MCSE Self-Paced Training Kit (Exam 70-293): …...MCSE Self-Paced Training Kit (Exam 70-293):...

I-1

Index

Numbers3DES (Triple-Data Encryption Standard), 18-14, 18-165-4-3 rule, in Ethernet design, 1-16802.11a standard

network layer and, 15-12overview of, 18-30Questions and Answers, 18-31, 18-33

802.11b standarddata-link layer and, 1-17 to 1-18network layer and, 15-12performance of, 18-29Questions and Answers, 18-31, 18-33

802.11g standard, 15-12802.11 standard, 13-15 to 13-16, 18-34802.1X standard

authentication, 13-21overview of, 18-30Questions and Answers, 18-31 to 18-34

8mm drives, 6-32, 17-30, 17-33

Aaccess control

with dial-in properties, 5-26 to 5-27DNS security and, 4-52security infrastructure design and, 8-15

access pointsdefined, 1-18in infrastructure networks, 13-16 to 13-17, 15-13Questions and Answers, 18-31

account lockout settings, 8-28account management, event auditing, 9-6account policies

defined, 8-37lockout settings, 8-28overview of, 8-26 to 8-28planning secure baseline installation, 14-10practice exercise modifying, 8-31 to 8-33security templates and, 10-10

accounts, security options for member servers, 9-12 to 9-13Active Directory

auditing access to, 9-6container objects, 9-3DNS and, 4-3, 4-12enterprise CAs and, 11-15multiple DNS servers and, 4-29permissions, 8-24 to 8-26protecting Active Directory–integrated DNS, 9-24 to 9-25

Active Directory, certificate publicationfurther reading, 19-2overview of, 19-4Questions and Answers, 19-5 to 19-8

tested skills/suggested practices, 19-1Active Directory–integrated zones, 4-36 to 4-37Add (+) button, 6-4Address Resolution Protocol (ARP), 7-16ad hoc networks

defined, 13-38overview of, 15-13Questions and Answers, 18-34wireless networking and, 13-16 to 13-17

ad hoc topology802.11b and, 1-17defined, 1-42, 18-29

administration, network. See network administrationadministrators

Domain Admins, 5-40 to 5-41, 8-24security options for member servers, 9-12

ADSL (Asymmetrical Digital Subscriber Line)comparing connection options, 3-7 to 3-8Internet access with, 3-9planning strategy for Internet connectivity, 15-18

AH (Authentication Header) protocoldefined, 18-12IPSec protocols, 12-20 to 12-21Questions and Answers, 18-14, 18-16

alerts, Performance Logs and Alertsoverview of, 6-7Questions and Answers, 17-11, 17-13trace logs and counter logs, 15-24

algorithms3DES (Triple-Data Encryption Standard), 18-14, 18-16certificates, 11-16SHA1 (Secure Hash Algorithm 1), 18-14, 18-16

allocation methods, DHCP, 2-36 to 2-37Allow Log On Locally, user rights, 9-22Allow Remote Systems To Connect Without

Authentication, 16-11, 16-14APIPA (Automatic Private IP Addressing), 15-37application layer, OSI reference model, 1-14applications

application compatibility in selecting operating system, 14-22

attacked by unauthorized users, 12-18compatibility, 8-8connection types, 3-7 to 3-8connectivity requirements, 3-4Internet access and, 3-25NBL cluster deployment, 7-21number of clusters, 7-8 to 7-10server clusters hosting, 7-35 to 7-38

application serversplanning security for, 14-17securing, 9-28

70-293e.book Tuesday, March 14, 2006 5:49 PM

Microsoft Press

Note

MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft® Windows Server™ 2003 Network Infrastructure, Second Edition (ISBN 0-7356-2287-6) by Craig Zacker with Anthony Steven of Content Master. Published by Microsoft Press. Copyright © 2006 by Microsoft Corporation.

I-2

archive bit, 17-28area border routers, 5-19areas, OSPF, 16-5ARP (Address Resolution Protocol), 7-16ARPANET, 4-5ASR (Automated System Recovery)

backing up and, 17-29back up planning and, 6-35Questions and Answers, 17-21, 17-24, 17-29 to 17-33

asymmetrical connections, 3-9 to 3-10, 3-43Asymmetrical Digital Subscriber Line. See ADSL

(Asymmetrical Digital Subscriber Line)attenuation

defined, 1-41 to 1-42fiber optic vs. UTP and, 1-17

audio tape drives. See DAT (digital audio tape) drivesaudit policies

domain controllers, 9-20options for member servers, 9-13planning secure baseline installation, 14-10Questions and Answers, 19-17 to 19-18security infrastructure design and, 8-15security settings, 8-29 to 8-30setting for member servers, 9-4 to 9-8

Authenticated Users group, Active Directory permissions, 8-24

authenticationallowing remote access without, 5-31defined, 5-57ESP and, 12-23IPSec, 12-19PKI design, 11-10protocols, 5-28 to 5-31Questions and Answers, 16-21, 18-30, 18-32remote access and, 5-27RRAS protocols, 16-11, 16-14 to 16-17security infrastructure design and, 8-16wireless networks and, 11-10, 13-20 to 13-22

Authentication Header protocol. See AH (Authentication Header) protocol

Authenticode, 11-10authorization

defined, 5-57Network Monitor and, 6-7remote access policies and, 5-31

autochangers, 6-32 to 6-33auto-enrollment

enterprise CAs, 19-4overview of, 11-19 to 11-21Questions and Answers, 11-34, 19-5, 19-7

Automated System Recovery. See ASR (Automated System Recovery)

automatic allocation, DHCP, 2-36 to 2-37automatic IP addressing, DHCP, 4-55Automatic Private IP Addressing (APIPA), 15-37

Automatic Updates, 13-10Available MBytes counter, 17-9Avg. Disk Queue Length, monitoring, 17-10

Bbackbone networks, 1-34backups, 6-31 to 6-44

Backup program, 17-29case scenario, 6-44 to 6-45, 6-50 to 6-51exam highlights, 6-47 to 6-48hardware, 6-31 to 6-33lesson review, 6-43 to 6-44overview of, 17-28 to 17-29planning, 6-35practice exercise, 6-42 to 6-43Questions and Answers, 6-50, 17-20 to 17-21, 17-23,

17-29 to 17-33restoring from, 6-39 to 6-40scheduling, 6-38 to 6-39software, 6-33 to 6-35target selection, 6-36 to 6-37types of, 6-37 to 6-38volume shadow copy and, 6-40 to 6-41

backup servers, 8-4backup window, 6-36bandwidth

CATV and, 3-9dial-up modems and, 3-8DSL and, 3-9Internet connectivity requirements, 3-3 to 3-6ISDN and, 3-8leased lines and, 3-10Windows Update demands on, 13-5

baseline, configuration testing and, 10-3baseline, member servers

audit policies, 9-4 to 9-8baseline policies, 9-2 to 9-4configuring security, 9-12 to 9-14configuring services, 9-9 to 9-12event log policies, 9-8 to 9-9overview of, 9-2practice exercise creating GPO, 9-14 to 9-16Questions and Answers, 9-53review, 9-16 to 9-18

baseline, planning secure installation, 8-1 to 8-40account policies, 8-26 to 8-28Active Directory permissions, 8-24 to 8-26audit policies, 8-29 to 8-30case scenario, 8-34 to 8-35, 8-39 to 8-40computer roles, 8-3exam highlights, 8-36file system permissions, 8-19 to 8-21high-level security planning, 8-13ongoing management, 8-17operating systems, 8-7 to 8-8

archive bit


I-3

overview of, 8-1 to 8-2, 14-10 to 14-11practice exercise creating share permissions, 8-31practice exercise modifying account policies, 8-31 to 8-33practice exercise modifying file permissions, 8-30 to 8-31Questions and Answers, 8-38 to 8-40, 14-12 to 14-15registry permissions, 8-23review, 8-35 to 8-36Security Configuration Wizard, 8-30security design team, 8-13 to 8-14security implementation, 8-16 to 8-17security infrastructure design, 8-15 to 8-16security life cycles, 8-14server hardware specifications, 8-5 to 8-6server operating systems, 8-9 to 8-11server roles, 8-3 to 8-4share permissions, 8-22workstation hardware specifications, 8-6 to 8-7workstation operating systems, 8-8 to 8-9workstation roles, 8-4 to 8-5

baseline policies, for member servers, 9-2 to 9-4Basic EFS certificates, 19-12, 19-14Basic Rate Interface. See BRI (Basic Rate Interface) ISDNbasic service area (BSA), 13-38basic service set (BSS), 13-38binaries

calculating IP addresses, 2-29 to 2-30converting to decimals, 2-31

blueprint, for network infrastructure, 1-36bottlenecks

defined, 6-48identifying, 6-25 to 6-27, 17-9 to 17-10Questions and Answers, 17-11 to 17-14

bounded media, compared with unbounded media, 1-14 to 1-15

BRI (Basic Rate Interface) ISDNcomparing connection options, 3-7 to 3-8defined, 3-8planning strategy for Internet connectivity, 15-17

broadcast domainsdefined, 2-55overview of, 2-15practice exercise, 2-57 to 2-58Questions and Answers, 2-58

broadcast name resolution, in NetBIOS, 15-47broadcast transmissions

overview of, 4-14Questions and Answers, 2-62with Lmhosts, 4-42 to 4-45

BSA (basic service area), 13-38BSS (basic service set), 13-38buffer size, Network Monitor, 6-9burst periods, 3-12bytes

IP addresses and, 2-4subnetting between, 2-29 to 2-32

Ccables, network

locating, 1-33 to 1-34troubleshooting, 2-53, 2-64

cable television networks. See CATV (cable television) networks

cache corruption, DNS security and, 4-54caching-only DNS servers, 4-12, 4-29 to 4-30callback options, dial-in properties, 16-10capacity planning

backup media and, 6-31Questions and Answers, 7-52server clusters and, 7-36

capture filtersin Network Monitor, 15-25overview of, 6-11 to 6-12Questions and Answers, 6-49

Capture window, Network Monitor, 6-8 to 6-11Carrier Sense Multiple Access with Collision Detection

(CSMA/CD), 1-22CAs (certification authorities)

auto-enrollment, 11-19 to 11-21certificate renewal, 11-19 to 11-20enterprise, 11-15exam highlights, 11-32hierarchy, 11-13 to 11-14internal vs. external, 11-5, 11-12lesson review, 11-17 to 11-18overview of, 19-9 to 19-10practice exercise, 11-16 to 11-17Questions and Answers, 11-33 to 11-34, 19-11 to 19-14requesting certificates, 11-5, 11-21 to 11-24revoking certificates, 11-24 to 11-25stand-alone, 11-15

Category 5 cable, 1-20cathode ray tubes (CRTs), 1-32CATV (cable television) networks

comparing connection options, 3-7 to 3-8overview of, 3-9 to 3-10planning strategy for Internet connectivity,

15-17 to 15-18Questions and Answers, 3-43

CD-Rs (Compact Disk-Recordable drives), 6-31certificate chains, 11-14certificate revocation lists (CRLs), 11-24 to 11-25, 11-34certificates, 11-19 to 11-29

Active Directory configuration, 19-1, 19-4 to 19-8auto-enrollment, 11-19 to 11-21CA infrastructure, 11-11 to 11-15case scenario, 11-29 to 11-30, 11-35configuring, 11-16enrollment, 11-6, 11-19 to 11-21, 19-10exam highlights, 11-32functions of, 11-6lesson review, 11-28 to 11-29

certificates


I-4

overview of, 11-4PKI and, 11-6 to 11-7practice exercises, 11-25 to 11-28Questions and Answers, 16-21, 16-23, 19-12, 19-14renewing, 11-19 to 11-21requesting from CAs, 11-5requesting manually, 11-21 to 11-24requirements, 11-9 to 11-11revoking, 11-24 to 11-25troubleshooting lab, 11-30 to 11-31

Certificate ServicesActive Directory. see Active Directory, certificate

publicationCA installation, 11-5PKI. see PKI (public key infrastructure)publishing certificates, 11-6Web Enrollment Support, 11-22 to 11-27

certificate templatesauto-enrollment configuration, 11-20enterprise CAs, 19-4Questions and Answers, 19-5 to 19-8

certification authorities. See CAs (certification authorities)Certification Authority console

manual enrollment, 11-21practice exercise, 11-26 to 11-27Questions and Answers, 19-5, 19-8revoking certificates, 11-24 to 11-25

Certutil.exe program, 19-5 to 19-8Challenge Authentication Protocol. See CHAP (Encrypted

Authentication)Channel Service Unit/Data Service Unit (CSU/DSU), 3-10CHAP (Encrypted Authentication)

defined, 16-11Questions and Answers, 16-14, 16-16remote access and, 5-30

CIR (committed information rate), 3-12, 15-18classes, IP address

case scenario, 2-50 to 2-53, 2-62Class D addresses, 16-5overview of, 2-26 to 2-27

CLB (Component Load Balancing) clusters, 17-5Client (Respond Only) IPSec policy

defined, 16-18overview of, 18-35Questions and Answers, 16-20, 16-22, 18-8, 18-10,

18-36 to 18-39clients

DNS, 4-58 to 4-59Remote Desktop, 13-31

client-side control, Remote Assistance, 13-29cloned applications, 7-36, 7-37 to 7-38cloud

defined, 3-12frame relay, 15-18

Cluster Administrator

creating server clusters, 7-39 to 7-41, 17-15practice exercises, 7-42 to 7-44Questions and Answers, 17-21, 17-24

cluster disk data, 17-16cluster disk signatures, 17-16, 17-20clustering

backup and recovery strategy, 17-28 to 17-33bottlenecks, 17-9 to 17-14combining technologies, 7-10defining, 7-2designing clusters, 7-5 to 7-6dispersing clusters, 7-11exam highlights, 7-49 to 7-50further reading, 17-3 to 17-4implementing, 17-15 to 17-24lesson review, 7-12 to 7-13overview of, 17-5Questions and Answers, 7-51, 17-6 to 17-8requirements, 7-6 to 7-8scaling clusters, 7-7 to 7-8server clusters. see server clusterstested skills/suggested practices, 17-1 to 17-3types of, 7-2 to 7-5

cluster node data, 17-17cluster resources

configuring, 7-40 to 7-41overview of, 7-40practice exercise, 7-43 to 7-44

CMAK (Connection Manager Administration Kit), 5-36CM (Connection Manager), 5-36collision domains

defined, 2-55LANs and, 2-15practice exercise, 2-57 to 2-58Questions and Answers, 2-58

collisions, preventing, 1-21 to 1-22command-line tools, SCW (Security Configuration Wizard),

9-42committed information rate (CIR), 3-12, 15-18Compact Disk-Recordable drives, 6-31compatibility, application and hardware compatibility in

selecting operating systems, 14-22Compatws.inf security template, 10-13Component Load Balancing (CLB) clusters, 17-5compression, magnetic tape, 6-32computer roles

overview of, 8-3review, 8-11 to 8-12, 8-38servers, 8-3 to 8-4workstations, 8-4 to 8-5

conditional forwarding, DNS servers, 4-32conditions, remote access policies, 16-12connectionless protocols, 1-26Connection Manager Administration Kit (CMAK), 5-36connection-oriented protocols, 1-26

Certificate Services


I-5

connectivity. See Internet connectivitycontainer objects

creating AD container, 9-14GPO assignments and, 14-6overview of, 9-3

Control Panelactivating Remote Assistance, 13-32Remote tab, 13-26

convergence, 7-19, 7-52, 17-20costs

backup hardware, 6-33CATV networks, 3-10frame relay, 3-12ISDN, 3-8operating systems, 8-8, 14-22

counter logs, Performance Logs and Alerts, 6-7, 15-24CRLs (certificate revocation lists), 11-24 to 11-25, 11-34CRTs (cathode ray tubes), 1-32cryptographic checksums, 12-19, 18-5CSMA/CD (Carrier Sense Multiple Access with Collision

Detection), 1-22CSU/DSU (Channel Service Unit/ Data Service Unit), 3-10cut-through routing, 2-21

Ddatabases

backing up, 6-34 to 6-35protecting DNS database files, 9-25SCW configuration database, 9-42

database servers, 8-4datagram, IP. See IP datagramsdata interception, wireless networks, 13-18data-link layer protocols

Ethernet variants, 1-21, 1-23, 15-12fiber optic cables, 1-16 to 1-17lesson review, 1-23 to 1-24media types, 1-14OSI reference model and, 1-12 to 1-14overview of, 1-12routers and, 2-16 to 2-17selecting, 1-14Token Ring, 1-21 to 1-22transmission speed, 1-19 to 1-21UTP (unshielded twisted pair), 1-15wireless, 1-17 to 1-19

data modification, by unauthorized users, 12-17 to 12-18data transmission security. See IPSec (IP Security)DAT (digital audio tape) drives, 6-32, 17-30, 17-32DCDiag, 4-60 to 4-61DC Security.inf security template, 10-13debug logging, DNS server, 6-21 to 6-22Debug Programs, 9-21decimals, converting binaries to, 2-31dedicated lines. See leased linesdefault gateways

defined, 2-14Internet access and, 3-35Questions and Answers, 16-26, 16-29troubleshooting addressing, 15-36troubleshooting connectivity, 15-30troubleshooting lab, 2-53, 2-64

delegation of authority, DNS servers, 4-29Delegation of Control Wizard, 8-25delta CRLs

applying, 11-27overview of, 11-25Questions and Answers, 11-34

demilitarized zone (DMZ), 2-6denial-of-service (DoS) attacks, 4-50“Designing a Public Key Infrastructure” (Microsoft article),

19-2desktop workstations

computer roles, 8-4 to 8-5hardware specification, 8-6 to 8-7

Destination Port field, TCP/UDP headers, 18-17, 18-19, 18-21devices, security options for member servers, 9-13DHCP (Dynamic Host Configuration Protocol)

automatic IP addressing, 4-55automating TCP/IP configuration, 1-27infrastructure server security, 9-25 to 9-26monitoring, 6-17 to 6-20troubleshooting IP addressing, 15-36

DHCP relay agentplanning DHCP deployment, 2-37Questions and Answers, 2-61troubleshooting lab, 2-53, 2-64

DHCP serversallocation methods, 2-36 to 2-37automatic configuration, 2-35installation, 2-36, 2-37TCP/IP client configuration, 2-37 to 2-40

DHCP Server service, 1-8DHCP Server Statistics window, 6-18 to 6-20dial-in properties

access control with, 5-26 to 5-27overview of, 16-10remote access, 16-10 to 16-11

dial-on-demand connections, 5-7 to 5-8dial-up modem connections

comparing connection options, 3-7 to 3-8overview of, 3-8planning strategy for Internet connectivity, 15-17Questions and Answers, 3-43WAN technologies, 5-7

differential backup jobsdefined, 6-48overview of, 6-37 to 6-38practice exercise, 6-42 to 6-43Questions and Answers, 17-21, 17-24, 17-29 to 17-33scheduling, 6-38 to 6-39

differential backup jobs


I-6

Diffie-Hellman key generation, 18-7, 18-9digital audio tape (DAT) drives, 6-32, 17-30, 17-32digital certificates. See certificatesdigital linear tape. See DLT (digital linear tape) drivesdigital signatures

file and print servers and, 9-27PKI design and, 11-9planning secure baseline installation, 14-10public key encryption and, 11-3security options for member servers, 9-13software and, 11-10

Digital Subscriber Line. See DSL (Digital Subscriber Line)directory services, auditing access to, 9-6disaster recovery, 6-34 to 6-35% Disk Time counter, 17-10DISPLAY cluster, NLB.EXE, 17-25display filters

applying, 6-11 to 6-12in Network Monitor, 15-25practice exercise, 6-14

display, Nlb.exe, 7-23distance vector routing

defined, 5-57implementing RRAS, 5-16 to 5-17planning RRAS, 16-5

DLT (digital linear tape) drives, 6-32, 17-30, 17-33DMZ (demilitarized zone), 2-6DNS (Domain Name Service), 4-5 to 4-13

Active Directory and, 4-12combining DNS functions, 4-12 to 4-13domain hierarchy, 4-7 to 4-8domain levels, 4-10 to 4-11domain names, 4-11domains, 4-6 to 4-7hosting Internet domains and servers, 4-12overview of, 4-5 to 4-6planning name resolution strategy, 15-41query types, 4-10requirements, 4-11 to 4-12reverse name resolution, 4-8 to 4-9review, 4-16 to 4-17round robin technique, 7-11speeding up DNS, 4-10troubleshooting Internet connectivity, 15-30upgrading NetBIOS to, 4-18 to 4-19

DNS namespace, 4-18 to 4-27combining internal/external domains, 4-22 to 4-23host names, 4-23 to 4-24internal domains, 4-20 to 4-21internal root, 4-23Internet domains, 4-19 to 4-20overview of, 4-18practice exercise, 4-24 to 4-25review, 4-26 to 4-27, 4-72 to 4-73subdomains, 4-21

using existing namespace, 4-18 to 4-19DNS resolvers, 4-5DNS security

access control, 4-52cache corruption, 4-54dynamic updates, 4-55infrastructure servers, 9-24 to 9-25overview of, 4-50practice exercise, 4-56redundancy, 4-51 to 4-52review, 4-57, 4-75 to 4-76standard measures of, 4-56techniques for, 4-51threat evaluation, 4-50 to 4-51zone replication and, 4-52 to 4-54

DNS serverscaching-only, 4-12DCDiag for checking server health, 4-60 to 4-61functions of, 4-35 to 4-37hosting Internet servers, 4-12ISPs and, 3-19monitoring, 6-20 to 6-22multiple, 4-28 to 4-29NLB clustering and, 7-14nonfunctioning, 4-59 to 4-60server types, 4-29 to 4-32troubleshooting lab, 6-45 to 6-46, 6-51

DNS Server service, Windows Server 2003 services, 1-8DNS strategy, 4-28 to 4-41

multiple servers, 4-28 to 4-29overview of, 4-28planning, 15-41practice exercise creating zones, 4-37 to 4-39review, 4-40 to 4-41, 4-74 to 4-75server functions, 4-35 to 4-37server types, 4-29 to 4-32zone creation, 4-33 to 4-35

Domain AdminsActive Directory permissions, 8-24remote access policy for, 5-40 to 5-41

domain controllers, 9-19 to 9-23audit and Event Log policies, 9-20compared with member servers, 9-2isolating, 9-19 to 9-20planning security for, 14-16practice exercise modifying GPO for Domain Controller

container, 9-28 to 9-30security of, 9-19server roles, 8-4services, 9-23user rights, 9-21 to 9-22

domainsadding workstations to, 9-21 to 9-22Internet hosting by ISPs, 3-20multiple GPOs and, 9-33

Diffie-Hellman key generation


I-7

names, 4-11planning name resolution strategy, 15-41

domains, DNScombining internal/external domains, 4-22 to 4-23creating internal domains, 4-20 to 4-21creating Internet domains, 4-19 to 4-20creating subdomains, 4-21defined, 4-6hierarchy, 4-7 to 4-8levels, 4-10 to 4-11overview of, 4-6 to 4-7

Domain Users, remote access policy for, 5-40DOS, 8-8 to 8-9DoS (denial-of-service) attacks, 4-50dotted decimal notation, 2-4downloads, certificate, 11-6DRAINPORT cluster, Nlb.exe, 17-25, 17-26 to 17-27DRAIN port, Nlb.exe, 7-23, 17-25, 17-26 to 17-27DRAINSTOP cluster, Nlb.exe, 7-23driver, IPSec, 12-27drives, DAT. See DAT (digital audio tape) drivesDSL (Digital Subscriber Line)

Internet connections, comparing, 3-7 to 3-8overview of, 3-9 to 3-10planning strategy for Internet connectivity, 15-18WAN technologies, 5-7

dynamic allocation, DHCP, 2-36Dynamic Host Configuration Protocol. See DHCP

(Dynamic Host Configuration Protocol)dynamic NAT, 3-27, 3-45dynamic routing

administering, 5-20defined, 2-15distance vector routing, 5-16 to 5-17link state routing, 5-17 to 5-18metrics for, 5-16overview of, 5-15, 16-4protocols for, 5-15 to 5-16routing protocol communication and, 5-18 to 5-19

dynamic updatesDNS security and, 4-55DNS servers, 15-42failed to occur, 4-62troubleshooting name resolution, 15-54

EEAP (Extensible Authentication Protocol)

defined, 16-11Questions and Answers, 16-15 to 16-16remote access and, 5-29 to 5-30

EAP-TLS (Extensible Authentication Protocol-Transport Level Security)

802.1x and, 13-21 to 13-22Questions and Answers, 18-30, 18-33

EFS (Encrypting File System)

encryption method of, 18-5PKI design and, 11-9Questions and Answers, 18-7, 18-9, 19-12, 19-14

e-mail, designing PKI for, 11-10e-mail servers, 8-4e-mail services, ISPs, 3-19 to 3-20Encapsulating Security Payload. See ESP (Encapsulating

Security Payload)Encrypted Authentication. See CHAP (Encrypted

Authentication)Encrypting File System. See EFS (Encrypting File System)encryption

password, 8-27PKI. see PKI (public key infrastructure)planning secure baseline installation, 14-10protocols providing, 12-18public key, 11-2 to 11-5, 11-33Questions and Answers, 16-14 to 16-17secret key, 11-2 to 11-3security infrastructure design and, 8-16WEP, 18-30 to 18-31, 18-33wireless traffic, 13-22 to 13-23

enrollment, certificate, 11-6, 11-19 to 11-21, 19-10Enterprise Admins, Active Directory permissions, 8-24enterprise CAs

auto-enrollment, 11-19 to 11-21defined, 19-9overview of, 11-15, 19-4Questions and Answers, 11-33, 11-34, 19-5 to 19-8,

19-11 to 19-14requesting certificates, 11-22

ephemeral port numbersdefined, 12-48overview of, 18-18packet filtering and, 12-4Questions and Answers, 18-19, 18-21

ESP (Encapsulating Security Payload)defined, 18-12IPSec and, 12-21 to 12-23Questions and Answers, 18-14, 18-16

Ethernet5-4-3 rule in design of, 1-16network interface adapter address, 7-14planning network topology, 15-12practice exercise choosing Ethernet variant, 1-23transmission speed, 1-19UTP support, 1-15variants, 1-21, 1-23, 15-13

Event Log policiesdomain controllers, 9-20planning secure baseline installation, 14-10security templates and, 10-10setting for member servers, 9-8 to 9-9

Event Viewerdata transmission security, 18-40 to 18-43DNS logging, 6-21

Event Viewer


I-8

NLB clusters, 7-22 to 7-25Questions and Answers, 17-26 to 17-27, 18-42 to 18-43viewing audit events, 9-5

Extensible Authentication Protocol. See EAP (Extensible Authentication Protocol)

Extensible Authentication Protocol-Transport Level Security. See EAP-TLS (Extensible Authentication Protocol-Transport Level Security)

external CAs, 11-5 to 11-6, 11-12external domains. See Internet domains

Ffailback, 7-2, 7-50failover

case scenario, 7-47, 7-54defined, 7-50, 17-5pairs, 7-41policies, 7-41 to 7-42Questions and Answers, 7-53ring, 7-42

Fast Ethernetadapters and hubs for, 1-20selecting Ethernet variant, 1-21transmission speed, 1-19

FC-AL (Fibre Channel arbitrated loop)illustration of, 17-18 to 17-19Questions and Answers, 17-18 to 17-19server clusters applying, 7-34, 17-15 to 17-16

FC-SW (Fibre Channel switched fabric)Questions and Answers, 17-20, 17-22server clusters applying, 7-34 to 7-35, 17-16

fiber optic cablesHDSL applied over, 3-9overview of, 1-16 to 1-17wireless networks and, 15-12

Fibre Channelcase scenario, 7-46 to 7-47, 7-53 to 7-54server clusters, 7-33 to 7-35

Fibre Channel arbitrated loop. See FC-AL (Fibre Channel arbitrated loop)

Fibre Channel switched fabric. See FC-SW (Fibre Channel switched fabric)

file and print serversconfiguring, 9-26 to 9-28planning security for, 14-16server roles, 8-4

file-based zones, 4-35file permissions

file systems, 8-19 to 8-21planning secure baseline installation, 14-11practice exercise modifying, 8-30 to 8-31security templates and, 10-10

filesbackup software and, 6-34restoring backup, 6-39 to 6-40

filter actionsdefined, 16-19Questions and Answers, 18-13 to 18-16review, 18-12

filter listsdefined, 16-19Questions and Answers, 16-20, 16-22 to 16-23,

18-13 to 18-16, 18-20, 18-22review, 18-11

filtersIPSec policies, 12-30 to 12-31in Network Monitor, 15-25

filters, Network Monitor, 6-11 to 6-12firewalls

NLB network design, 7-15packet filtering and, 12-4 to 12-5Remote Assistance, 18-24Remote Assistance and, 13-29securing registered addresses, 2-5securing registered networks, 3-24security infrastructure design and, 8-16

footprinting, DNS security, 4-50formats, magnetic tape, 6-32forwarders, DNS servers

chaining, 4-32conditional forwarding, 4-32overview of, 4-30 to 4-31planning name resolution strategy, 15-42

FQDN (fully-qualified domain name), 4-7, 4-69fractional T-1

comparing connection options, 3-7 to 3-8leased lines and, 3-10planning strategy for Internet connectivity, 15-18

frame relaycomparing connection options, 3-7 to 3-8overview of, 3-11 to 3-12planning strategy for Internet connectivity, 15-18Questions and Answers, 3-44WAN technologies, 5-8 to 5-9

full backupsjobs, 17-29 to 17-33overview of, 6-37Questions and Answers, 17-21, 17-24

full duplex communications, 7-33fully-qualified domain name (FQDN), 4-7, 4-69

Ggateways

defined, 2-14Internet access, 3-35overview of, 16-4Questions and Answers, 16-26, 16-29troubleshooting lab, 2-53, 2-64

Gigabit Ethernet, 1-19 to 1-20, 1-21

Extensible Authentication Protocol


I-9

GPOs (Group Policy Objects)account policies, 8-26audit policies, 8-29, 9-8auto-enrollment configuration, 11-19 to 11-20converting SCW policies into, 9-44defined, 14-6file and print servers, 9-27hardening servers and, 9-52links, 9-36member servers, 9-12 to 9-14multiple, 14-6planning secure baseline installation and, 8-37practice exercise creating for member servers, 9-14 to 9-16practice exercise modifying GPO for Domain Controller

container, 9-28 to 9-30Questions and Answers, 18-13Remote Assistance and, 13-26, 13-32 to 13-33, 18-24secure baseline installation and, 9-2security template deployment, 10-19 to 10-21service parameters, 9-10wireless access, 13-19 to 13-20

GPOs (Group Policy Objects), role-specificcombining GPO policies, 9-32 to 9-35deploying multiple GPOs, 9-35 to 9-37overview of, 9-32Questions and Answers, 9-54 to 9-55review, 9-37 to 9-39

Grandfather-Father-Son method, 6-39graphs, System Monitor, 6-3 to 6-6group policies. See also GPOs (Group Policy Objects)

defined, 14-6deploying security templates, 10-19 to 10-21

Group Policy Object Editor console, 18-30Group Policy Objects. See GPOs (Group Policy Objects)groups, restricted, 14-11guest accounts, security options, 9-12 to 9-13

Hhardening servers, 9-1 to 9-58

application servers, 9-28audit policies, 9-4 to 9-8baseline for member servers, 9-2baseline policies, 9-2 to 9-4case scenario, 9-47 to 9-50, 9-56 to 9-57combining GPO policies, 9-32 to 9-35configuring security, 9-12 to 9-14configuring services, 9-9 to 9-12deploying multiple GPOs, 9-35 to 9-37domain controllers, 9-19 to 9-23event log policies, 9-8 to 9-9exam highlights, 9-52file and print servers, 9-26 to 9-28infrastructure servers, 9-23 to 9-26overview of, 9-1practice exercise creating GPO, 9-14 to 9-16

practice exercise modifying GPO for Domain Controller container, 9-28 to 9-30

Questions and Answers, 9-53 to 9-58review, 9-51SCW. see SCW (Security Configuration Wizard)troubleshooting lab, 9-50, 9-57 to 9-58

hardwarebacking up, 6-31 to 6-33clustering, 7-6, 17-5, 17-20hardware compatibility in selecting operating

system, 14-22Internet connections, 3-7 to 3-12routers, 2-18server clusters, 7-31 to 7-35, 17-15 to 17-16server specifications, 8-5 to 8-6testing configuration, 10-3workstation specifications, 8-6 to 8-7

hardware addresses. See MAC (media access control)hashes, 11-3hash message authentication codes (HMACs),

18-5, 18-7, 18-9HDSL (High-bit-rate Digital Subscriber Line), 3-9 to 3-10heartbeat messages

defined, 7-19overview of, 17-16Questions and Answers, 17-20

hierarchy, CA, 11-13 to 11-14High-bit-rate Digital Subscriber Line (HDSL), 3-9 to 3-10high-level security planning, 8-13Hisecdc.inf security template, 10-14Hisecws.inf security template, 10-14HMACs (hash message authentication codes),

18-5, 18-7, 18-9hops, 16-4

distance vector routing, 5-16 to 5-17horizontal networks, 1-34 to 1-35Host (A) resource record, 4-6host groups, routing and, 5-20, 16-5host names

DNS, 4-23 to 4-24overview of, 4-5

hostsInternet domains and servers, 4-12planning name resolution strategy, 15-41

host tablesNLB clustering and, 7-14 to 7-15overview of, 4-5server clusters, 7-31

hotfixes, 13-4hot-standby server, 7-41HTTP (Hypertext Transfer Protocol), 3-25hubs

Fast Ethernet, 1-20locating connectivity devices and, 1-34Questions and Answers, 2-58

hubs


I-10

switches vs., 2-19 to 2-20troubleshooting Internet access, 3-34

Hypertext Transfer Protocol (HTTP), 3-25

IIANA (Internet Assigned Numbers Authority)

IP address classes, 2-26 to 2-27planning TCP/IP network, 15-6port numbers, 18-17, 18-19, 18-21ports and protocols and, 12-4registered IP addresses, 2-3 to 2-4unregistered IP addresses, 2-7

IAS (Internet Authentication Service), 13-21ICANN (Internet Corporation for Assigned Names and

Numbers), 4-19ICMP (Internet Control Message Protocol), 6-6, 18-17ICS (Internet Connection Sharing), 3-15ICV (integrity check value), 12-21IDE (Integrated Drive Electronics), 7-32, 8-3IEEE 802.11, 13-15 to 13-16, 18-34IEEE 802.11a standard

network layer and, 15-12overview of, 18-30Questions and Answers, 18-31, 18-33

IEEE 802.11b standarddata-link layer and, 1-17 to 1-18network layer and, 15-12performance of, 18-29Questions and Answers, 18-31, 18-33

IEEE 802.11g standard, 15-12IEEE 802.1X standard

authentication, 13-21overview of, 18-30Questions and Answers, 18-31 to 18-34

IEEE (Institute of Electrical and Electronic Engineers), 1-17 to 1-18, 13-15, 18-29

IETF (Internet Engineering Task Force)IPSec based on standards of, 12-27, 18-6Questions and Answers, 18-8, 18-10

IGMP (Internet Group Management Protocol), 16-5IIS (Internet Information Services), 7-25 to 7-26IKE (Internet Key Exchange), 12-27, 12-37, 18-40#INCLUDE extension, Lmhosts file, 4-44 to 4-45incremental backup jobs

defined, 6-48overview of, 6-37 to 6-38Questions and Answers, 17-21, 17-24, 17-29 to 17-33scheduling, 6-38 to 6-39

incremental zone transfers, 4-35 to 4-36infrastructure design, security. See security infrastructure

designinfrastructure networks

defined, 13-38overview of, 15-13Questions and Answers, 18-34

wireless topologies, 13-16 to 13-18infrastructure servers, 9-23 to 9-26

defined, 9-52DHCP security, 9-25 to 9-26DNS security, 9-24 to 9-25overview of, 9-23planning security for, 14-16server roles, 8-4

infrastructure topology802.11b and, 1-18defined, 1-42, 18-29

instances, 6-3Institute of Electrical and Electronic Engineers. See IEEE

(Institute of Electrical and Electronic Engineers)Integrated Drive Electronics (IDE), 7-32, 8-3Integrated Services Digital Network. See ISDN (Integrated

Services Digital Network)Integrity and Encryption option, IPSec, 18-12integrity check value (ICV), 12-21Integrity Only option, IPSec, 18-12interactive connectivity, Remote Assistance, 13-29intermediate CAs

defined, 19-9overview of, 11-13 to 11-14Questions and Answers, 19-12, 19-14

internal CAs, 11-5 to 11-6, 11-12 to 11-13internal domains

combining internal/external domains, 4-22 to 4-23creating, 4-20 to 4-21

internal networks. See private (internal) networksinternal root, 4-23International Organization for Standardization (ISO), 1-12International Telecommunications Union (ITU-T), 11-4Internet

accessing from private network, 2-7 to 2-11access router, 3-37planning IP addresses for, 2-11registered addresses, 2-6unregistered addresses, 2-7

Internet access, security, 3-24 to 3-33access methods, 3-30lesson review, 3-33NAT, 3-26 to 3-29practice exercises, 3-31 to 3-32proxy servers, 3-29 to 3-30requirements, 3-24 to 3-26

Internet Assigned Numbers Authority. See IANA (Internet Assigned Numbers Authority)

Internet Authentication Service (IAS), 13-21Internet communication security. See IPSec (IP Security)Internet Connection Sharing (ICS), 3-15Internet connectivity

case scenarios, 3-39 to 3-40, 3-46connection types, 3-7 to 3-12exam highlights, 3-42

Hypertext Transfer Protocol (HTTP)


I-11

ISPs, 3-17 to 3-20lesson review, 3-12 to 3-13locating network resources, 1-34 to 1-35overview of, 3-3planning strategy for, 15-17 to 15-19practice exercises, 3-12Questions and Answers, 3-43 to 3-45, 15-20 to 15-23requirements, 3-3 to 3-7router types, 3-15 to 3-16

Internet connectivity, troubleshooting, 3-34 to 3-39client configuration, 3-35 to 3-36Internet connections, 3-37lab, 3-40 to 3-41, 3-47lesson review, 3-38NAT, 3-36 to 3-37overview of, 3-45, 15-30 to 15-31problem scope, 3-34 to 3-35proxy servers, 3-36 to 3-37Questions and Answers, 15-32 to 15-35

Internet Control Message Protocol (ICMP), 6-6, 18-17Internet Corporation for Assigned Names and Numbers

(ICANN), 4-19Internet domain hosting, 3-20Internet domains

combining internal/external domains, 4-12, 4-22 to 4-23creating, 4-19 to 4-20hosting, 4-12

Internet Engineering Task Force. See IETF (Internet Engineering Task Force)

Internet Group Management Protocol (IGMP), 16-5Internet Information Services (IIS), 7-25 to 7-26Internet Key Exchange (IKE), 12-27, 12-37, 18-40Internet Protocol. See IP (Internet Protocol)Internet Service Providers. See ISPs (Internet Service

Providers)Internetwork Packet Exchange (IPX), 1-27 to 1-28,

15-13 to 15-14Interrupts/Sec performance counter, 17-11, 17-13invitations, Remote Assistance

creating, 13-27 to 13-28, 13-33defined, 18-23overview of, 13-29

IP addresses, 2-3 to 2-13, 2-35 to 2-41binary method, 2-29 to 2-30case scenario, 2-50 to 2-53, 2-62classes, 2-26 to 2-27DHCP deployment, 2-37DHCP server allocation methods, 2-36 to 2-37DHCP server installation, 2-36exam highlights, 2-54Internet access, 2-7 to 2-11, 3-6ISPs and, 3-19lesson review, 2-12, 2-40 to 2-41name resolution and, 4-3 to 4-4network addresses, 2-25

overview of, 2-11packet filtering and, 12-6planning, 15-6practice exercises, 2-12, 2-38 to 2-40, 2-56private addresses, 2-7public addresses, 2-3 to 2-6Questions and Answers, 2-56 to 2-57, 2-61subnetting. see subnet maskssubtraction method, 2-31 to 2-32TCP/IP client configuration, 2-35unregistered. see unregistered IP addresses

IP addresses, troubleshooting, 2-42 to 2-50client configuration, 2-43 to 2-47DHCP, 2-47 to 2-49exam highlights, 2-54lab, 2-53, 2-64lesson review, 2-49 to 2-50overview of, 15-36 to 15-37Questions and Answers, 15-38 to 15-41TCP/IP, 2-42 to 2-43

ipconfig /all, 4-58 to 4-59IP datagrams

defined, 2-8source IP addresses and, 4-3TCP/IP traffic and, 1-26

IP (Internet Protocol)network/transport layer protocols, 1-25planning network protocol security, 18-17System Monitor, 6-5 to 6-6

IP multicasting, 5-20 to 5-21IP packet filtering. See packet filteringIP routing, 2-14 to 2-26

case scenario, 2-50 to 2-53, 2-62exam highlights, 2-54LAN creation, 2-15 to 2-17lesson review, 2-23 to 2-24overview of, 2-14 to 2-15practice exercise, 2-22 to 2-23Questions and Answers, 2-56routers and, 2-18switches and, 2-19 to 2-22WAN creation, 2-17 to 2-18

IPSec (IP Security), 12-16 to 12-18AH protocol, 12-20 to 12-21case scenario, 12-45 to 12-46, 12-52ESP protocol, 12-21 to 12-23exam highlights, 12-47functions of, 12-18 to 12-19further reading, 18-3overview of, 18-5 to 18-6, 18-11 to 18-12PKI designed for, 11-10protocols, 12-20Questions and Answers, 12-50, 18-7 to 18-10, 19-17review, 12-25 to 12-26, 12-47tested skills/suggested practices, 18-1

IPSec (IP Security)


I-12

threat evaluation, 12-16 to 12-18transport and tunnel modes, 12-24troubleshooting lab, 12-46, 12-53

IPSec (IP Security), deployingcomponents, 12-27 to 12-28overview of, 12-27planning, 12-28policies, 12-28 to 12-31practice exercise creating new policy, 12-33 to 12-35practice exercise viewing default policies, 12-32 to 12-33Questions and Answers, 12-51review, 12-35 to 12-36

IPSec (IP Security), planning, 18-5 to 18-10further reading, 18-3overview of, 18-5 to 18-6Questions and Answers, 18-7 to 18-10tested skills/suggested practices, 18-1

IPSec (IP Security), troubleshooting, 18-40 to 18-43further reading, 18-4IP Security Monitor snap-in for, 12-38 to 12-39Network Monitor for examining traffic, 12-40 to 12-41overview of, 12-37, 18-40 to 18-41policy mismatches, 12-37 to 12-38practice exercise creating domain IPSec policy,

12-43 to 12-44practice exercise creating RSOP console, 12-41 to 12-42practice exercise performing RSOP scan, 12-42Questions and Answers, 12-51 to 12-52, 18-42 to 18-43Resultant Set of Policy snap-in for, 12-39 to 12-40review, 12-44 to 12-45tested skills/suggested practices, 18-3

IPSec policiesdefault, 16-18deploying, 12-28 to 12-31elements of, 16-19further reading, 18-4implementing, 16-19, 18-6managing, 18-11overview of, 18-11 to 18-16, 18-35practice exercise creating domain IPSec policy,

12-43 to 12-44practice exercise creating new policy, 12-33 to 12-35practice exercise viewing default, 12-32 to 12-33Questions and Answers, 16-20 to 16-23, 18-13 to 18-16,

18-36 to 18-39tested skills/suggested practices, 18-1 to 18-2troubleshooting, 12-37 to 12-38, 18-40 to 18-43

IPSec Policy Agent, 12-27IP Security Monitor snap-in

overview of, 18-40 to 18-41Questions and Answers, 18-42 to 18-43, 19-17, 19-19troubleshooting IPSec policies, 12-38 to 12-39

IP Security Policies snap-in, 16-18 to 16-19, 18-11IP spoofing, 4-50

IPX (Internetwork Packet Exchange), 1-27 to 1-28, 15-13 to 15-14

ISA Server 2000, 3-30ISDN (Integrated Services Digital Network)

Internet connections, comparing, 3-7 to 3-8overview of, 3-8 to 3-9planning strategy for Internet connectivity, 15-17Questions and Answers, 3-43 to 3-44WAN technologies, 5-7

ISO (International Organization for Standardization), 1-12ISPs (Internet Service Providers)

choosing, 3-17 to 3-18DNS servers, 3-19, 4-13e-mail services, 3-19 to 3-20frame relay, 3-12Internet domain hosting, 3-20IP addresses, 3-19leased lines, 3-10 to 3-11lesson review, 3-22 to 3-23multiple WAN support, 3-18NLB network design, 7-15obtaining addresses from, 2-3, 2-6, 2-25Questions and Answers, 3-44Web hosting, 3-20

issuing CAs. See subordinate (issuing) CAsiterative query, 4-10, 4-69ITU-T (International Telecommunications Union), 11-4

KKerberos protocol

account policy settings, 8-28Questions and Answers, 16-21, 16-23

key generation, IPSec, 12-18 to 12-19, 18-5keys, PKI, 12-17

LLAN router, 5-22LANs (local area networks)

creating, 2-15 to 2-17dedicated cluster LAN installation, 7-20IP routing, 2-14 to 2-15physical infrastructure and, 1-6practice exercise, 2-22 to 2-23Questions and Answers, 17-12, 17-14VLANs, 2-20 to 2-21

laptop computers, 18-31 to 18-32latency period, distance vector routing, 5-17layer 3 switching, 2-21LCD (liquid crystal display) flat panel monitors, 1-32leaf objects, 9-3leased lines

Internet connections, comparing, 3-7 to 3-8ISP selection and, 3-17overview of, 3-10 to 3-11planning strategy for Internet connectivity, 15-18

IPSec (IP Security), deploying


I-13

WAN technologies, 5-7lifetime, certificate, 11-16Linear Tape-Open (LTO) drives, 6-32, 17-30, 17-32 to 17-33link state database, 5-19link state routing

defined, 5-57, 16-5overview of, 5-17 to 5-18Questions and Answers, 16-6, 16-8

Linux, 8-10LLC (logical link control), 1-13Lmhosts

broadcast transmissions with, 4-42 to 4-43creating Lmhosts file, 4-43 to 4-44extensions, 4-44 to 4-45overview of, 4-15planning NetBIOS name resolution strategy, 15-48

load balancing, multiple DNS servers and, 4-28local area networks. See LANs (local area networks)local host name resolution, 4-16local policies, security templates, 10-10location, backup, 6-39 to 6-40location, network topology

geographic clusters, 7-11Internet connectivity, 3-6site clusters, 7-6

location, system bottlenecks, 6-25 to 6-27logical infrastructure, 1-7logical link control (LLC), 1-13logon

account policy settings, 8-28event auditing, 9-6security options for member servers, 9-13

logs/loggingcounter logs, 15-24DHCP, 6-19DNS, 6-21 to 6-22Network Load Balancing Manager, 7-21 to 7-22trace logs, 15-24

LTO (Linear Tape-Open) drives, 6-32, 17-30, 17-32 to 17-33

MMAC (media access control)

data-link layer and, 1-13defined, 1-42NLB and, 7-14, 7-16 to 7-17packet filtering and, 12-7Token Ring and, 1-21wireless standards, 13-15

magnetic tapesbacking up with, 6-31 to 6-33Questions and Answers, 6-50, 17-30, 17-33

majority node set clusters, 7-38manual allocation, DHCP, 2-37masquerading, NAT, 3-27, 3-45MBSA (Microsoft Baseline Security Analyzer)

downloading and installing, 13-12overview of, 13-6 to 13-8, 19-21Questions and Answers, 19-22 to 19-24security analysis with, 13-12 to 13-13version 2.0, 13-8

media access control. See MAC (media access control)media rotation, backup, 6-34, 6-39media types

bounded vs. unbounded media, 1-14 to 1-15Ethernet supported, 15-12fiber optic, 1-16 to 1-17mixing, 1-22 to 1-23UTP, 1-15

member serversbaseline for. see baseline, member serverscompared with domain controllers, 9-2

memorybottlenecks, 17-9 to 17-10monitoring performance, 6-26

mesh topology, 5-4 to 5-5metrics, routing, 5-16metrics, routing table, 16-5Microsoft

Authenticode, 11-10Certificate Services Web Enrollment Support,

11-22 to 11-24SMS (Systems Management Server), 6-8Web site. see Web site information, MicrosoftWindows 2000. see Windows 2000Windows Server 2003. see Windows Server 2003Windows Server 2003, Datacenter Edition. see Windows

Server 2003, Datacenter EditionWindows Server 2003, Enterprise Edition. see Windows

Server 2003, Enterprise EditionWindows Server 2003, Standard Edition. see Windows

Server 2003, Standard EditionWindows Update. see Windows UpdateWindows XP Home Edition. see Windows XP Home

EditionWindows XP Professional. see Windows XP Professional

Microsoft Baseline Security Analyzer. See MBSA (Microsoft Baseline Security Analyzer)

Microsoft Encrypted Authentication Version 1. See MS-CHAP (Microsoft Encrypted Authentication)

Microsoft Encrypted Authentication Version 2. See MS-CHAP v2 (Microsoft Encrypted Authentication Version 2)

MMCs (Microsoft Management Consoles)creating MMC console, 12-32 to 12-33IP Security Monitor snap-in, 12-38IP Security Policies snap-in, 12-28Performance console, 15-24practice exercise creating RSOP console, 12-41 to 12-42RSoP (Resultant Set of Policy) snap-in, 12-39 to 12-40Security Configuration and Analysis snap-in,

10-21 to 10-24

MMCs (Microsoft Management Consoles)


I-14

Security Template snap-in, 10-11 to 10-12monitoring

Network Load Balancing, 7-21 to 7-25network servers. see servers, monitoringnetwork traffic. see network traffic, monitoring

MS-CHAP (Microsoft Encrypted Authentication)defined, 16-11Questions and Answers, 16-14 to 16-15remote access authentication, 5-30

MS-CHAP v2 (Microsoft Encrypted Authentication Version 2)defined, 16-11Questions and Answers, 16-14 to 16-16remote access authentication, 5-30

multicast addresses, 2-27multicast mode, NLB

defined, 7-16 to 7-18overview of, 17-15Questions and Answers, 17-19

multicast transmissionsdefined, 16-5Questions and Answers, 16-7, 16-9routing IP multicast traffic, 5-20 to 5-21

multilayer routing, 2-21multiple-instance applications, 7-36 to 7-38mutual authentication, 18-5

NN+1 failover policy, 7-41name resolution, 4-1 to 4-79

case scenario, 4-65 to 4-67, 4-77 to 4-78DNS. see DNS (Domain Name Service)exam highlights, 4-68local host name resolution, 4-16NetBIOS. see NetBIOS (Network Basic Input/Output

System)overview of, 4-1 to 4-2planning name resolution strategy, 15-41 to 15-42Questions and Answers, 4-70 to 4-71, 15-43 to 15-46requirements, 4-3, 4-16review, 4-68, 4-70 to 4-71troubleshooting lab, 4-67 to 4-68, 4-79what it is, 4-3 to 4-4what types of names need resolving, 4-4 to 4-5

name resolution, troubleshootingclient configuration problems, 4-58 to 4-59DCDiag for checking server health, 4-60 to 4-61incorrect name resolutions, 4-61 to 4-62Internet connectivity, 3-36nonfunctioning DNS servers, 4-59 to 4-60outside failures, 4-62 to 4-63overview of, 4-58, 15-53 to 15-54Questions and Answers, 2-61, 15-55 to 15-57review, 4-64 to 4-65, 4-76 to 4-77

NAT (network address translation)defined, 2-55, 3-43

overview of, 2-7 to 2-11planning TCP/IP network, 15-6port forwarding and, 3-29proxy servers compared with, 3-30Questions and Answers, 2-56, 3-45routers, 15-18RRAS configured as, 3-31 to 3-32security, 3-28troubleshooting Internet access, 3-36 to 3-37troubleshooting Internet connectivity, 15-30types of, 3-26 to 3-27

Nbstate.exe, 17-26 to 17-27NCP (NetWare Core Protocol), 1-27NetBEUI (NetBIOS Extended User Interface) protocol

network and transport layer protocols, 15-14overview of, 1-28 to 1-29Windows OSs using for communication, 4-13

NetBIOS (Network Basic Input/Output System)computer and resource names, 4-3name cache, 4-15, 15-47NetBEUI and, 1-29overview of, 4-13 to 4-14planning name resolution strategy, 15-47 to 15-48Questions and Answers, 15-49 to 15-52requirements, 4-15review, 4-75upgrading to DNS, 4-18 to 4-19Windows mechanisms for, 4-14 to 4-15WINS deployment, 4-15 to 4-16

NetBIOS strategy, 4-42 to 4-49broadcast transmissions with Lmhosts, 4-42 to 4-45overview of, 4-42review, 4-49WINS replication, 4-45 to 4-48WINS server deployment, 4-45

NETSH, 16-25, 16-28NetWare, 8-10NetWare Core Protocol (NCP), 1-27Network Access Quarantine Control, 5-35 to 5-38

components of, 5-36 to 5-38overview of, 5-35 to 5-36remote access and, 16-12 to 16-13

network access, security options for member servers, 9-13 to 9-14

network adapters, 6-27network addresses

obtaining, 2-25 to 2-26subnetting and, 2-27 to 2-29

network address translation. See NAT (network address translation)

network administration, 13-25 to 13-35, 18-23 to 18-28further reading, 18-4practice exercise activating Remote Assistance,

13-31 to 13-33practice exercise creating Remote Assistance

invitation, 13-33

monitoring


I-15

Questions and Answers, 18-25 to 18-28Remote Assistance, 13-25 to 13-29, 18-23 to 18-24Remote Desktop, 13-29 to 13-31, 18-24review, 13-33 to 13-35, 13-40 to 13-41tested skills/suggested practices, 18-2

network communication security, 12-1 to 12-54network infrastructure

blueprint for, 1-36further reading, 15-4 to 15-5implementing, 1-9lesson review, 1-10 to 1-11logical infrastructure, 1-7maintaining, 1-9 to 1-10, 15-1overview of, 1-5 to 1-6physical infrastructure, 1-6 to 1-7planning, 1-8, 15-1skills and practices, 15-1 to 15-4TCP/IP, 15-6 to 15-7

network interface adaptersFast Ethernet, 1-20MAC configuration, 7-16 to 7-17NBL cluster deployment, 7-20NLB configuration, 7-18, 7-19 to 7-20Questions and Answers, 17-19, 17-22server cluster configuration, 7-31

Network Interface performance object, 6-27network interfaces, 6-5network layer, OSI reference model, 1-13network layer protocols

IPX (Internetwork Packet Exchange), 1-27 to 1-28lesson review, 1-29 to 1-30NetBEUI, 1-28 to 1-29overview of, 1-25, 15-13 to 15-14TCP/IP, 1-25 to 1-27

Network Load Balancing Managercase scenario, 7-46 to 7-47, 7-53 to 7-54NBL cluster deployment, 7-21overview of, 7-21 to 7-22, 17-25Questions and Answers, 7-52

Network Monitor, 6-7 to 6-12applying, 6-8 to 6-11capture and display filters, 6-11 to 6-12for examining network traffic, 12-40 to 12-41installing, 6-8, 6-13lesson review, 6-15overview of, 6-7, 15-24 to 15-25practice exercises, 6-13 to 6-14Questions and Answers, 16-26, 19-17, 19-19System Monitor compared to, 6-12troubleshooting TCP/IP routing, 16-25versions, 6-8

network resources, locatingcables, 1-33 to 1-34connectivity devices, 1-34 to 1-35criteria for, 1-31

lesson review, 1-37overview of, 1-31peripherals, 1-32servers, 1-35 to 1-36workstations, 1-31 to 1-32

network security. See securitynetwork servers. See serversnetwork topology, 1-3 to 1-47

case scenario, 1-38 to 1-40, 1-46 to 1-47chapter, 1-40 to 1-41data-link layer protocols. see data-link layer protocolsexam highlights, 1-41 to 1-42geographic clusters, 7-11network infrastructure. see network infrastructurenetwork layer protocols. see network layer protocolsnetwork resource locations. see network resources,

locatingoverview of, 1-3 to 1-4planning and modifying, 15-12 to 15-14Questions and Answers, 1-43 to 1-46, 15-15 to 15-16routing and, 2-16site clusters, 7-6transport layer protocols. see transport layer protocolswireless networks. see wireless networks

network traffic, monitoring, 6-2 to 6-15exam highlights, 6-47 to 6-48examining with Network Monitor, 12-40 to 12-41lesson review, 6-15Network Monitor, 6-7 to 6-12Performance Logs and Alerts, 6-6 to 6-7planning, 15-20, 15-24 to 15-25practice exercise, 6-13 to 6-14Questions and Answers, 6-49, 15-26 to 15-29System Monitor, 6-2 to 6-6

network updateMBSA for, 13-6 to 13-8overview of, 13-5 to 13-6practice exercise using MBSA, 13-12 to 13-13SUS, 13-9 to 13-11testing, 13-8 to 13-9WSUS, 13-11

Next Header field, AH/ESP headers, 18-19, 18-21NLB.EXE, 7-23 to 7-25, 7-52, 17-25NLB (Network Load Balancing) clusters, 7-14 to 7-29

case scenario, 7-46 to 7-47, 7-53 to 7-54deployment, 7-20 to 7-21exam highlights, 7-49 to 7-50geographically dispersed, 7-11implementing, 17-15lesson review, 7-28 to 7-29monitoring, 7-21 to 7-25networking, 7-19 to 7-20operational modes, 7-16 to 7-19overview of, 7-4 to 7-5, 17-25practice exercises, 7-25 to 7-28

NLB (Network Load Balancing) clusters


I-16

properties, 17-5Questions and Answers, 7-51 to 7-52, 17-6 to 17-7,

17-19, 17-26 to 17-27server clusters interacting with, 7-10tested skills/suggested practices, 17-2 to 17-3troubleshooting lab, 7-48, 7-54understanding, 7-14 to 7-15

nodesNetwork Load Balancing, 7-4server cluster, 7-2 to 7-3

Novell NetWare, 8-10NWLink IPX/SPX/NetBIOS Compatible Transport

Protocol, 1-27

Oobjects

auditing access to, 9-6container objects, 9-3performance objects, 15-24

octets, 2-4Online Help, Windows Server 2003

network security, 18-3planning/implementing/maintaining RRAS, 16-3

Open Shortest Path First. See OSPF (Open Shortest Path First)

Open System authenticationdefined, 18-30Questions and Answers, 18-32wireless networks, 13-20

Open Systems Interconnection. See OSI (Open Systems Interconnection)

operating systemsevaluating and selecting for enterprise, 14-22Questions and Answers, 14-23 to 14-25selecting, 8-7 to 8-8servers, 8-9 to 8-11workstations, 8-8 to 8-9

organizational units. See OUs (organizational units)OSI (Open Systems Interconnection)

Ethernet at data-link layer of, 15-12layers of, 1-13 to 1-14network and transport layer protocols, 15-13overview of, 1-12 to 1-13packet filtering and, 12-7, 18-17packets and, 12-3 to 12-4Questions and Answers, 2-59

OSPF (Open Shortest Path First)administering, 5-20compared with RIP, 5-18 to 5-19link state routing and, 5-17 to 5-18monitoring, 6-25overview of, 16-5Questions and Answers, 16-6, 16-8troubleshooting, 5-51

OUs (organizational units)

defined, 9-52GPO assignments and, 14-6GPOs for role-specific, 9-35hierarchy of, 9-34, 9-36 to 9-37multiple GPOs and, 9-33

Output Queue Length counter, 17-10, 17-11overwrite options, restoring backups, 6-39

Ppacket filtering

creating new packet filters, 12-12 to 12-13criteria for, 12-5 to 12-8further reading, 18-3Internet access regulated with, 3-25 to 3-26IPSec functions, 12-19IPSec mechanism for, 18-6overview of, 12-3 to 12-5, 18-17 to 18-18Questions and Answers, 12-49 to 12-50, 18-7, 18-9,

18-19 to 18-22review, 12-13 to 12-15RRAS, 12-10 to 12-12TCP/IP packet filtering, 12-8 to 12-9tested skills/suggested practices, 18-2Windows Firewall, 12-10Windows Server 2003, 12-8

Page Reads/Sec counter, 17-9Pages/Sec counter, 17-9PAP (Password Authentication Protocol)

defined, 16-11Questions and Answers, 16-14, 16-16remote access authentication, 5-30 to 5-31

params, Nlb.exedefined, 17-25overview of, 7-23 to 7-24Questions and Answers, 17-26 to 17-27

partitioning, 7-36, 7-37 to 7-38Password Authentication Protocol (PAP)

defined, 16-11Questions and Answers, 16-14, 16-16

passwordsaccount policy settings, 8-27Questions and Answers, 16-16 to 16-17security options for member servers, 9-13

patch panels, 1-34Pathping.exe

overview of, 16-24 to 16-25Questions and Answers, 16-26, 16-28troubleshooting TCP/IP routing, 5-46 to 5-47

PEAP-MS-CHAP v2 (Protected EAP-Microsoft Challenge Handshake Authentication Protocol, version 2), 13-22

performancemultiple DNS servers and, 4-28scaling clusters for improved, 7-7 to 7-8simulation, 19-17 to 19-18switches, routers and, 2-20

nodes


I-17

Performance consolecomponents of, 15-24locating system bottlenecks, 6-26 to 6-27overview of, 6-2, 17-9Performance Logs and Alerts, 6-6 to 6-7Questions and Answers, 17-11, 17-13, 17-26 to 17-27System Monitor, 6-2 to 6-6

performance countersadding to System Monitor display, 6-4 to 6-5DHCP, 6-19 to 6-20DNS, 6-22Interrupts/Sec, 17-13network traffic, 6-5 to 6-6Output Queue Length counter, 17-10, 17-11overview of, 6-2 to 6-3Page Reads/Sec counter, 17-9Pages/Sec counter, 17-9Processor Queue Length counter, 17-9, 17-11, 17-13Questions and Answers, 17-11system bottlenecks, 6-26 to 6-27System Monitor, 15-24WINS, 6-23

Performance Logs and Alertsdefined, 6-2monitoring network traffic, 6-6 to 6-7in Performance console, 15-24, 17-9practice exercise, 6-28 to 6-29

Performance Monitor, 19-17, 19-19performance objects

network traffic, 6-5 to 6-6overview of, 6-3RAS Port and RAS Total, 6-24system bottlenecks, 6-26 to 6-27System Monitor, 15-24

perimeter networksNBL cluster deployment, 7-20NLB network design, 7-15registered IP addresses forming, 2-6

peripherals, locating network resources, 1-32permanent connections, leased lines, 5-7permissions

Active Directory, 8-24 to 8-26file and print servers, 9-27file systems, 8-19 to 8-21planning secure baseline installation, 14-11registry, 8-23security templates and, 10-10share, 8-22

permissions, remote accessDial-In tab, 16-10profiles, 5-32remote access policies, 16-12

Permit option, 18-14, 18-16persistent connections, leased lines, 5-7PhysicalDisk performance object, 6-27

physical infrastructure, 1-6 to 1-7physical layer, OSI reference model, 1-13, 13-15 to 13-16pilot deployment

defined, 10-33overview of, 10-6 to 10-7Questions and Answers, 19-17 to 19-18selecting users for, 10-7training users and support staff, 10-7

Ping.exe tooloverview of, 16-24Questions and Answers, 16-26 to 16-27, 16-28 to 16-29troubleshooting client configuration problems,

4-58 to 4-59troubleshooting TCP/IP routing, 5-43 to 5-45

“PKI Enhancements in Windows XP Professional and Windows Server 2003” (Microsoft article), 19-2

PKI (public key infrastructure). See also certificatescase scenario, 11-29 to 11-30, 11-35certificates and, 11-4 to 11-6defined, 11-2exam highlights, 11-32external CAs, 11-5functions, 11-6 to 11-7internal CAs, 11-5keys compromised, 12-17lesson review, 11-8overview of, 19-9 to 19-10practice exercise, 11-7 to 11-8Questions and Answers, 11-33, 19-11 to 19-14secret key encryption, 11-2 to 11-3tested skills/suggested practices, 19-1 to 19-2

PKI (public key infrastructure), designing, 11-9 to 11-18CA infrastructure, 11-11 to 11-15case scenario, 11-29 to 11-30, 11-35certificate configuration, 11-16certificate requirements, 11-9 to 11-11exam highlights, 11-32lesson review, 11-17 to 11-18practice exercise, 11-16 to 11-17Questions and Answers, 11-33 to 11-34

Pointer resource record (PTR), 4-9Point-to-Point Protocol (PPP), 2-18policies. See also GPOs (Group Policy Objects)

account policies, 8-26 to 8-28auditing changes to, 9-7audit policies, 8-29 to 8-30audit policies for member servers, 9-4 to 9-8baseline policies, 9-2 to 9-4enforcing security policies, 8-17Event Log policies for member servers, 9-8 to 9-9remote access, 5-31 to 5-34service parameter configuration, 9-10

POP (Post Office Protocol), 18-13, 18-15portable workstations

computer roles, 8-5

portable workstations


I-18

hardware specifications, 8-7port filtering

exceptions, 12-10packet filtering, 3-25 to 3-26, 12-3 to 12-4by port number, 12-6Questions and Answers, 3-44

port forwarding, 3-29port numbers

ephemeral, 18-18 to 18-19IANA Port Numbers online database, 18-17Questions and Answers, 18-19 to 18-22well-known, 18-17 to 18-19, 18-21

ports, RRAS monitoring, 6-24Port Status dialog box, RRAS console, 6-24 to 6-25Post Office Protocol (POP), 18-13, 18-15Post-Setup Security Updates (PSSU), 12-28PPP (Point-to-Point Protocol), 2-18predefined security templates, 10-13 to 10-14#PRE extension, Lmhosts file, 4-44preferred DNS server, 15-36presentation layer (syntax layer), OSI reference model, 1-13primary zone, DNS zones, 4-34printers, locating peripherals, 1-32Print Spooler service, 9-27PRI (Primary Rate Interface), ISDN, 3-7 to 3-8private (internal) networks

accessing Internet from, 2-7 to 2-11IP addresses, 2-7Questions and Answers, 16-20 to 16-23secure access between, 16-2 to 16-3splitting into multiple LANs, 2-15

private keys, 11-2 to 11-3, 11-33privileges, user rights, 9-7processes, auditing, 9-7Processor Queue Length counter, 17-9, 17-11, 17-13processors

bottlenecks, 17-9CAs (certification authorities), 11-13, 11-33hardware specifications, 8-6performance, 6-26Questions and Answers, 17-11

% Processor time, 17-9, 17-11, 17-13profiles, remote access, 5-32 to 5-33, 16-12program exceptions, packet filtering, 12-10promiscuous mode, 6-8, 6-48Protocol field, IP header, 18-17, 18-19, 18-21protocols

data-link layer. see data-link layer protocolsnetwork layer. see network layer protocolsOSI reference model and, 12-3 to 12-4packet filtering by protocol identifiers, 12-6, 12-9routing. see routing protocolstransport layer. see transport layer protocols

protocols, IPSecAH, 12-20 to 12-21

ESP, 12-21 to 12-23overview of, 12-20

proxy serversdefined, 2-55, 3-43Internet access regulated with, 3-26Internet access troubleshooting, 3-36 to 3-37NAT vs., 3-30overview of, 2-9 to 2-11planning strategy for Internet connectivity, 15-18 to 15-19planning TCP/IP network, 15-6Questions and Answers, 2-56security capabilities of, 3-29 to 3-30troubleshooting Internet connectivity, 15-30

PSSU (Post-Setup Security Updates), 12-28PTR (Pointer resource record), 4-9public key encryption, 11-2 to 11-5, 11-33public key infrastructure. See PKI (public key

infrastructure)public network addresses, 2-3 to 2-6pull partner, WINS, 4-45 to 4-46, 15-48push partner, WINS, 4-45, 15-48

QQIC (quarter-inch cartridge) drives, 6-32quads, 2-4quarantine control, 5-35 to 5-38, 16-12 to 16-13quarter-inch cartridge (QIC) drives, 6-32queries

DNS, 4-10Nlb.exe, 7-24, 17-25recursive, 4-10, 4-69

QUERYPORT cluster, NLB.EXE, 17-25, 17-26 to 17-27QUERYPORT port, NLB.EXE, 7-24quorum resources

cluster node backups, 17-16defined, 7-50overview of, 7-38 to 7-39Questions and Answers, 17-20, 17-24

RRADIUS (Remote Authentication Dial-In User Service)

802.1x and, 13-21authentication, 5-28 to 5-29overview of, 16-12Questions and Answers, 16-15, 16-17

RAID (redundant array of independent disks), 7-2, 17-12, 17-14

RAM (random access memory), 8-6Random, failover policy, 7-42RAS Total performance object, 6-24recursive query, 4-10, 4-69redirection, DNS security, 4-51redundancy

backup software and, 6-36DNS security and, 4-51 to 4-52

port filtering


I-19

multiple DNS servers and, 4-28redundant array of independent disks (RAID),

7-2, 17-12, 17-14referrals, DNS servers, 4-7registered IP addresses

obtaining, 2-25overview of, 2-3 to 2-6planning, 2-11 to 2-12planning TCP/IP network, 15-6Questions and Answers, 2-56, 3-43security and, 3-24

registration, domain name, 4-19registry permissions

overview of, 8-23planning secure baseline installation, 14-11security templates and, 10-10

remote accessauthentication, 5-27 to 5-31dial-in properties, 5-26 to 5-27overview of, 5-25practice exercise creating remote access policies,

5-39 to 5-41practice exercise installing RRAS server, 5-38 to 5-39quarantine control, 5-35 to 5-38review, 5-41 to 5-42, 5-59security requirements for, 5-25

remote access policies, 5-31 to 5-34components, 5-31 to 5-33, 16-12creating, 5-33 to 5-34overview of, 5-31, 16-12practice exercise creating, 5-39 to 5-41Questions and Answers, 16-14 to 16-17

remote access profiles, 5-32 to 5-33, 16-12Remote Access Quarantine Service (Rqs.exe), 5-37remote access servers, 5-38 to 5-39, 16-10 to 16-11remote agents, backup software and, 6-34Remote Assistance, 13-25 to 13-29

creating an invitation, 13-27 to 13-28overview of, 13-25, 18-23 to 18-24practice exercise activating, 13-31 to 13-33practice exercise creating invitation, 13-33Questions and Answers, 18-25 to 18-28reasons for using, 13-25 to 13-27securing, 13-29

Remote Authentication Dial-In User Service. See RADIUS (Remote Authentication Dial-In User Service)

Remote Desktop, 13-29 to 13-31activating, 13-30 to 13-31client, 13-31overview of, 13-29 to 13-30, 18-24Questions and Answers, 18-25 to 18-28

renewal policies, certificates, 11-16replay prevention, 12-19, 18-6replication

Network Load Balancing and, 7-4

WINS monitoring with, 6-22 to 6-23Request Security IPSec policy. See Server (Request

Security) IPSec policyRequire Security IPSec policy. See Secure Server (Require

Security) IPSec policyreservations, DHCP, 2-37resolvers, DNS, 4-5, 4-69resource groups, 7-40resource records

DNS, 4-6practice exercise creating, 4-39troubleshooting name resolution, 15-53

Respond Only IPSec policy. See Client (Respond Only) IPSec policy

restoresbackup software and, 6-33performing, 6-39 to 6-40practice exercise, 6-43

restricted groups, 10-10Resultant Set of Policy. See RSoP (Resultant Set of Policy)reverse name resolution, DNS, 4-8 to 4-9revoked certificates, 11-24 to 11-25ring topology, 5-5 to 5-6RIP (Routing Information Protocol)

administering, 5-20compared with OSPG, 5-18 to 5-19distance vector routing and, 5-16 to 5-17monitoring, 6-25overview of, 16-5practice exercise installing, 5-22 to 5-23Questions and Answers, 16-6 to 16-9troubleshooting, 5-50 to 5-51

rollback procedure, 10-8, 10-33root CAs

CA hierarchy, 11-13 to 11-14defined, 19-9 to 19-10Questions and Answers, 11-34, 19-11 to 19-14

root hints, 4-62 to 4-63root name servers, 4-7Rootsec.inf security template, 10-14round robin technique, 7-11route cost value, link state routing, 5-18Route.exe

defining, 16-24Questions and Answers, 16-26, 16-28troubleshooting with, 5-48 to 5-49

routerscase scenario, 2-50 to 2-53, 2-62choosing type, 3-15 to 3-16defined, 16-4isolating router problems, 5-43lesson review, 3-22 to 3-23NAT (network address translation), 15-18overview of, 2-18packet filtering and, 12-4 to 12-5

routers


I-20

performance and, 2-20planning TCP/IP network, 15-6practice exercise configuring RRAS as LAN router, 5-22Questions and Answers, 2-58 to 2-59, 3-44selecting, 5-12switching combined with, 2-20 to 2-21troubleshooting Internet connectivity, 15-30Windows Server 2003 router configuration, 3-21 to 3-22

routingdefining, 2-8distance vector routing, 5-16 to 5-17dynamic routing, 5-15IP. see IP routingIP multicasting, 5-20 to 5-21link state routing, 5-17 to 5-18metrics, 5-16NAT, 2-8 to 2-9options, 5-12practice exercise configuring RRAS as LAN router, 5-22practice exercise disabling RRAS, 5-23practice exercise installing RIP, 5-22 to 5-23protocol administration, 5-20protocol communications, 5-18 to 5-19protocols, 5-15 to 5-16review, 5-24, 5-58 to 5-59router selection, 5-12static routing, 5-12 to 5-14troubleshooting TCP/IP routing. see TCP/IP routing,

troubleshootingRouting and Remote Access console, 6-23 to 6-25Routing and Remote Access Service. See RRAS (Routing

and Remote Access Service)Routing Information Protocol. See RIP (Routing

Information Protocol)routing protocols

administering, 5-20communications, 5-18 to 5-19dynamic, 16-4Questions and Answers, 16-6 to 16-7, 16-8 to 16-9selecting, 5-15 to 5-16troubleshooting, 5-49 to 5-50

routing tablesdefined, 2-14 to 2-15modifying, 5-13 to 5-14overview of, 16-4troubleshooting, 5-48

Rqs.exe (Remote Access Quarantine Service), 5-37RRAS routing

further reading, 16-2planning strategy, 16-4 to 16-9tested skills/suggested practices, 16-1troubleshooting TCP/IP, 16-24 to 16-29

RRAS (Routing and Remote Access Service), 5-1 to 5-62access control with dial-in properties, 5-26 to 5-27authentication, 5-27 to 5-31case scenario, 5-53 to 5-54, 5-60 to 5-61

configuring, 3-21 to 3-22, 3-31 to 3-32dial-on-demand connections, 5-7 to 5-8disabling, 3-22, 3-32distance vector routing, 5-16 to 5-17dynamic routing, 5-15exam highlights, 5-54 to 5-55frame relay, 5-8 to 5-9further reading, 16-2 to 16-3IP multicasting, 5-20 to 5-21leased lines, 5-7link state routing, 5-17 to 5-18Network Access Quarantine Control, 5-35 to 5-38overview of, 5-1 to 5-2packet filtering, 12-10 to 12-12planning/implementing/maintaining, 16-1 to 16-29planning strategy for, 5-3practice exercise configuring RRAS as LAN router, 5-22practice exercise disabling RRAS, 5-23practice exercise installing RIP, 5-22 to 5-23Questions and Answers, 5-58 to 5-62remote access, 5-25remote access policies, 5-31 to 5-34review, 5-55 to 5-56router selection, 5-12routing metrics, 5-16routing options, 5-12routing protocol administration, 5-20routing protocol communications, 5-18 to 5-19routing protocols, 5-15 to 5-16routing strategy, 16-4 to 16-9secure access between private networks, 16-18 to 16-23security for users, 16-10 to 16-16security requirements for remote access, 5-25selecting WAN topology, 5-7static routing, 5-12 to 5-14tested skills/suggested practices, 16-1 to 16-2troubleshooting lab, 5-54 to 5-55, 5-61 to 5-62VPNs, 5-9 to 5-10WAN topology options, 5-3 to 5-6

RRAS security, 16-18 to 16-23further reading, 16-3overview of, 16-10 to 16-12Questions and Answers, 16-14 to 16-17tested skills/suggested practices, 16-2

RRAS, troubleshootingconfiguration, 5-47 to 5-48OSPF, 5-51Questions and Answers, 16-26 to 16-29review, 5-52 to 5-53RIP, 5-50 to 5-51routing protocols, 5-49 to 5-50routing table, 5-48static routing, 5-48 to 5-49TCP/IP, 16-3, 16-24 to 16-29tested skills/suggested practices, 16-2

routing


I-21

troubleshooting TCP/IP routing. see TCP/IP routing, troubleshooting

RSoP (Resultant Set of Policy), 12-39 to 12-40overview of, 18-41practice exercise creating RSOP console, 12-41 to 12-42practice exercise performing scan, 12-42Questions and Answers, 18-42 to 18-43

rulesdefined, 16-19IPSec policies, 12-30overview of, 18-11Questions and Answers, 18-14

SSANs (storage area networks), 7-11, 7-31SA (security association), 12-21, 12-23scalability, 7-5, 7-7 to 7-8scheduling, backups, 6-34, 6-38 to 6-39scopes

DHCP deployment, 2-37monitoring, 6-17practice exercises, 2-38 to 2-40troubleshooting lab, 2-53, 2-64

SCSI (Small Computer System Interface)case scenario, 7-46 to 7-47, 7-53 to 7-54Questions and Answers, 17-20server clusters using, 7-32 to 7-33, 17-15servers and, 8-3

SCW (Security Configuration Wizard)components of, 9-41 to 9-42converting SCW security policies into GPOs, 9-44creating security policies, 9-43 to 9-44deploying, 9-40deploying security templates, 10-25 to 10-26, 14-17planning secure baseline installation, 8-30practice exercise deploying SCW security policies,

9-44 to 9-47Questions and Answers, 9-55review, 9-47

secedit.exe, 10-24 to 10-25, 14-17secondary zones, DNS, 4-34, 15-42secret key encryption, 11-2 to 11-3secure baseline installation. See baseline, planning secure

installationSecuredc.inf security template, 10-14secure dynamic updates, DNS servers, 15-42Secure Hash Algorithm 1 (SHA1), 18-14, 18-16Secure Server (Require Security) IPSec policy

defined, 16-18overview of, 18-35Questions and Answers, 16-20, 16-22, 18-7, 18-9, 18-13,

18-15, 18-36 to 18-39Secure Sockets Layer (SSL), 12-18Securews.inf security template, 10-14Securing Windows 2000 Server (Microsoft Corporation),

19-3

securitycertificates, 11-10 to 11-11configuring for member servers, 9-12 to 9-14design team, 8-13 to 8-14DNS. see DNS securityhigher-level CAs, 11-14implementation, 8-16 to 8-17Internet connectivity. see Internet access, securityIPSec. see IPSec (IP Security)life cycles, 8-14, 19-15 to 19-16NAT/proxy servers and, 2-10 to 2-11network infrastructure and, 1-8Network Monitor and, 6-7ongoing management, 8-17operating systems and, 8-8, 14-22registered addresses and, 2-5remote access requirements, 5-25remote access users, 16-10 to 16-16server. see servers, role-basedwireless networks and, 1-19

security association (SA), 12-21, 12-23Security Configuration and Analysis snap-in, 10-21 to 10-24

changing security settings, 10-24deploying security templates, 14-17overview of, 10-21practice exercise using, 10-26 to 10-28Questions and Answers, 19-22, 19-24system analysis, 10-22 to 10-23, 10-27 to 10-28

security configurationsadministration methods. see administration, networkfurther reading, 18-3 to 18-4tested skills/suggested practices, 18-1 to 18-3

security configurations, deploying, 10-1 to 10-37case scenario, 10-29 to 10-31, 10-35 to 10-36exam highlights, 10-33overview of, 10-1Questions and Answers, 10-34 to 10-35review, 10-32 to 10-33security template deployment. see security templates,

deployingsecurity templates. see security templatestesting. see testing configuration settingstroubleshooting lab, 10-31 to 10-32, 10-36 to 10-37

Security Configuration Wizard. See SCW (Security Configuration Wizard)

security infrastructure design, 13-1 to 13-42case scenario, 13-35 to 13-36, 13-41 to 13-42certificate publication, 19-4 to 19-8exam highlights, 13-37framework, 19-2 to 19-3, 19-15 to 19-19further reading, 19-2 to 19-3network administration. see network administrationoverview of, 13-1 to 13-2PKI, 19-9 to 19-14Questions and Answers, 13-39 to 13-42review, 13-37 to 13-38

security infrastructure design


I-22

secure baseline installation and, 8-15 to 8-16tested skills/suggested practices, 19-1 to 19-2troubleshooting lab, 13-36, 13-42update infrastructure. see security update infrastructurewireless networks. see wireless networks, securing

Security logs, Event Viewer, 18-40 to 18-43, 19-17 to 19-18security planning

high-level, 8-13infrastructure design, 8-15 to 8-16review, 8-17 to 8-18, 8-38 to 8-39security design team, 8-13 to 8-14security life cycles, 8-14

security policiesconverting SCW security policies into GPOs, 9-44creating SCW security policies, 9-43 to 9-44practice exercise deploying SCW security policies,

9-44 to 9-47security settings

account policies, 8-26 to 8-28Active Directory permissions, 8-24 to 8-26audit policies, 8-29 to 8-30file system permissions, 8-19 to 8-21practice exercise creating share permissions, 8-31practice exercise modifying account policies,

8-31 to 8-33practice exercise modifying file permissions, 8-30 to 8-31registry permissions, 8-23review, 8-33 to 8-34, 8-39Security Configuration Wizard, 8-30share permissions, 8-22

security templatesconsole for, 10-11 to 10-12defined, 10-10, 10-33functions of, 14-17modifying existing template, 10-15 to 10-17overview of, 10-10 to 10-11practice exercise using Security Template snap-in,

10-15 to 10-17predefined, 10-13 to 10-14review, 10-17 to 10-18

security templates, deployinggroup policies for, 10-19 to 10-21overview of, 10-19practice exercise using Security Analysis snap-in,

10-26 to 10-28review, 10-28 to 10-29secedit.exe for deploying, 10-24 to 10-25Security Configuration and Analysis snap-in,

10-21 to 10-24Security Configuration Wizard (SCW) for, 10-25 to 10-26

Security Template snap-inpractice exercise using, 10-15 to 10-17working with security templates, 10-11 to 10-12

security update infrastructuredownloading and installing MBSA, 13-12Microsoft Baseline Security Analyzer and, 13-6 to 13-8

network update, 13-5 to 13-6review, 13-13 to 13-14, 13-39security analysis with MBSA, 13-12 to 13-13software update and, 13-3 to 13-4Software Update Services, 13-9 to 13-10testing updates, 13-8 to 13-9Windows Server Update Services, 13-11 to 13-12Windows Update, 13-4 to 13-5

Sequenced Packet Exchange (SPX), 1-27 to 1-28sequence numbers, 18-7, 18-9server clusters

application deployment, 7-35 to 7-38backup and recovery strategy, 17-28 to 17-33bottlenecks, 17-9 to 17-14case scenario, 7-46 to 7-47, 7-53 to 7-54creating, 7-39 to 7-41deployment design, 7-30 to 7-31exam highlights, 7-49 to 7-50failover policies, 7-41 to 7-42further reading, 17-3 to 17-4geographically dispersed, 7-11hardware configuration, 7-31 to 7-35, 17-15 to 17-16implementing, 17-15 to 17-24lesson review, 7-45overview of, 7-2 to 7-4planning, 17-5 to 17-8practice exercise, 7-42 to 7-44properties, 17-5Questions and Answers, 7-51, 7-52 to 7-53,

17-18 to 17-24quorum model selection, 7-38 to 7-39tested skills/suggested practices, 17-1 to 17-3

server maintenancebackups. see backupscase scenario, 6-44 to 6-45, 6-50 to 6-51exam highlights, 6-47 to 6-48monitoring network servers. see servers, monitoringmonitoring network traffic. see network traffic,

monitoringQuestions and Answers, 6-49 to 6-50troubleshooting lab, 6-45 to 6-46, 6-51

Server (Request Security) IPSec policydefined, 16-18 to 16-19overview of, 18-35Questions and Answers, 16-20, 16-22, 18-36 to 18-39

serversbaseline for member servers. see baseline, member

serversDNS. see DNS servershardening. see hardening servershardware specifications, 8-5 to 8-6locating network resources, 1-35 to 1-36operating systems, 8-9 to 8-11roles, 8-3 to 8-4, 14-3 to 14-26troubleshooting lab, 6-45 to 6-46, 6-51WINS. see WINS servers

Security logs, Event Viewer


I-23

servers, monitoring, 6-16 to 6-30DHCP, 6-17 to 6-20DNS, 6-20 to 6-22exam highlights, 6-47 to 6-48keeping services running, 6-16 to 6-17lesson review, 6-30locating system bottlenecks, 6-25 to 6-27practice exercise, 6-28 to 6-29Questions and Answers, 6-49 to 6-50RRAS, 6-23 to 6-25WINS, 6-22 to 6-23

servers, role-basedapplication servers, 9-28configuring security for, 14-6domain controllers, 9-19 to 9-23file and print servers, 9-26 to 9-28infrastructure servers, 9-23 to 9-26planning security for, 14-16 to 14-17practice exercise modifying GPO for Domain Controller

container, 9-28 to 9-30Questions and Answers, 9-54, 14-7 to 14-9,

14-18 to 14-21review, 9-28 to 9-31

service-dependent filtering, 12-48Service Location (SRV), 4-12service packs

software update and, 13-3 to 13-4Windows Server 2003 SP1, 9-40

servicesconfiguring for member servers, 9-9 to 9-12domain controllers, 9-23planning secure baseline installation, 14-10Windows Server 2003, 1-8

Services console, 6-16 to 6-17Services file, 18-17 to 18-18session layer, OSI reference model, 1-13Setup Security.inf, 10-13SHA1 (Secure Hash Algorithm 1), 18-14, 18-16Shared Key authentication

defined, 18-30Questions and Answers, 18-31, 18-34wireless networks, 13-20 to 13-21

share permissions, 8-22practice exercise creating, 8-31

Shiva Password Authentication Protocol (SPAP), 5-30, 16-11

shutdownsecurity options for member servers, 9-14user rights and, 9-22

signatures, digital, 11-3, 11-9single-instance applications, 7-35, 7-36single-node clusters, 7-38, 7-42 to 7-44single-quorum device clusters, 7-38sites, multiple GPOs and, 9-33Small Computer System Interface. See SCSI (Small

Computer System Interface)smart cards

designing PKI for, 11-10enterprise CAs required by, 11-15overview of, 19-10Questions and Answers, 16-21, 16-23, 19-11

SMS (Systems Management Server), 6-8software

backup, 6-33 to 6-35, 17-28certificates encountered when downloading, 11-6clustering and, 7-5configuration testing, 10-3digital signatures and, 11-10IP address and subnet calculation, 2-29routers, 2-18update practices, 13-3 to 13-4

Software Update Services. See SUS (Software Update Services)

Source Port field, TCP/UDP headers, 18-17, 18-19, 18-21SPAP (Shiva Password Authentication Protocol), 5-30, 16-11special identities, 8-21, 8-37spoofing, 12-7, 12-17, 12-48SPX (Sequenced Packet Exchange), 1-27 to 1-28SRV (Service Location), 4-12SSL (Secure Sockets Layer), 12-18stand-alone CAs

enterprise CAs compared to, 19-4manual certificate enrollment, 11-21overview of, 11-15, 19-9Questions and Answers, 11-34, 19-6, 19-8, 19-11, 19-13

standards, wireless, 13-15 to 13-16star topology

UTP and, 1-15WAN topologies, 5-6

stateful applications, 7-2, 7-50. See also server clustersstateful packet inspection, 3-28, 3-42stateless applications, 7-4, 7-50static NAT, 3-26, 3-45static routing

compared with dynamic routing, 5-12 to 5-13defined, 2-15overview of, 16-4troubleshooting, 5-48 to 5-49

storage area networks (SANs), 7-11, 7-31storage subsystem

bottlenecks, 17-10monitoring performance, 6-27Questions and Answers, 17-12

stub zones, DNS, 4-34subdomains. See also domains, DNS

combining internal/external domains, 4-22 to 4-23creating, 4-21DNS, 4-38 to 4-39planning name resolution strategy, 15-42

subnet maskscalculating, 2-30 to 2-31case scenario, 2-50 to 2-53, 2-62exam highlights, 2-54IP address classes, 2-26 to 2-27

subnet masks


I-24

lesson review, 2-33 to 2-34obtaining, 2-25overview of, 2-27 to 2-29practice exercise, 2-32 to 2-33, 2-59 to 2-60Questions and Answers, 2-60troubleshooting IP addressing, 15-36VLANs creating, 2-21

subordinate (issuing) CAsCA hierarchy, 11-13 to 11-14defined, 19-9 to 19-10Questions and Answers, 19-11 to 19-14

subtraction method, 2-31 to 2-32support

application compatibility in selecting operating system, 8-8

personnel, 3-35pilot deployment and, 10-8Remote Assistance, 13-25selecting operating system, 14-22training staff, 10-7

SUS (Software Update Services)overview of, 13-9 to 13-10, 19-21Questions and Answers, 19-22 to 19-24

switchesoverview of, 2-19 to 2-20planning TCP/IP network, 15-6Questions and Answers, 2-59routing combined with, 2-20 to 2-22

switching hubs, 2-19synchronization server, SUS, 13-9 to 13-10system

analysis, 10-22 to 10-23events, 9-7logs, 17-25services, 10-10

System Monitor, 6-2 to 6-6defined, 6-2lesson review, 6-15Network Monitor compared with, 6-12network traffic monitoring, 6-5 to 6-6in Performance console, 15-24, 17-9practice exercise, 6-29Questions and Answers, 17-11, 17-13, 19-17, 19-19statistics, 6-2 to 6-3troubleshooting lab, 6-45 to 6-46, 6-51using, 6-3 to 6-5

Systems Management Server (SMS), 6-8System State object, 17-20, 17-23

TT-1 connection

comparing connection options, 3-7 to 3-8overview of, 3-10planning strategy for Internet connectivity, 15-18Questions and Answers, 3-43

troubleshooting lab, 3-40 to 3-41WAN technologies, 5-7

T-3 connectioncomparing connection options, 3-7 to 3-8leased line, 3-10planning strategy for Internet connectivity, 15-18Questions and Answers, 3-43

tape libraries, 6-32 to 6-33TCP/IP Information window, RRAS, 6-25TCP/IP packet filtering, 12-8 to 12-9TCP/IP routing, troubleshooting, 5-43 to 5-53

isolating router problems, 5-43overview of, 5-43PATHPING, 5-46 to 5-47PING, 5-43 to 5-45review, 5-60TRACERT, 5-45 to 5-46

TCP/IP (Transmission Control Protocol/Internet Protocol)case scenario, 2-50 to 2-53client configuration manually, 2-35client configuration with DHCP, 2-37exam highlights, 2-54IP addresses. see IP addressesIP routing. see IP routingnetwork and transport layer protocols, 15-13overview of, 1-25 to 1-27planning TCP/IP network, 15-6 to 15-7Questions and Answers, 2-56 to 2-60, 15-8 to 15-11subnetting. see subnet maskstroubleshooting IP addressing. see IP addresses,

troubleshootingtroubleshooting IP routing, 16-24 to 16-29troubleshooting lab, 2-53

TCP (Transmission Control Protocol)connection-oriented protocols, 1-26planning network protocol security, 18-17ports, 18-13, 18-15in TCP/IP suite, 1-25

technical support. See supportTerminal Services, 18-24test cases, 10-3 to 10-4testing

environment for, 10-2NBL clusters, 7-28network update, 13-8 to 13-9restores, 6-40update releases, 19-20updates, 13-5

testing configuration settingsconducting tests, 10-5 to 10-6creating testing environment, 10-2creating test plan, 10-2 to 10-3evaluating test results, 10-6overview of, 10-2pilot deployment, 10-6 to 10-7

subordinate (issuing) CAs


I-25

review, 10-8 to 10-9technical support and rollback procedures, 10-8test cases, 10-3 to 10-4test lab, 10-4WAN testing, 10-5

test labs, 10-4test plans, 10-2 to 10-3threats

DNS security, 4-50 to 4-51IPSec for evaluating, 12-16 to 12-18wireless networks, 13-18

ticket-granting-ticket (TGT), Kerberos, 8-28token passing, 1-22Token Ring

overview of, 1-21 to 1-22UTP support, 1-15

topologiesdefined, 13-16network. see network topologyWANs, 5-3 to 5-7wireless, 13-16 to 13-18

trace logs, Performance Logs and Alertsoverview of, 6-7, 15-24Questions and Answers, 17-11, 17-13

Tracert.exeoverview of, 16-24Questions and Answers, 16-26 to 16-27, 16-28 to 16-29troubleshooting TCP/IP routing, 5-45 to 5-46viewing list of routers with, 2-15

trainingRemote Assistance and, 13-26users and support staff in pilot deployment, 10-7

Transmission Control Protocol. See TCP (Transmission Control Protocol)

Transmission Control Protocol/Internet Protocol. See TCP/IP (Transmission Control Protocol/Internet Protocol)

transmission speedsdata-link layer protocols, 1-19 to 1-21Internet connections, 3-7 to 3-8WAN connections, 3-12

transport layer, OSI reference model, 1-13transport layer protocols

IPX (Internetwork Packet Exchange), 1-27 to 1-28lesson review, 1-29 to 1-30NetBEUI, 1-28 to 1-29overview of, 1-25, 15-13 to 15-14TCP/IP, 1-25 to 1-27

transport mode, IPSec (IP Security), 12-24transport mode packets, IPSec

Questions and Answers, 18-7, 18-9rules for, 18-11

Triple-Data Encryption Standard (3DES) algorithm, 18-14, 18-16

Trojan horses, 2-11

trust relationships, 11-11 to 11-12tunnel mode packets, IPSec

Questions and Answers, 16-20, 16-22 to 16-23, 18-7, 18-9, 18-14, 18-16

rules for, 18-11tunnel modes, IPSec, 12-24

UUDP (User Datagram Protocol)

as connectionless protocol, 1-26planning network protocol security, 18-17transport layer protocols, 1-25 to 1-26version 4, 6-6

UI (user interface), SCW (Security Configuration Wizard), 9-41

unauthorized users, wireless networks, 13-18unbounded media, compared with bounded media,

1-14 to 1-15unicast mode

NLB, 7-16 to 7-18overview of, 17-15Questions and Answers, 17-19, 17-23

Uniform Resource Locators (URLs), 4-3UNIX, 8-10, 18-8unregistered IP addresses

overview of, 2-7planning, 2-11 to 2-12planning TCP/IP network, 15-6Questions and Answers, 2-56, 2-57security and, 3-24 to 3-25

unshielded twisted pair. See UTP (unshielded twisted pair)update infrastructure. See security update infrastructure

further reading, 19-3overview of, 19-20 to 19-21Questions and Answers, 19-22 to 19-24tested skills/suggested practices, 19-2

URLs (Uniform Resource Locators), 4-3User Datagram Protocol. See UDP (User Datagram

Protocol)user interface (UI), SCW (Security Configuration Wizard),

9-41user rights

assigning, 9-21 to 9-22planning secure baseline installation, 14-10

users, Internet connectivity requirements, 3-3 to 3-6, 3-25 to 3-26

% User time, 17-13% User time counter, 17-11UTP (unshielded twisted pair)

cable run limits and, 1-34Category 5 cable, 1-20comparing media types, 1-15overview of, 15-12

UTP (unshielded twisted pair)


I-26

VVerify Caller ID, 16-10virtual LANs (VLANs), 2-20 to 2-21virtual network adapter, 7-14virtual private networks. See VPNs (virtual private

networks)VLANs (virtual LANs), 2-20 to 2-21volume shadow copy

overview of, 6-40 to 6-41, 17-29Questions and Answers, 17-21, 17-24, 17-30

VPNs (virtual private networks)bandwidth consumption, 3-5defined, 16-10WAN technologies, 5-9 to 5-10

WWANs (wide area networks)

dial-on-demand connections, 5-7 to 5-8frame relay, 5-8 to 5-9Internet access through, 3-3ISPs providing multiple WAN support, 3-18leased lines, 5-7physical infrastructure and, 1-6Questions and Answers, 3-43reducing WAN traffic, 4-28 to 4-29review, 5-10 to 5-11, 5-58routers connecting LANs to, 2-17 to 2-18RRAS technologies, 16-17selecting topology for, 5-3 to 5-6technologies, 3-7 to 3-12testing, 10-5topology options, 5-3 to 5-6transmission speeds, 3-12VPNs, 5-9 to 5-10

Web Enrollment Support interface, Certificate Servicesoverview of, 11-22 to 11-24practice exercises, 11-25 to 11-27Questions and Answers, 19-5, 19-7, 19-12

Web hosting, 3-20Web servers, 8-4Web site information, Microsoft

network security, 18-3 to 18-4RRAS, 16-2 to 16-3secure baseline installations, 19-3Software Update Services, 19-3

well-known port numbersoverview of, 18-17 to 18-18packet filtering and, 12-4Questions and Answers, 18-13, 18-15, 18-19, 18-21

WEP (Wired Equivalent Privacy) encryptionoverview of, 18-30Questions and Answers, 18-31, 18-33wireless networks, 13-22

Wild Packets IP Calculator, 2-29

Windows 2000Advanced Server, 7-8Datacenter Server, 7-8Professional, 18-26, 18-28Server, 18-26, 18-28

Windows Firewall, 12-10Windows Internet Name Service. See WINS (Windows

Internet Name Service)Windows Load Balancing Service. See WLBS (Windows

Load Balancing Service)Windows OSs

choosing workstation operating systems, 8-8 to 8-9file system permissions, 8-19 to 8-21NetBIOS name resolution and, 4-3, 4-14 to 4-15

Windows Server 2003Certificate Services. see Certificate ServicesNLB and, 7-20online help. see Online Help, Windows Server 2003packet filtering options, 12-8Questions and Answers, 18-26, 18-28RRAS packet filtering, 12-10 to 12-11server clustering, 7-4services, 1-8TCP/IP packet filtering, 12-8 to 12-9versions, 8-10Windows Firewall packet filtering, 12-10

Windows Server 2003, Datacenter Editionclustering, 17-5cluster scalability, 7-8NLB clusters, 7-5Questions and Answers, 17-6, 17-8server clustering, 7-3 to 7-4

Windows Server 2003, Enterprise Editionclustering, 17-5cluster scalability, 7-8NLB clusters, 7-5Questions and Answers, 17-6, 17-8server clustering, 7-3 to 7-4

Windows Server 2003, Standard Editioncluster scalability, 7-8hosting clustering, 17-5NLB clusters, 7-5Questions and Answers, 17-6, 17-8server clustering, 7-4

Windows Server Update Services (WSUS), 13-11 to 13-12Windows Update, 13-4 to 13-5, 19-22, 19-24Windows Update server, 13-10Windows XP Home Edition, 18-26, 18-28Windows XP Professional, 17-6, 17-8, 18-26, 18-28WINS servers

deployment, 4-45monitoring, 6-22 to 6-23practice exercise installing, 4-48 to 4-49replication, 4-45 to 4-48

WINS (Windows Internet Name Service)

Verify Caller ID


I-27

deploying, 4-15 to 4-16overview of, 4-14planning NetBIOS name resolution strategy, 15-47 to 15-48replication, 4-45 to 4-48Windows Server 2003 services, 1-8

Wired Equivalent Privacy. See WEP (Wired Equivalent Privacy) encryption

wireless networks, 18-29 to 18-34data-link layer protocols, 1-17 to 1-19further reading, 18-4overview of, 13-15, 15-12, 18-29 to 18-30PKI designed for, 11-10Questions and Answers, 18-31 to 18-34tested skills/suggested practices, 18-2

wireless networks, securing, 13-15 to 13-24authenticating users, 13-20 to 13-22encrypting wireless traffic, 13-22 to 13-23group policies for access control, 13-19 to 13-20overview of, 13-15review, 13-23, 13-39 to 13-40threat evaluation, 13-18wireless standards, 13-15 to 13-16wireless topologies, 13-16 to 13-18

Wireless Provisioning Services (WPS), 13-23WLANs. See wireless networksWLBS (Windows Load Balancing Service)

defined, 7-22overview of, 17-25Questions and Answers, 17-26 to 17-27using Nlb.exe, 7-23 to 7-25

workgroup switches, 2-19workstations

adding to domain, 9-21 to 9-22computer roles, 8-4 to 8-5hardware specifications, 8-6 to 8-7locating network resources, 1-31 to 1-32operating systems, 8-8 to 8-9

WPS (Wireless Provisioning Services), 13-23WSUS (Windows Server Update Services), 13-11 to 13-12

Zzones, DNS

Active Directory–integrated zones, 4-36 to 4-37creating, 4-33 to 4-35file-based, 4-35planning name resolution strategy, 15-42practice exercise creating, 4-37 to 4-39replication, 4-52 to 4-54

zone transfersfailed to occur, 4-62troubleshooting name resolution, 15-54zone creation and, 4-34 to 4-35

zone transfers


MCSE Self-Paced Training Kit (Exam 70-293): …...MCSE Self-Paced Training Kit (Exam 70-293):...

Documents

Transcript of MCSE Self-Paced Training Kit (Exam 70-293): …...MCSE Self-Paced Training Kit (Exam 70-293):...