. The media goals for the backbone include being fast and being redundant. The backbone cabling will be more expensive and that is incorporated into the budget.

Mary Kay and her team of students are ready for the challenge! Are you ready to join the team?

1. Based on the media goals, the type of cable that should be run to the classrooms is: a. coaxial b. fiber c. UTP

2. Based on the media goals, the type of cable that should be used for the backbone is: a. fiber b. STP c. wireless

3. Jon asks Mary Kay what media she would recommend for the common areas. She replies:

a. “Wireless, because of ease of installation and flexibility.” b. “Fiber, because of its low cost.” c. “Wireless because it is secure by default without any configuration.”


_______ /3

Answers1. Mary Kay and her team analyze the media goals for the classroom and choose:

c. UTP. UTP is the popular choice for a variety of wired installations because it is inexpensive and easy to install.

2. Mary Kay and her team analyze the media goals for the backbone and choose:a. fiber. Fiber is the popular choice for enterprise backbones and may be implemented in dual rings to

provide redundancy.

3. For the type of media to install in the common areas, Mary Kay quickly and easily answers:a. “Wireless, because of ease of installation and flexibility.” Wireless is the preferred choice even

though it will have to be configured to make it more secure.

E ssential details• UTP cables in LANs contain RJ45 connectors.

• Cat 5e and 6 are popular for new UTP installations.

• Because of safety concerns, it is relatively easy to create UTP cables and a lot more difficult to create fiber cables.

• Cables need to be organized efficiently and properly labeled.

• Know and follow the maximum distances for cable runs and even for wireless deployments.

FAST TRACK HELP


• http://www.belden.com/03Products/03_CableBasics.cfm

• http://www.ciscopress.com/articles/article.asp?p=169686

FAST TRACK HELP

3 Understanding Protocols and Services

IN THIS CHAPTER

■ 3.1A Understand the OSI model

■ 3.1B Understand the OSI model

■ 3.2 Understand IPv4

■ 3.3A Understand IPv6

■ 3.3B Understand IPv6

■ 3.4 Understand names resolution

■ 3.5 Understand networking services

■ 3.6 Understand TCP/IP

Understand the OSI model 87

OBJECTIVE UNDERSTANDING PROTOCOLS AND SERVICES 3.1A

Understand the OSI model

SCENARIO: Cassie and her friend Christian have just accepted new jobs at Lucerne Publishing. Cassie will be an IT Networking Technician supporting Microsoft Windows Servers. Christian will be an IT Web Developer working on Lucerne Publishing’s website.

On their fi rst day of work they attended Lucerne Publishing’s new employee orientation to learn all about the company’s policies. Various individuals provided lots of detailed information regarding policies and procedures related to their various departments.

After the orientation Cassie turned to Christian and began talking with him about what they had just learned during their orientation. Christian tells Cassie that the conversation reminds him of when they were in school and she would quiz him on what they had just learned in class. Can you pass Cassie’s quiz on the OSI model?

1. The OSI model contains: a. three layers b. five layers c. seven layers

2. Data is placed onto the physical network medium at the: a. application layer b. network layer c. physical layer

3. OSI is to networking as: a. a text message is to a mobile phone b. a game rule is to football c. a word is to a book

Remember the OSI model’s layers and their order via a mnemonic phrase – All People Seem To Need Daily Praise!

88 CHAPTER 3: Understanding Protocols and Services

_______ /3

Answers1. In the ISO’s OSI model there are:

c. seven layers

2. The layer where data is placed onto the physical network medium is called the:c. physical layer. The Physical layer (Layer 1) puts the data onto the wire at the source computer and then

it is sent to the destination computer.

3. OSI is to networking as:b. a game rule is to football. It is important to follow the standards when networking just like it is

important to follow the game rules when playing football.

Essential details• Know the OSI model’s seven layers and the standards they represent.

• Standards are followed so that computers and devices can speak the same language in order to communicate with each other.

• Each layer communicates with the other layers directly above and below.

• Data is encapsulated or wrapped up at each layer within a different wrapper.

• Protocols are a set of rules that provide guidelines for computer communication.

FAST TRACK HELP



• http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Intro-to-Internet.html

FAST TRACK HELP

Understand the OSI model 89

OBJECTIVE UNDERSTANDING PROTOCOLS AND SERVICES 3.1B

Understand the OSI model

SCENARIO: Cassie is excited as she arrives for her second day on the job at Lucerne Publishing as an IT Network-ing Technician. She will job shadow Holly for a couple of days to learn more about her job responsibilities.

Holly gives Cassie a tour of Lucerne Publishing’s datacenter, which contains all of the Microsoft Windows Servers that Cassie will help support. As they are leaving the datacenter, Brian from the Accounting Department stops Holly to tell her that he has been having a problem connecting to the network. Holly tells Brian that she and Cassie will help solve the problem.

To solve Brian’s problem, Holly and Cassie use tools to gather information about his IP address and then work through the layers of the TCP/IP model to determine why his computer is having networking problems. The prob-lem will be solved quickly with knowledge of the OSI model!

1. The TCP/IP model contains: a. four layers and is not used today b. four layers and follows the standards of the OSI reference model c. seven layers and was created before the OSI model

2. All hosts participating in a TCP/IP network, including Brian’s computer, are assigned:

a. a MAC address b. a port number c. an IP address

3. A packet at Layer 3 becomes: a. a frame at Layer 2 b. a packet at Layer 2 c. a network address

The ipconfi g and ipconfi g/all commands provide information that is useful for troubleshooting networks.


_______ /3

Answers1. The TCP/IP model contains:

b. four layers and follows the standards of the OSI reference model. The TCP/IP model is an actual implementation of the OSI reference model even though it contains fewer layers.

2. All hosts participating in a TCP/IP network, including Brian’s computer, are assigned:c. an IP address. All computers and devices in a TCP/IP network need an IP address, subnet mask, and

default gateway.

3. A Layer 3 packet becomes:a. a frame at Layer 2. Data encapsulation at Layer 3 takes the form of a packet and at Layer 2 turns

into a frame.

Essential details• The TCP/IP model, or the TCP/IP protocol suit, contains four layers and protocols at each layer.

• Different encapsulation types exist at the different layers, such as packets at the Network layer.

• TCP operates at the Transport layer and IP operates at the Network layer.

• All computers and devices participating in a TCP/IP network require an IP address, subnet mask, and default gateway.

• There are a few ports that should be remembered including: 53 (DNS), 80 (HTTP), 25 (SMTP), 110 (POP3).

FAST TRACK HELP


• http://windows.microsoft.com/en-US/windows-vista/Change-TCP-IP-settings

• http://technet.microsoft.com/en-us/sysinternals/bb897557.aspx

FAST TRACK HELP

Understand IPv4 91


IPv4 is still used everywhere even though IPv6 is also available.

OBJECTIVE UNDERSTANDING PROTOCOLS AND SERVICES 3.2

Understand IPv4

SCENARIO: Today is the fi rst day of college classes for Paul and he is looking forward to learning more about networking mobile devices.

Paul has several items on his to-do list before going to his fi rst class. First, he stops by the registration desk to make a quick change to his schedule. The Registrar asks him for his student identifi cation number so that she can process the change. Next, he stops by the bookstore and the cashier asks him for his student identifi cation number so that she can process his book order. Luckily, he fi nds his classroom just in time for the class to begin.

After class, Paul tells his friend Scott that the professor talked about IP version 4 addresses. Scott decides to quiz Paul because Scott has already taken the class and is sure he knows what Paul should have learned today!

1. An IP address is to a computer as: a. a student identification number is to a student b. chocolate is to a chocolate chip cookie c. fur is to a polar bear

2. Characteristics of IPv4 include: a. classes and 32-bit addresses b. classes and 64-bit addresses c. zones and 32-bit addresses

3. A default gateway is also known as: a. an access point b. a switch c. a router


_______ /3

Answers1. An IP address is to a computer as:

a. a student identification number is to a student. An IP address is unique to a computer just like each student has a unique identification number that is different from all of the other students’ identification numbers.

2. IPv4 characteristics include:a. classes and 32-bit addresses. IPv4 contains Class A through E classes and all IP addresses

are 32-bit in length.

3. Another name for a default gateway is:c. a router. The router provides a way for local subnet traffic to exit their subnet and travel to another

network as their final destination.

Essential details• IP addresses contain four octets and each octet contains eight bits.

• Ranges of IP addresses are reserved for private networks.

• A broadcast address is similar to an e-mail distribution list because information that is sent to a specific broadcast address will be sent to all devices on that specific subnet.

• Servers use static addresses; clients use dynamic IP addresses.

• DHCP servers provide IP addresses to clients for a set lease time.

FAST TRACK HELP




FAST TRACK HELP

Understand IPv6 93


An IPv6 address contains eight groups of hexadecimal characters separated by colons. Example: 3ffe:

ffff:0000:2f3b:02aa:00ff:fe28:9c5a!

OBJECTIVE UNDERSTANDING PROTOCOLS AND SERVICES 3.3A

Understand IPv6

SCENARIO: Today is fi nally the day that Randy is going to upgrade his current mobile phone!

When Randy arrives at The Phone Company, which sells almost every phone available, he is approached by sales associate Laura. Laura is eager to help him choose a phone to meet his needs. Randy has some questions regarding the two models he has preselected. Laura does an excellent job in explaining the differences between the two phones. One economy model has a touch screen but does not offer scalability, or expansion, for future needs because it only supports IPv4 addresses. Another model has the best of everything, including a large touch screen and support for both IPv4 and IPv6.

Randy is torn between saving money and having a leading-edge phone. Laura tells him to consider his goals regarding how he will use his phone and how long he intends to keep his phone. If you were Randy, which phone would you choose?

1. IPv4 is to IPv6 as: a. English is to Danish b. Microsoft Windows XP is to Microsoft Windows 7 c. Microsoft Word 2010 is to Microsoft Word 2007

2. If Randy buys the IPv6 phone and uninstalls IPv4 support, he can still communicate with an IPv4 device when he:

a. is connected to a IPv4 default gateway b. is connected to a Dual Stack Architecture network c. converts his IPv6 address to an IPv4 address manually

3. Randy’s new IPv6 phone would have a: a. 32-bit IP address b. 64-bit IP address c. 128-bit IP address


_______ /3

Answers1. IPv4 is to IPv6 as:

b. Microsoft Windows XP is to Microsoft Windows 7. Because businesses are moving to Windows 7, it is becoming the new standard, similar to the way businesses are migrating to IPv6.

2. IPv4 devices and Randy’s IPv6 phone may still communicate with each other when Randy:b. is connected to a Dual Stack Architecture network. A network environment that is running both

IPv4 and IPv6 simultaneously will provide communication between the two standards.

3. The new IPv6 phone that Randy may buy would have a:c. 128-bit IP address. IPv4 addresses are 32 bits and IPv6 addresses are 128 bits.

Essential details• IPv4 addresses contain the numbers 0-255 and IPv6 addresses contain hexadecimal characters.

• Hexadecimal characters include the numbers 0-9 and letters A-F.

• IPv6 is becoming the new standard.

• Windows provides support for both IPv4 and IPv6 through the Dual Stack Architecture.

• Teredo, ISATAP, and 6to4 are tunneling technologies that provide transitional and backward compatibility between IPv6 and IPv4 networks.

FAST TRACK HELP


• http://windows.microsoft.com/en-US/windows-vista/IPv6-frequently-asked-questions

• http://technet.microsoft.com/en-us/network/cc917486.aspx

FAST TRACK HELP

Understand IPv6 95

OBJECTIVE UNDERSTANDING PROTOCOLS AND SERVICES 3.3B

Understand IPv6

SCENARIO: Classes are fi nished for the semester and winter break has begun. Next semester all classes will use e-books, so Doug has decided to sell his current physical books to make a little extra money to buy great holiday gifts for his family and friends. Doug chooses to sell his books through Lucerne Publishing’s new website. He registers on the website, lists his books, and is ecstatic that one of the books sells immediately.

After receiving the shipping details and packaging the book, it occurs to him that the process of addressing and packaging the book is similar to the way IP packets are structured and encapsulated. The book is encapsulated into an envelope and the envelope contains both his return address and the address for its fi nal destination—just like an IP packet contains a source and destination address!

1. At the Networking Layer, in an IPv6 network, data is encapsulated into an IPv6: a. envelope b. header c. packet

2. An IPv6 subnet mask is written in: a. decimal b. hexadecimal c. octal

3. Subnet masks are to an IP address as a: a. keyboard is to a computer b. website is to a link c. zip code is to a postal address

Ipconfi g displays both IPv4 and IPv6 addresses.


_______ /3

Answers1. In an IPv6 network, at the networking layer, data is encapsulated into an IPv6:

c. packet

2. A subnet mask for IPv6 is written in :b. hexadecimal. IPv6 subnet masks are written in hexadecimal; IPv4 subnet masks are in decimal.

3. Subnet masks are to an IP address as a: c. zip code is to a postal address. A zip code determines the city and state a package is to be

delivered to, which is similar to performing a bitwise AND operation of the subnet mask and IP address to determine the subnet of the IP address.

Essential details• IPv4 and IPv6 packets both contain the source and destination IP addresses that are used by the router to

route the packet.

• IPv6 addresses contain a dedicated subnetting portion.

• Identify the subnet that an IP address belongs to in a network by performing a bitwise AND operation of the subnet mask and IP address.

• The loopback address for IPv4 is 127.0.0.1 and for IPv6 is 0:0:0:0:0:0:0:1 or ::1 (compressed format).

FAST TRACK HELP

• http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html

• http://msdn.microsoft.com/en-us/library/aa915659.aspx

• http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/config-guide-routing/id-10122335.html

FAST TRACK HELP

Understand names resolution 97


Understand names resolution

SCENARIO: Laura Steele is packing for her big trip to Australia. Her IT Internship class is travelling to Australia to study IT best practices in a different country. She is looking forward to the adventure and to expanding her knowledge. She knows that her career could take her any place in the world!

At the airport, Laura and her classmates check in at the Blue Yonder Airlines ticket counter. The ticket agent asks Laura her name and she tells the agent that her full name is Laura Steele Polly. Next, the ticket agent asks Laura for her driver’s license number and Laura provides it to the ticket agent. The names and license number indicate that both refer to the same individual. Finally, after the ticket agent is fully satisfi ed that “Laura Steele” is really “Laura Steele Polly,” Laura is given her boarding pass.

After receiving their boarding passes the students stand in the security line. While waiting for their turn, the students talk about the ticket check-in procedures. Laura Steele shares with her classmates that the check-in procedure reminds her of name resolution. Is it similar?

1. A domain name is to an IP address as: a. a kangaroo is to Australia b. Laura Steele’s name is to her driver’s license number c. Laura Steele’s student identification number is to her name

2. When Laura Steele browses the Web on her mobile phone and types in http://www.microsoft.com and presses Enter:

a. the domain name Microsoft.com is resolved to an IP address b. the IP address is a calculated address based on the domain name c. WINS checks the local LMHOSTS file and determines the MAC address

of the domain name

3. The server that translates domain names to their corresponding IP addresses is called a:

a. DHCP server b. DNS server c. WINS server

It is usually easier to remember domain names and more diffi cult to remember IP addresses.


_______ /3

Answers1. A domain name is to an IP address as:

b. Laura Steele’s name is to her driver’s license number. Both resolve a name to a number and identify the same location or person.

2. On her mobile phone, when Laura Steele types in http://www.microsoft.com and presses Enter:a. the domain name microsoft.com is resolved to an IP address. The domain name microsoft.com will

be translated by a DNS server to its respective IP address.

3. Domain names are resolved to their corresponding IP addresses by the:b. DNS server. DHCP servers provide dynamic IP addresses to clients, DNS servers resolve domain names

to IP addresses, and WINS servers map computer NetBIOS names to IP addresses.

Essential details• WINS servers resolve NetBIOS names to IP addresses and assist in reducing NetBIOS traffic on subnets.

• DNS servers resolve domain names to IP addresses.

• DNS servers are part of the Internet’s infrastructure.

• DNS servers are also used in both enterprise and small business networks.

• Different DNS record types exist on a DNS server.

FAST TRACK HELP




FAST TRACK HELP

Understand networking services 99


Understand networking services

SCENARIO: Fourth Coffee’s business continues to grow. Josh, Fourth Coffee’s owner, has decided to expand to California. Sidney, his IT consultant, will travel to Santa Clara, California and set up a remote wireless network that will be connected to Fourth Coffee headquarters in Seattle, Washington. Sidney will confi gure the wireless router to act as a DHCP server. There will be an onsite fi le server which will provide access to local resources, as well as provide DNS services. In addition, Josh would like to be able to access the network remotely so that he can keep up with business while on the road.

As Sidney leaves Fourth Coffee to catch her fl ight home, Josh stops her and asks how IPsec could be used in their network infrastructure. Sidney laughs and asks Josh if he has been busy reading his latest computer magazine online. He smiles and wishes her a safe trip.

1. The DHCP server will provide a: a. dynamic IP addresses to the clients b. static IP addresses to the clients c. static IP addresses to the servers

2. A Remote Access Server is to a client as a: a. lion is to Africa b. locked car door is to a car c. pixel is to a digital camera

3. Regarding Josh’s question, IPsec is: a. a protocol suite used for securing IP communications b. used to assign static and dynamic IPv6 address to clients c. used to provide security to IPv6 addresses

When a system boots up it requests an IP address from a DHCP server through the DORA (Discover, Offer, Request, Acknowledge) process


_______ /3

Answers1. Servers that offer DHCP services provide a:

a. dynamic IP address to the clients. Dynamic IP addresses are assigned to clients and can change when a lease is renewed. Static IP addresses are assigned to a server so they retain the same address and can be easily located.

2. A Remote Access Server is to a client as a: b. locked car door is to a car. A Remote Access Server (RAS) is protected by a firewalls, and if a client

is authenticated the client will be able to access the RAS’s services just like a key will allow a driver to access a car.

3. To answer Josh’s question, IPsec is : a. a protocol suite used for securing IP communications. IPsec consists of open standards and uses

cryptographic security services.

Essential details• Clients are generally assigned dynamic address.

• Servers are assigned static address so that they may be easily located on a network.

• DHCP servers assign dynamic addresses to clients.

• Remote Access Servers, also known as Communication Servers, provide access to remote network resources.

• IPsec, created by IETF (Internet Engineering Task Force), secures IP communications through secure authentication and encryption.

FAST TRACK HELP




FAST TRACK HELP

Understand TCP/IP 101


Understand TCP/IP

SCENARIO: Sara just received an interesting e-mail from Andrew. Sara met Andrew a year ago in her fi rst networking class at Maple College and ever since then they have been spending a lot of time together studying. However, now things have changed and Andrew has just asked her out on a real date!

She immediately replies to the e-mail and says, “Yes!” Immediately after hitting “send,” Sara receives an e-mail indicating that her reply e-mail to Andrew was not delivered. Sara reaches for her mobile phone and begins texting Andrew when it dawns on her that she might possibly fi x this computer problem—or at least determine what might have gone wrong.

Will she be able to resolve the problem so that she can go on a date with Andrew? Can you help her?

1. Sara first decides to use the pathping tool because it: a. acts as a terminal emulation program that will automatically troubleshoot the issue b. determines the degree of packet loss along the path the data is traveling c. shows the route that is taken by the packet as it moves across the IP network

2. Next Sara tries to see if she can reach the default gateway by using the… a. netstat tool b. ping tool c. loopback address

3. Based on the results, Sara decides that she needs to refresh her DHCP settings by using the:

a. telnet tool b. ipconfig tool c. local loopback IP

Using the analytical tools in the most effi cient order will save time.


_______ /3

Answers1. The pathping tool that Sara used:

b. determines the degree of packet loss along the path the data is traveling. This is a useful tool; however, Sara could have saved time by first checking her computer’s connectivity to the default gateway.

2. To see whether her computer can reach the default gateway she used the:b. ping tool. Depending upon the issue, the ping tool is usually one of the first tools used during

troubleshooting.

3. To refresh her DHCP settings, Sara used the:b. ipconfig tool. The ipconfig/release will release Sara’s current IP address and the ipconfig/renew will

give her computer a new IP address.

Essential details• To check connectivity, first ping your loopback address (127.0.0.1), then ping your computer’s IP address, then

ping your default gateway, and finally ping the remote host.

• Ping contains different options for IPv4 and IPv6.

• Ipconfig/all displays lots of useful information, including DNS servers.

• Tracert traces the route a packet takes from the source to destination.

• Telnet logs into a router or computer.

FAST TRACK HELP


• http://windows.microsoft.com/en-US/windows7/Using-command-line-tools-for-networking-information

• http://www.cisco.com/en/US/tech/tk828/technologies_tech_note09186a00800a61c7.shtml

FAST TRACK HELP

MTA 98-367

SECURITY FUNDAMENTALS

1 Understanding Security Layers

IN THIS CHAPTER

■ 1.1 Understand core security principles

■ 1.2 Understand physical security

■ 1.3 Understand Internet security

■ 1.4 Understand wireless security

107

Understand core security principles

SCENARIO: Blue Yonder Airlines has expanded over the past 18 months and has recently gone through a security audit to ensure that the technical system is secure. Several areas needing improvement were identifi ed. The CIO has asked Toni Poe, Blue Yonder Airlines’ security consultant, to provide some essential security training for the front-line staff. The goal is to minimize the risk for potential security threats by educating staff members in the area of social engineering, as well as some basic security principles.

Toni has assessed the security rights of each staff member related to computer access and perimeter access. Toni notes that some staff members have elevated privileges to access Blue Yonder Airlines intranet site. He also knows that it is important to stress the Confi dentiality, Integrity, and Availability triangle in his training.

1. Toni plans to implement the principle of least privilege. How will this affect the staff members? a. staff members will maintain their current access to all resources b. staff members will be granted the smallest set of privileges to the resources c. staff members will have to log on as administrator to have access to their resources

2. What would be an example of providing availability as it relates to security training? a. making sure all the workstations are turned on b. ensuring that all staff members have perfect attendance for work c. protecting against a Distributed Denial of Services attack

3. What is an example of social engineering? a. calling a staff member while pretending to be someone else to gain information

that can provide access to sensitive information b. developing social awareness of security threats within an organization c. building a social networking website

OBJECTIVE UNDERSTANDING SECURIT Y LAYERS 1 .1

Social engineering is not related to social networking. The ultimate goal of a hacker is to obtain as much information by exploiting the human

side of security.

Understand core security principles 107

108 CHAPTER 1: Understanding Security Layers

Answers1. Implementing the principle of least privilege means that:

b. staff members will be granted the smallest set of privileges to the resources

2. Providing availability as it relates to security training means: c. protecting against a Distributed Denial of Services attack

3. An example of social engineering could include: a. calling a staff member while pretending to be someone else to gain information that can

provide access to sensitive information

Essential details• The CIA (confidentiality, Integrity and Availability) Triangle is the concept of ensuring the prevention

of unauthorized disclosure of information, the erroneous modification of information, and the prevention of unauthorized withholding of information or resources.

• The principle of least privilege requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks.

• Social engineering is any type of behavior that can inadvertently or deliberately aid an attacker in gaining access to a user’s password or other sensitive information.

FAST TRACK HELP


FAST TRACK HELP

_______ /3

Understand physical security 109


Understand physical security

SCENARIO: Erin Hagens has just been promoted to security offi cer for Woodgrove Bank. This position carries huge responsibility for the safety of the customer’s money and information, not to mention the bank’s reputation. This role necessitates that she keep current on a long list of requirements for securing Woodgrove Bank. A banking industry regulatory agency has informed Erin that the bank will undergo a security audit to ensure that they are in compliance with industry regulations and standards. Erin understands the request and must do her due diligence to provide whatever information the regulators need as they target potential security holes. Her biggest concern is the physical security of the bank’s systems.

1. What can Erin do to ensure physical security of the bank desktop computers? a. disable the use of floppy drives or USB drives by using group policies b. have a guard posted in every cubical area c. obtain locking mechanisms for each desktop so they cannot be carried away

2. Erin has a concern that people can authenticate to the servers in the data center. What can she do to prevent normal users from logging onto those systems?

a. make sure the server is locked up b. remove the keyboards from all servers c. create a group policy that applies to the servers to Deny Log on Locally

for all non-administrative users

3. What can Erin do to prevent the use of key loggers in the bank? a. ensure that the terminals are locked and do a periodic inspection of the ports

on the systems b. nothing—Erin cannot control what gets plugged into her computers c. convert all computers to touch screen monitors

It may not be fi nancially feasible or physically possible for the bank to convert all systems to touch screens.


Answers1. To ensure physical security of desktop computers, Erin can:

a. disable the use of floppy drives or USB drives by using group policies. Most computers do have a mechanism to attach a locking device to the desktops, however, disabling USB and floppy drives disables a larger threat.

2. To prevent normal users from logging onto the systems, Erin can: c. create a group policy that applies to the servers to Deny Log on Locally for all

non-administrative users. A bigger issue is people are in the data center with physical access. However, normal users should not have the ability to log on locally.

3. To prevent the use of key loggers in the bank, Erin will have to: a. ensure that the terminals are locked and do a periodic inspection of the ports on the systems

Essential details• Keystroke logging (often called key logging) is the process of recording the keys typed on a keyboard,

typically without the users’ knowledge.

• Access controls are the mechanisms for limiting access to certain items of information or to certain controls based on users’ identities and their membership in various predefined security groups..

FAST TRACK HELP


• http://www.microsoft.com/smallbusiness/security.aspx

FAST TRACK HELP

_______ /3

Understand Internet security 111


Understand Internet security

SCENARIO: Terry Adams is the desktop administrator for Tailspin Toys. To stay current with the latest Internet technologies, Tailspin Toys has decided to upgrade their browsers to Internet Explorer (IE) 8. Terry wants to make sure that they utilize many of the security features built into the browser while still maintaining functionality within the company’s intranet. Terry also would like to educate his users to be good “Internet citizens” and practice safe web surfi ng. He knows that the fi rst line of defense in Internet security is an informed and skilled user.

1. Terry wants to configure the Internet zone feature in IE 8 in such a way that users can easily access content on the local intranet while still maintaining a high level of security. What should he do?

a. create a perimeter network and make sure the intranet site is located there and have a single PC in each department designated the Intranet Browsing PC (IBPC)

b. go into the Internet Options, choose Security and add their intranet site to the list of Local Intranet Sites c. print the content of the intranet site weekly and distribute it through interoffice mail

2. What can Terry tell his staff to look for to be assured that they are on a secured website? a. a padlock in the lower right corner of the browser and https:// in the address bar b. the contact information on the site c. they should not be browsing secure sites because you can’t trust any site

3. What is the security level set to in the Restricted Sites zone? a. low; the sites are restricted and therefore not a concern b. high; disables most features, has the maximum safeguards, and protects

against harmful content c. medium; a nice balance between too restrictive and too open

The default level in the restricted sites zone is set to High.


Answers1. To configure the Internet zone feature in IE 8 and enable users to easily browse the local intranet, Terry

should: b. go into the Internet Options, choose Security and add their intranet site to the list of Local

Intranet Sites

2. To be sure that they are on a secure site, staff members can look for a: a. a padlock in the lower right corner of the browser and https:// in the address bar. This does not

guarantee that the site is secure. However, it is a start.

3. The security level in the Restricted Sites zone is: b. high; disables most features, has the maximum safeguards, and protects against harmful

content

Essential details• An Internet zone contains websites that are not on your computer or on your local intranet, or that are not

already assigned to another zone. The default security level is Medium.

• A secure site is a website with the capability of providing secure transactions, ensuring that credit card numbers and other personal information will not be accessible to unauthorized parties..

FAST TRACK HELP


FAST TRACK HELP

_______ /3

Understand wireless security 113


Understand wireless security

SCENARIO: Pilar Ackerman is the systems administrator for Fourth Coffee—a national chain of very popular and profi table coffee cafés. Competition in the coffee café business is fi erce! To maintain a competitive edge, Fourth Coffee plans to add open, high-speed, wireless access for their customers and secured wireless for employees at all 200 Fourth Coffee locations. Pilar is faced with several security concerns and must ensure that their business traffi c is secured. In addition to that, he is under pressure to make this new feature a winning strategy.

1. What is the most secure protocol that Pilar can implement to ensure that the business-related traffic is encrypted?

a. Wired Equivalent Privacy (WEP) b. WiFi Protected Access (WPA) 2 c. Extensible Authentication Protocol (EAP)

2. Aside from encrypting the business wireless traffic, what else can Pilar do to add another level of security?

a. implement access point isolation and hide the Service Set Identifier (SSID) b. turn off the business access points when customers come in c. enable MAC filtering

3. Pilar would like his employees to be independent in troubleshooting their own wireless connections before contacting him. What basic troubleshooting step that he can instruct them to do?

a. reboot their computers b. power cycle the wireless access points c. right-click the network icon in the system tray and select Troubleshoot Problems

Power cycling the access point would disconnect other users from the network.


Answers1. The most secure protocol that Pilar can implement to ensure that the business-related traffic is encrypted is:

b. WiFi Protected Access (WPA) 2. EAP is a feature of security that handles authentication and WPA is more secure than WEP.

2. Pilar can add another level of security by: a. implementing access point isolation and hiding the Service Set Identifier (SSID). MAC filtering

is an option; however, MAC addresses can be “faked” or “spoofed.” Hiding the SSID is a simple security measure that can be implemented.

3. Pilar can instruct the staff to troubleshoot by: c. right-click the network icon in the system tray and selecting Troubleshoot Problems

Essential details• A Service set identifier (SSID) is a 32-character, unique identifier attached to the header of packets sent

over a WLAN that acts as a password when a mobile device tries to connect to the communicating stations on a wireless LAN.

• Wi-Fi protected access (WPA) is a Wi-Fi standard that was designed to improve upon the security features of WEP.

• Wired equivalent privacy (WEP) is an encryption algorithm system included as part of the 802.11 standard, developed by the Institute of Electrical and Electronics Engineers as a security measure to protect wireless LANs from casual eavesdropping.

FAST TRACK HELP

• http://technet.microsoft.com/en-us/magazine/2005.11.securitywatch.aspx

• http://windows.microsoft.com/en-US/windows-vista/What-are-the-different-wireless-network-security-methods

• http://www.windowsnetworking.com/articles_tutorials/Securing-Wireless-Network-Traffic-Part1.html

FAST TRACK HELP

neerss

_______ /3

2 Understanding Operating System SecurityIN THIS CHAPTER

■ 2.1A Understand user authentication

■ 2.1B Understand user authentication

■ 2.2 Understand permissions

■ 2.3 Understand password policies

■ 2.4 Understand audit policies

■ 2.5A Understand encryption

■ 2.5B Understand encryption

■ 2.6 Understand malware

BETA COURSEWARE EXPIRES NOVEMBER 26, 2010

Understand user authentication

SCENARIO: Jim Hance is a security administrator for Coho Winery. A variety of security threats have occurred over the past few months and management is more than a little concerned. They cannot afford to have the system jeopardized; their customers expect a reliable and secure site. Jim is reviewing the security policies for Coho Winery to determine where the company may need stronger policies or at least to update the existing policies and security measures. His fi rst task is determining the company’s strengths as it relates to user authentication.

1. Jim knows that stronger passwords are a critical element in the security plan. What characteristics make up a strong password?

a. contains 7+ characters; does not contain the user name, real name, or company name b. contains sequential numbers embedded within the company name c. contains the user’s last name and email address

2. What protocol can be used to secure workstation and computer authentication across the network? a. TCP/IP b. Kerberos c. Lightweight Directory Access Protocol

3. What strategy can Jim implement to reduce the number of times a user would have to authenticate to access a particular resource?

a. two-factor authentication b. digital certificates c. Single Sign-on (SSO)

Understand user authentication 117

OBJECTIVE UNDERSTANDING OPERATING SYSTEM SECURIT Y 2 .1A

Reducing the number of times a user has to authenticate can reduce the possibilities of his or her credentials being

captured.

118 CHAPTER 2: Understanding Operating System Security

Answers1. A strong password:

a. contains 7+ characters; does not contain the user name, real name, or company name

2. To secure workstation and computer authentication across the network, Jim can use: b. Kerberos

3. To reduce the number of times a user would have to authenticate to access a particular resource, Jim can implement:

c. Single Sign-on (SSO)

Essential details• Authentication is the process of obtaining identification credentials such as name and password from a user

and validating those credentials against some authority.

• Kerberos authenticates the identity of users attempting to log on to a network and encrypts their communications through secret-key cryptography.

• Lightweight directory access protocol (LDAP) is a network protocol designed to work on TCP/IP stacks to extract information from a hierarchical directory such as X.500.

• Remote authentication dial-in user service (RADIUS) is an Internet protocol in which an authentication server provides authorization and authentication information to a network server to which a user is attempting to link.

FAST TRACK HELP

• http://www.microsoft.com/windowsserver2008/en/us/ad-main.asp

• http://web.mit.edu/Kerberos/#what_is



Understand user authentication 119

OBJECTIVE UNDERSTANDING OPERATING SYSTEM SECURIT Y 2 .1B

Understand user authentication

SCENARIO: The Graphic Design Institute (GDI) has more than 30,000 students. The security of the students’ personal information, including fi nancial data, address, family contacts, special health needs, and grades, is the top priority of the network administrative team. However, over the past few months student data has been compromised on several occasions. Personal data has shown up on a social networking site, much to the embarrassment of the network team. GDI offi cers have asked the network administrator, Todd Rowe, to implement stronger authentication measures for the students, as well as eliminate IT staff from logging on with elevated privileges. Todd has several options, but is aware of the need to keep the processes fairly easy for the helpdesk staff.

1. Todd wants to implement two-factor authentications. What can he use? a. smart card and user password b. two passwords c. two user IDs with two passwords

2. What service can the GDI staff use instead of signing in with elevate privileges? a. Remote Desktop b. Secondary Logon-Run As c. User Manager for Domains

3. What is a disadvantage of using biometric identification? a. the user must have hands b. cost is prohibitive for many organizations c. a retina scan can be faked

Biometric identifi cation is extremely secure; however, the devices to support biometrics are cost-prohibitive.


Answers1. To implement two-factor authentications, Todd can use:

a. smart card and user password

2. Instead of signing in with elevated privileges, the staff can use:b. Secondary Logon-Run As

3. A disadvantage of biometric identification is:b. cost is prohibitive for many organizations

Essential details• A certificate is an electronic credential that authenticates a user on the Internet and intranets.

• Public key infrastructure (PKI) is an asymmetric scheme that uses a pair of keys for encryption: the public key encrypts data, and a corresponding secret key decrypts it.

• The Run As command allows a user to run specific tools and programs with different permissions than the user’s current logon provides.

• Steps to change your password:• Press <control><alt><delete> and select Change Password

• Steps to use Secondary Logon or Run As. . .• Right-click the application icon and select Run As Administrator

FAST TRACK HELP



• http://technet.microsoft.com/en-us/library/cc261673(office.12).aspx


Understand permissions 121

OBJECTIVE UNDERSTANDING OPERATING SYSTEM SECURIT Y 2 .2

Understand permissions

SCENARIO: Fabrikam, Inc. has recently under gone a basic reorganization and a variety of corporate changes. Shawn Richardson is the network administrator at Fabrikam and has been assigned the task of aligning the company servers with the new organizational reality. As a fi rst step, Shawn has completed a security audit of the company’s Microsoft® Windows Server® 2008 R2 fi le servers and has determined that folder and share security needs to be revised based on corporate reorganization. Shawn must present his plan to management and give directions to his team members to complete the project.

1. Shawn has noticed that some shares on the file system are not secured. What is the default permission setting when a share is created?

a. everyone with Read permission b. administrators with the Full Control permission c. everybody with the Full Control permission

2. Why should Shawn enforce User Account Control (UAC) across the domain? a. so that he can control the user accounts b. to help prevent unauthorized changes to computers on the domain c. to allow the users to authenticate with the administrator password to perform

an administrative task

3. What feature (also available with Active Directory objects) will make Shawn’s job easier when reassigning permissions by not having to assign permissions to every parent and child folder?

a. batch files b. inheritance c. staff people

Inheritance allows the propagation for rights or permissions from a parent object to a child object. This

feature can be blocked or removed.


Answers

1. When a share is created, the default permission is:a. everyone with Read permission

2. Shawn should enforce User Account Control (UAC) across the domain because: b. it will help prevent unauthorized changes to computers on the domain

3. Shawn’s job can be made easier when reassigning permissions by using:b. inheritance

Essential details• Permissions include Full control, Modify, Read & Execute, List folder Contents, Read, and Write and can be

applied to both folder and file objects. Permissions can also be applied to Active Directory objects.

• Inheritance is the concept of permissions that are propagated to an object from a parent object. Inheritance is found in both file system permissions and Active Directory permissions. It does not apply to share permissions.

• New Technology File System (NTFS), FAT, and FAT32. The primary difference between NTFS and FAT file systems is the ability apply security to the file system. You can grant or deny various permissions on NTFS. NTFS also supports the ability to encrypt data.

• Share and NTFS permissions are applied based on how the resource is accessed. Share permissions are effective when the resource is being accessed through the network whereas NTFS permissions are effective all the time. When share andNTFS permissions are applying to the same resource, the most restrictivepermission wins.

FAST TRACK HELP




FAST TRACK HELP

_______ /3

Understand password policies 123


Understand password policies

SCENARIO: Jay Hamlin has been given the unenviable task of enforcing stronger password policies for Wingtip Toys. He understands the need for complex passwords of a minimum length, but is having a diffi cult time making the staff understand how the security of the entire Wingtip Toys organization can depend upon these couple requirements along with a few more that he plans to put into place. He must also determine how many times a user can attempt to log in before his or her account is locked out, how often users must change passwords, and how often users can reuse a favorite password.

His plan for a Password Complexity Policy includes the following criteria for passwords: • Cannot contain the user’s login name

• Must be at least 6 characters or greater

• Must contain three of the following four characters: upper case, lower case, number, and special character

1. What dilemma is Jay facing if he makes his password requirements too difficult? a. a complex password can be hard to guess and difficult to remember b. Jay will no longer have friends at work c. users will not use the passwords

2. What does the policy of maximum password age mean? a. determines how old the user must be to create a password b. refers to the duration before a password has to be changed c. refers to how old the password must be before the user is allowed to change it

3. What happens when you set the value of Enforce Password History to 10? a. the user has 10 attempts to validate his or her password b. the password must be used for at least 10 days before it can be changed c. the system remembers the last 10 passwords and will not allow the user to reuse

any of the previous 10

Password history prevents users from reusing their passwords.


Answers1. The dilemma Jay faces with difficult password requirements is that:

a. a complex password can be hard to guess and difficult to remember

2. Maximum password age:b. refers to the duration before a password has to be changed

3. When you set the value of Enforce Password History to 10:c. the system remembers the last 10 passwords and will not allow the user to reuse any

of the previous 10

E ssential details• Account lockout is a security feature in Windows that locks a user account if a number of failed logon

attempts occur within a specified amount of time, based on security policy lockout settings.

• A password attack is an attack on a computer or network in which a password is stolen and decrypted or is revealed by a password dictionary program.

• Password sniffing is a technique employed by hackers to capture passwords by intercepting data packets and searching them for passwords.

• Microsoft Windows Server 2008 allows for fine-grained password policies, which allows for more flexible password policy assignment throughout an organization within Active Directory®.

FAST TRACK HELP


• http://technet.microsoft.com/en-us/library/cc875814.asp


Understand audit policies 125


Understand audit policies

SCENARIO: The network for Margie’s Travel must be very secure. The fi les contain customer information including credit card numbers, birthdates, and addresses, as well as photocopies of passports. Identity theft would be a real possibility if the system was hacked into. Obviously, this is not an acceptable risk for Margie’s Travel.

Arlene Huff is the systems administrator for Margie’s Travel. The company has asked her to track who attempts to log into the system and at what times of the day the attempts occur. They also have asked her to create a system to track when confi dential fi les are opened and by whom. Arlene gladly took on this task and did not raise a huff.

1. Arlene wants to log when someone fails to log into the system as administrator, but why would she want to log when they are successful also?

a. to determine if and when someone is authenticating successfully with elevated privileges b. to make sure they are getting in without any problems c. to monitor drive space on the computer

2. Where are file audit events written when auditing is enabled? a. audit event log b. pfirewall.log c. security event log

3. Why is it important to properly secure audit logs? a. so that potential hackers cannot delete the event logs to cover their tracks b. it’s not important, no one looks at audit logs c. so only authorized personnel can view the log files

Skilled computer hackers will modify the audit logs when they are fi nished obtaining information so that it will appear as though they

were never there.


Answers1. Arlene wants to log when someone successfully logs into the system as well as when they fail:

a. to determine if and when someone is authenticating successfully with elevated privileges. If someone failed four times and was then successful the fifth time it could indicate hacker activity.

2. Enabled file auditing events are written in the: c. security event log

3. It important to properly secure audit logs a. so that potential hackers cannot delete the event logs to cover their tracks

Essential details• Auditing is the process an operating system uses to detect and record security-related events, such as an

attempt to create, access, or delete objects such as files and directories.

• An audit policy is a policy that determines the security events to be reported to the network administrator.

• The security log, which can be generated by a firewall or other security device, lists events that could affect security, such as access attempts or commands, and the names of the users involved.

FAST TRACK HELP



FAST TRACK HELP

_______ /3

Understand encryption 127

OBJECTIVE UNDERSTANDING OPERATING SYSTEM SECURIT Y 2 .5A

Understand encryption

SCENARIO: Adventure Works has recently expanded its mobile sales force. The management team has recently come to recognize the unique security considerations associated with hundreds of laptop computers simultaneously located in hundreds of unsecure locations.

David Johnson is the network administrator in charge of the Adventure Works mobile sales force. He has recently come under fi re from the management team regarding the sensitive data that could potentially fall into the competition’s hands if any of the laptop computers were to be stolen or misplaced. They must have a solution that can ensure the confi dentiality of data on the mobile stations that are all running Windows® 7 Enterprise—and they need it soon!

1. What can David enable to make sure their data is safe? a. Encrypting File System (EFS) b. password protected screen saver c. BitLocker

2. What must be configured to ensure that the Bitlocker® storage can be reclaimed? a. the salesperson’s personal identification and login credentials b. BitLocker to use data recovery agents c. the Secret Retrieval Agent

3. What are some considerations David will have to ponder when deciding to use BitLocker?

a. the conscientiousness and self-discipline of the sales staff b. the deployment of hardware because BitLocker requires a system reserved partition c. it’s so easy that there aren’t any serious considerations

Bitlocker requires a system-reserved partition created during a standard installation.


Answers1. To make sure the data is safe, David must enable:

c. BitLocker

2. To ensure that the secured data can be reclaimed in the event that Bitlocker protected storage is moved to another computer, the administrator must create and properly store:

b. BitLocker to use data recovery agents3. When using BitLocker, the administrator must consider:

b. the deployment of hardware because BitLocker requires a system reserved partition

Essential details• BitLocker (ToGo) drive encryption is a data-protection feature available in Windows Server 2008 R2 and

in some editions of Windows 7.

• Encrypting file system (EFS) is a feature of Windows that allows you to store information on your hard disk in an encrypted format.

• Encryption is the process of encoding data to prevent unauthorized access, especially during transmission.

FAST TRACK HELP

• http://technet.microsoft.com/en-us/windows/dd408739.aspx


• http://technet.microsoft.com/en-us/library/ee706523(WS.10).aspx


FAST TRACK HELP

_______ /3

Understand encryption 129

OBJECTIVE UNDERSTANDING OPERATING SYSTEM SECURIT Y 2 .5B

Understand encryption

SCENARIO: The owner of Southridge Video takes great pride in the close relationship that she has with the managers in the various branch offi ces up and down the coast. Weekly communication is the key to maintaining the relationships and keeping on top of business progress and challenges.

The owner and managers would like to replace their Monday morning conference call with a secure Monday morning video conference between corporate headquarters and the various branch offi ces. They have asked the WAN administrator, Jeff Wang, to create a cost-effective solution. The solution must work between the remote branch offi ces, so having a dedicated connection between offi ces is too expensive. The best solution is to utilize each offi ce’s Internet connection.

1. What will create a secured connection over an unsecured network? a. Virtual Private Network (VPN) b. configuring the callback feature on their Routing and Remote Access Server c. using a social networking site to have the conference meetings

2. Jeff needs to decide between Point to Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP). Which protocol is more secure?

a. PPTP b. L2TP c. neither, they both pass information in clear text

3. What is a public certificate? a. an award given in recognition of superior business security policies b. part of a two-part encryption that is not shared with other parties c. a digitally signed statement that is commonly used for authentication and to secure

information on open networkssecure

A private key certifi cate is a portion of two-part encryption that resides with the originating computer and is not shared.


Answers1. A secured connection over an unsecured network can be created with a:

a. Virtual Private Network (VPN)

2. The more secure protocol is:b. L2TP. PPTP uses MPPE for security, which is less secure than L2TP, which uses IPsec as its encryption

method.

3. A public certificate is:c. a digitally signed statement that is commonly used for authentication and to secure

information on open networks

Essential details• Layer 2 tunneling protocol with Internet protocol security (L2TP/IPSec) is a combination of PPTP and

Layer 2 Forwarding (L2F) that uses IPsec for encryption.

• The user keeps the private key secret and uses it to encrypt digital signatures and to decrypt received messages.

• The user releases the public key to the public, who can use it for encrypting messages to be sent to the user and for decrypting the user’s digital signature.

• A virtual private network (VPN) is a secured tunnel running over a public network such as the Internet that uses encryption technology so that data is safe from being intercepted and understood by unauthorized users.

FAST TRACK HELP


FAST TRACK HELP

ng

_______ /3

Understand malware 131


Understand malware

SCENARIO: Consolidated Messenger handles customer feedback for many area businesses. Each day they receive thousands of email messages from happy and unhappy customers, which they funnel to the appropriate individuals at their client companies.

Mary Kay Anderson is the systems administrator for Consolidated Messenger. The company has had several outbreaks of viruses on the network that seem to have been propagated through email. They have asked Mary Kay to host a “lunch and learn” session to educate Consolidated Messenger staff about malicious software and email. Mary Kay has also been assigned the task to fi nd a solution that will better protect the system.

1. What should the staff members do when they receive a suspicious email from a customer or coworker that contains an embedded hyperlink?

a. delete the email and then contact Mary Kay and the customer or coworker b. quickly click the hyperlink to see what might happen to assess the threat themselves c. forward the email to other coworkers warning them that the email is not legitimate

2. What can Mary Kay do to prevent suspicious emails from entering their network? a. install Microsoft® Forefront® and Threat Management Gateway and configure it to

block malicious emails b. disable internet email c. threaten coworkers that they will be dismissed if they forward any email

3. What tool can Mary Kay download to remove malicious software (malware)? a. Remote Server Administration Tools (RSAT) b. Microsoft Windows Malicious Software Removal Tool c. any web-advertised security software tools—they are all the same

A malicious software removal tool is included in Windows updates.


Answers1. When staff members receive a suspicious email that contains an embedded hyperlink they should:

a. delete the email and then contact Mary Kay and the customer or coworker. Never forward an email with suspicious content. If an email has an attachment or link in it, contact the sender and verify that he or she sent the message.

2. To prevent suspicious emails from entering the network, Mary Kay can: a. install Microsoft Forefront and Threat Management Gateway and configure it to block any

malicious emails. Exchange server has several spam filtering tools. Forefront and TMG are additional security measures to better protect the system.

3. To remove malicious software (malware), Mary Kay can download: b. Microsoft Windows Malicious Software Removal Tool

Essential details• A bot is a program that performs some task on a network, especially a task that is repetitive or

time-consuming.

• A rootkit is collection of software programs that a hacker can use to gain unauthorized remote access to a computer and launch additional attacks.

• Spyware is software sometimes referred to as spybot or tracking software. Spyware uses other forms of deceptive software and programs that conduct certain activities on a computer without obtaining appropriate consent from the user.

• A trojan is a program that appears to be useful or harmless but contains hidden code designed to exploit or damage the system on which it is run.

• A worm uses self-propagating malicious code that can automatically distribute itself from one computer to another through network connections.

FAST TRACK HELP

• http://www.microsoft.com/downloads/details.aspx?FamilyId=F24A8CE3-63A4-45A1-97B6-3FEF52F63ABB&displaylang=en


FAST TRACK HELP

ies

code _______ /3

3 Understanding Network Security

IN THIS CHAPTER

■ 3.1 Understand dedicated fi rewalls

■ 3.2 Understand Network Access Protection (NAP)

■ 3.3A Understand Network Isolation

■ 3.3B Understand Network Isolation

■ 3.4 Understand protocol security


BETA COURSEWARE EXPIRES NOVEMBER 26, 2010

Understand dedicated f irewalls 135

OBJECTIVE UNDERSTANDING NETWORK SECURIT Y 3.1

Understand dedicated fi rewalls

SCENARIO: Matt Berg has earned several Microsoft certifi cations and is now his own boss as an independent security consultant. Trey Research has retained his services to perform a security assessment of their network. Trey Research has several servers that are exposed to the Internet and they fear that their internal network may be vulnerable to an attack. They have a single perimeter fi rewall, but they don’t know if that is enough. Matt’s job is to assess the situation and make recommendations as to how Trey Research can protect their data.

1. What should Matt recommend that Trey Research to do with their Internet exposed servers? a. create a perimeter network to isolate those servers from the internal network b. outsource the associated services c. no action is needed—the servers are fine where they are on the internal network

2. Is a single perimeter firewall sufficient for Trey Research? a. yes—a single firewall provides more than enough protection in any environment b. no—Trey Research’s concerns are justified. They should have several security appliances that provide

“defense in depth” for their organization as well as enabling workstation software firewalls and antivirus c. no—they should also create a DMZ

3. Does stateful packet inspection or stateless packet inspection provide better security?

a. a stateless packet inspection because it is more efficient and can stop more packets

b. neither—they do not provide any type of security c. stateful because it inspects the packets as they pass through the connection

Stateless packet inspection is a faster type of security and requires less memory but is not completely reliable.

136 CHAPTER 3: Understanding Network Security

Answers1. Matt should recommend that Trey Research:

a. create a perimeter network to isolate those servers from the internal network. Internet-exposed servers and devices should not reside on an internal network. They should be segmented or isolated into a secured part of the network.

2. Is a single perimeter firewall sufficient for Trey Research?b. no—Trey Research’s concerns are justified. They should have several security appliances that

provide “defense in depth” for their organization as well as enabling workstation software firewalls and antivirus. No single solution can secure a network; however, providing several layers of security reduces a company’s exposure.

3. The better packet inspection choice is: c. stateful, because it inspects the packets as they pass through the connection

Essential details• A firewall is a security system intended to protect an organization’s network against external threats—such

as hackers—coming from another network, such as the Internet.

• Packet filtering is the process of controlling network access based on IP addresses. Firewalls will often incorporate filters that allow or deny users the ability to enter or leave a local area network (LAN).

• A proxy server is a security appliance that manages Internet traffic to and from a local area network and can provide other features, such as document caching and access control.

FAST TRACK HELP

• http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx



FAST TRACK HELP

_______ /3

Understand Network Access Protection (NAP) 137


Understand Network Access Protection (NAP)

SCENARIO: Adventure Works is one of the nation’s largest suppliers of high-end sporting equipment. Twenty-fi ve Adventure Works sales associates travel throughout the country selling sporting equipment to retailers. They return to corporate headquarters every Friday with their laptops for meetings and training.

Allie Bellew is the network administrator for Adventure Works and would like to implement a method for ensur-ing that the mobile devices are in a good state of security “health” when they access the corporate network during these Friday meetings.

1. What control or strategy can Allie implement to assure security health? a. Network Access Protection, which will verify the integrity of each mobile device b. virus scans each time sales associates log in c. re-imaging each laptop prior to connecting to the network

2. Aside from protecting against a virus infected laptop, what else can NAP do? a. protect against lost data b. nothing else—it is simply a glorified virus scan c. verify the complete integrity of the device by checking that it has the most recent

software updates or configuration changes

3. What can Allie do about computers that are not compatible with NAP? a. upgrade the computers that are not compatible b. define exceptions in NAP for those devices that are not compatible c. prevent those devices from using the network

Exceptions can be defi ned for “mission-necessary” systems until they can be upgraded.


Answers1. Allie can implement:

a. Network Access Protection, which will verify the integrity of each mobile device

2. Aside from protecting against a virus infected laptop, NAP can:c. verify the complete integrity of the device by checking that it has the most recent software

updates or configuration changes. Systems that have not received updates can be as problematic as systems infected by malware.

3. For computers that are not compatible with NAP, Allie should: b. define exceptions in NAP for those devices that are not compatible

Essential details• Network Access Protection (NAP) is a new platform and solution that controls access to network resources

based on a client computer’s identity and compliance with corporate governance policy.

• NAP enforcement points are computers or network access devices that use NAP or can be used with NAP to require the evaluation of a NAP client’s health state and provide restricted network access or communication.

FAST TRACK HELP

• http://technet.microsoft.com/en-us/network/cc984252.aspx


• http://www.microsoft.com/windowsserver2008/en/us/nap-faq.aspx

FAST TRACK HELP

_______ /3

Understand Network Isolation 139

OBJECTIVE UNDERSTANDING NETWORK SECURIT Y 3.3A

Understand Network Isolation

SCENARIO: Coho Winery has been in the winery business for three generations. They still produce quality wine from the same vineyards and in the same ancient cellars. Even most of their business organization has remained the same for decades. It’s now time to update the corporate side of Coho with new technologies related to their data-keeping infrastructure.

Karen Berg has been assigned the task of assessing Coho Winery’s network infrastructure and to provide recom-mendations based on their specifi c needs:

• Most of the employees need Internet access.

• The computers in the winery plant are isolated and don’t need Internet access.

• “Work at home” employees should have Virtual Private Network access using IP Security.

1. What can Karen do to prevent the plant computers from gaining Internet access? a. create a VLAN that does not allow Internet access but is trunked to the main network b. manually configure each computer so it doesn’t have a gateway c. remove Internet Explorer from the computers

2. What technology will Karen have to implement to allow Internet access for office employees without exposing them to the Internet?

a. set up one walk-up computer that has a public IP address so it can access the Internet

b. give each office user a dialup modem to establish an Internet connection c. implement a router to perform Network Address Translation that will allow several

private addresses to participate on a public network

3. What Microsoft Windows Server 2008 R2 role can accomplish both the Internet access and VPN solution?

a. DHCP b. Remote Desktop Service c. Routing and Remote Access Service

Most server operating systems have some form of routing technology. Minimum requirements include having multiple network

interface cards (NICs).


Answers1. To prevent the plant computers from gaining internet access, Karen can:

a. create a VLAN that does not allow Internet access but is trunked to the main network

2. To allow Internet access for office employees without exposing them to the Internet, Karen can:c. implement a router to perform Network Address Translation that will allow several private

addresses participate on a public network. Most retail wireless routers perform Network Address Translation or Port Address translation, which will allow home network devices (Xbox, laptops, and so on) to have Internet access.

3. Microsoft Windows Server 2008 R2 can accomplish both the Internet access and VPN solution with:c. Routing and Remote Access Service (RRAS). RRAS can serve as both a VPN and Internet gateway.

VPN access can be secured using several security protocols including IP Security (IPsec).

Essential details• Network Address Translation (NAT) is the process of converting between IP addresses used within an

intranet or other private network and Internet IP addresses.

• Routing is the process of forwarding packets between networks from source to destination.

• A Virtual LAN (VLAN) is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location.

FAST TRACK HELP



• http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7E973087-3D2D-4CAC-ABDF-CC7BDE298847&displaylang=en

• http://en.wikipedia.org/wiki/Virtual_LAN

FAST TRACK HELP

n

_______ /3

Understand Network Isolation 141

OBJECTIVE UNDERSTANDING NETWORK SECURIT Y 3.3B

Understand Network Isolation

SCENARIO: Arlene Huff is the systems administrator for Margie’s Travel and has been very busy in recent weeks securing company and customer data. There had been suspicious activity on the network, but thankfully Arlene’s actions to track network users have secured the system. But the challenge of securing confi dential data is an ongoing task.

The owner of the company, Margie, would like her remote travel agents to have access to the corporate network so that they can check email and post appointments booked for that day. Margie has decided to allow the travel agents to use their home computers but must be assured that the information is secured. The security of client information is her top priority.

1. What would be the best general solution for Margie’s Travel? a. implement a VPN server to allow the travel agents remote access b. set up a modem bank and have the travel agents purchase modems for their home computers so they

can dial the office c. there isn’t a solution for what Margie wants

2. What is a potential risk in having the travel agents use their home computers for VPN access?

a. nothing—the VPN handles everything and encrypts the data b. the travel agents may forget to disconnect which will keep the VPN connection

open preventing others from connecting c. simply having a VPN does not prevent potential viruses and malware on the

home computer from infecting the network

3. Arlene is worried about would-be attackers penetrating the VPN. What can she set up to “lure” attackers to better understand their methods?

a. a honeypot outside the perimeter network, which is a falsified program that can emulate a VPN or service

b. a fancy website that says “Nothing to see here” c. a fake VPN that never answers

Honeypots are located all across the Internet and are used to discover methods that attackers might use to

compromise a system.


Answers1. The best general solution for Margie’s Travel is to:

a. implement a VPN server to allow the travel agents remote access. She can configure the VPN to use several methods of encryption.

2. The risk in having the travel agents use home computers for VPN access is that::c. simply having a VPN does not prevent potential viruses and malware on the home computer

from infecting the network. Arlene can use Direct Access, which is new with Windows 7 and Windows Server 2008 R2, to help mitigate potential risks.

3. To “lure” attackers to better understand their methods Arlene can create:a. a honeypot outside the perimeter network, which is a falsified program that can emulate

a VPN or service

Essential details• A perimeter network (also known as DMZ, demilitarized zone, and screened subnet) is a physical or logical

network that contains and exposes an organization’s external services to a larger, untrusted network, usually the Internet.

• Internet Protocol Security (IPsec) is an Internet protocol security standard that provides a general policy–based IP layer security mechanism that is ideal for providing host-by-host authentication. IPsec policies are defined as having security rules and settings that control the flow of inbound data.

• Virtual private network (VPN) nodes on a public network such as the Internet communicate among themselves using encryption technology so that the messages are as safe from being intercepted and understood by unauthorized users, as though the nodes were connected by private lines.

FAST TRACK HELP

• http://technet.microsoft.com/en-us/network/dd420463.aspx

FAST TRACK HELP

es arees arethethe

_______ /3

Understand protocol security 143


Understand protocol security

SCENARIO: Since Todd Rowe, the network administrator at the Graphic Design Institute, implemented stronger security measures to protect student data, the number of reported leaks has fallen to zero! The administration is pleased but Todd knows it is a constant battle to keep data secure from attacks.

Todd’s friend Neil Black is an expert on the methods used to attack private data stores. Todd has asked Neil to give a presentation to the administration and offi ce employees on network security, protocol security measures, attack methods, and prevention. Todd knows that an informed staff is part of the complete strategy in preventing and intercepting attacks.

1. What type of attack configures a computer to appear as another computer on a trusted network by using the IP address or the physical address?

a. identity spoofing b. computer faking c. application-layer attack

2. What security protocol can help protect data from being modified, corrupted, or accessed without authorization?

a. DNSSEC b. IP Security (IPsec) c. NetBIOS

3. What type of an attack poisons a network or computer to the point where the system is rendered unusable?

a. man-in-the-middle attack b. password attack c. denial of service (DOS) attack

There are several forms of distributed denial of services (DOS) attacks that can either hinder a computer, server, or application from

functioning.


Answers1. An attack that configures a computer to appear as another computer on a trusted network is:

a. identity spoofing

2. The security protocol that can help protect data from being modified, corrupted, or accessed without authorization is:b. IP Security (IPsec). Ipsec can be used not only for VPN security but also with local area network traffic.

80 percent of most security attacks come from within the organization. Assuming that the data inside the perimeter firewall is safe is a dangerous assumption.

3. An attack that poisons a network or computer to the point where the system is rendered unusable is a: c. denial of service (DOS) attack

Essential details• Sniffing is the act of monitoring network traffic for data, such as cleartext passwords or configuration

information.

• Identity spoofing (IP address spoofing) occurs when the attacker uses an IP address of a network, computer, or network component without being authorized to do so.

• Internet protocol security (IPsec) supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. Because IPsec is integrated at the Internet layer (layer 3), it provides security for almost all protocols in the TCP/IP suite.

• Domain name system (DNS) is a hierarchical, distributed database that contains mappings between names and other information, such as IP addresses. DNS allows users to locate resources on the network by converting friendly, human-readable names such as www.microsoft.com to IP addresses that computers can connect to.

FAST TRACK HELP



FAST TRACK HELP

users _______ /3

4 Understanding Security Software

IN THIS CHAPTER

■ 4.1 Understand client protection

■ 4.2 Understand email protection

■ 4.3 Understand server protection

146 CHAPTER 4: Understanding Security Sof tware

Understand client protection 147

OBJECTIVE UNDERSTANDING SECURIT Y SOFTWARE 4.1

The hash rule creates a hash checksum based on the executable. The path rule restricts software located within a certain path.

Understand client protection

SCENARIO: Jeff Hay is the network administrator for Tailspin Toys. During the off-season for toy sales, the Tail-spin technology staff is kept busy maintaining and upgrading various systems in preparation for the busy holiday sales spike.

Jeff is eager to have this time to service all of the computers and update the software. He is concerned about company employees installing software from the Internet. Jeff realizes that using reputable antivirus software can only do so much. The network consists of a mix of Windows XP, Windows 7, and Windows Server 2008 R2.

1. What can Jeff do to ensure that the computers have the latest security updates? a. implement Windows Software Update Services to control all Microsoft updates

for both the operating systems and any Microsoft product in use b. come in early every Monday and run Windows Updates on each computer c. email company employees and instruct them to perform Windows Updates during their lunch breaks

2. What can Jeff do to prevent company employees from downloading and installing software from the Internet?

a. enable User Account Control on all Windows 7 computers as well as configure software restriction policies

b. send a strongly worded email with the Internet Usage Policy attached to all users c. disable Internet access for all users

3. What method should Jeff use to identify Internet software in Software Restriction Policies?

a. hash rule b. path rule c. zone rule


Answers1. To ensure that the computers have the latest security updates, Jeff can:

a. implement Windows Software Update Services to control all Microsoft updates for both the operating systems and any Microsoft product in use

2. To prevent employees from downloading and installing software from the Internet, Jeff can:a. enable User Account Control on all Windows 7 computers as well as configure software

restriction policies

3. To identify Internet software in Software Restriction Policies, Jeff can use:c. zone rule

Essential details• Antivirus is a computer program that scans a computer’s memory and mass storage to identify, isolate, and

eliminate viruses, and also examines incoming files for viruses as the computer receives them.

• User account control (UAC) helps prevent malicious programs (malware) from damaging a computer and helps organizations deploy a better-managed desktop. With UAC, applications and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system.

FAST TRACK HELP

• http://www.microsoft.com/security_essentials/market.aspx



• http://windows.microsoft.com/en-ZA/windows7/what-is-user-account-control

FAST TRACK HELP

trol

_______ /3

Understand email protection 149

OBJECTIVE UNDERSTANDING SECURIT Y SOFTWARE 4 .2

Antivirus software on an email server does not provide protection against spam.

Understand email protection

SCENARIO: Recently the Coho Winery has experienced a series of problems with email spam; some employees have even fallen prey to identity theft through phishing scams. John Kane is the systems administrator for Coho Winery and the task of resolving the problems has landed directly on his desk. After some research he has come up with some solutions. John intends to address these issues by implementing various security measures and most important, providing some much-needed company education as it relates to best practices while using email.

1. What can John do to help reduce the amount of spam that hits their Microsoft Exchange server? a. at a minimum, enable reverse DNS lookup on the SMTP virtual server b. disable Internet email c. change their domain name

2. What should Coho users do when they receive an email from a company they know with a request to click the link to “verify their account information?”

a. delete the email b. forward to the rest of the company with a warning not to click on the link c. click the link because they “know” that it is a legitimate message based on

the company name

3. Aside from enabling reverse DNS lookups, what else can John do to secure his Exchange server?

a. enable Autodiscover b. add Sender Policy Framework (SPF) c. update the antivirus software


Answers1. To help reduce the amount of spam that hits their Microsoft Exchange server, John can:

a. at a minimum, enable reverse DNS lookup on the SMTP virtual server. Configuring the system to do a reverse DNS lookup crosschecks the domain name with a PTR record that is the IP address associated with that domain name. If the IP address does not match the record associated with that domain name, it is not delivered.

2. When users receive an email from a company they know with a request to “verify their account information,” they should:a. delete the email. Companies will not ask for account information through email in today’s climate.

Users should be diligent when receiving an email like this. They can also call the company to alert them of the message.

3. Aside from enabling reverse DNS lookups, John can:b. add Sender Policy Framework (SPF). SPF allows the administrator to configure the server to establish

who is allowed to send email from their domain.

Essential details• Spam is unsolicited, unwanted email sent by someone with whom the recipient has no personal or business

relationship.

• Phishing and pharming are techniques used to trick computer users into revealing personal or financial information.

• An SPF record is an extension of the SMTP protocol that prevents spammers from forging the From fields in email messages by verifying that the IP address in the SMTP Received header is authorized to send email for the sender’s domain.

• Spoofing is the impersonation of an email sender, IP connection, or a domain that causes an email message to appear as though it originates from a sender other than the actual sender of the message.

FAST TRACK HELP

• http://technet.microsoft.com/en-us/exchange/dd251269.aspx

• http://www.microsoft.com/athome/security/email/phishing/video1.mspx

• http://www.microsoft.com/presspass/features/2003/nov03/11-17spamfilter.mspx

FAST TRACK HELP

m m

athan

_______ /3

Understand server protection 151

OBJECTIVE UNDERSTANDING SECURIT Y SOFTWARE 4 .3

Stronger passwords do not reduce the exposure of a domain controller.

Understand server protection

SCENARIO: A few years ago Humongous Insurance (HI) reorganized their business and technology infrastructure. Alfons Parovsky has recently been hired as the server administrator for HI. The records regarding the security updates are rather sketchy and he does not want any major security lapses to occur during his time as the administrator. To be sure everything is up to standards, Alfons has decided to immediately perform a security assessment on the datacenter. He would like to ensure that the servers meet all the necessary security requirements and are being updated regularly. Alfons also wants to ensure that HI does not have any exposures to the networks in their remote locations.

1. What tool can Alfons use to assess HI servers have any vulnerabilities related to the operating system and installed software?

a. Microsoft Baseline Security Analyzer b. Event Viewer c. Resource Monitor

2. What service can Alfons enable to ensure that the servers are receiving all necessary software updates?

a. Windows Backup Service b. Routing and Remote Access Service c. Windows Software Update Service

3. What can Alfons do to ensure that the domain is secure in the remote locations? a. install a Read-Only domain controller in the remote sites b. remove any servers in the remote sites and have employees transfer files

using email c. enforce stronger password policies in the remote sites using fine-grained passwords


Answers1. To assess vulnerabilities related to the operating system and installed software, Alfons can use:

a. Microsoft Baseline Security Analyzer. MBSA is an easy-to-use tool that can provide instant feedback and resources to identify potential vulnerabilities on servers and workstations. It analyzes the operating system and any installed Microsoft software.

2. To ensure that the servers are receiving all necessary software updates, Alfons can enable: c. Windows Software Update Service. Alfons can create a separate group for his servers so that he can

selectively manage what updates are installed and when.

3. To ensure that the domain is secure in the remote locations, he can:a. install a Read-Only domain controller (RODC) in his remote sites. Read-only domain

controller (RODC) is a new type of domain controller in the Windows Server 2008 operating system. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed.

Essential details• DNS dynamic update enables DNS client computers to register and dynamically update their resource

records with a DNS server whenever changes occur.

• Microsoft Baseline Security Analyzer (MBSA) is a tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

• Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system.

FAST TRACK HELP

• http://technet.microsoft.com/en-us/security/cc184923.aspx

• http://technet.microsoft.com/en-us/security/cc185712.aspx


FAST TRACK HELP

_______ /3

mta ssg it pro without crop

Documents