Tag Archives: MCSE 2003 training

70-291 Q & A / Study Guide / Testing Engine

Cisco CCNA Training, Cisco CCNA Certification

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com


QUESTION 1
You work as It Admin at Certkingdom.com. The Certkingdom.com network consists of a domain named Certkingdom.com.
The servers at the Certkingdom.com network run Windows Server 2003. The Certkingdom.com network has a file
server named Certkingdom-SR18. Certkingdom-SR18 hosts shared folders.
During your routine monitoring, you notice that Certkingdom-SR18 has a connectivity issue. To investigate
further you run Network Monitor, but notices that during capturing, network packets were dropped.
What actions must you take to minimize the dropping of packets while monitoring Certkingdom-SR18?

A. You should configure a persistent demand-dial connection.
B. You should configure a two-way initiated demand-dial connection.
C. You should use dedicated capture mode when utilizing the Network Monitor.
D. You should select the Do not overwrite events option in the Event Viewer.

Answer: C

Explanation: The CPU of Certkingdom-SR18 runs on 80%, which indicates that there are not enough
resources to the network Monitor. Running Network Monitor in dedicated capture mode frees
resources on the computer for capturing dat
A. This results in fewer frames being dropped. The
capture statistics are not displayed or refreshed because the frames are copied to the capture
buffer.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, Implementing,
Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training
System, Syngress Publishing Inc., Rockland, 2003, p. 841


QUESTION 2
You work as the network administrator at Certkingdom.com. The Certkingdom.com network consists of a single
Active Directory domain named Certkingdom.com. The servers at the Certkingdom.com network run Windows
Server 2003 and the workstations, Windows XP Professional.
The Certkingdom.com network has a DNS server named Certkingdom-SR03 that does name resolution for host on
the Internet. Certkingdom.com users complain that they do not get the correct site when trying to access
Web site known to them.
What actions must you take to stop this from happening without disrupting production?

A. You should restart the DNS Server service.
B. You should select the Secure cache against pollution setting.
C. You should run the ipconfig/flushdns on Certkingdom-SR03.
D. You should run the ipconfig/registerdns on Certkingdom-SR03.

Answer: B

Explanation: When the Secure cache against pollution setting is disabled, all records received in
response to DNS queries are cached. This is true even when the records do not match to a
queried domain name. Enabling the Secure cache against pollution setting disables the ability to
pollute the DNS cache with incorrect information, and spoof DNS queries. With Windows Server
2003 the default setting is that caches are secured against pollution. This will then prevent users
that browse the Internet from being directed to the wrong websites.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, MCSA/MCSE:
Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network
Infrastructure Guide & DVD Training System, Syngress Publishing Inc., Rockland, 2003, pp. 496-
497
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, Part 1, Chapter 3, pp. 285, 291


QUESTION 3
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the workstations,
Windows XP Professional.
The Certkingdom.com network has a server named Certkingdom-SR10 that runs Windows Server Update
Services (WSUS). During synchronization you notice that you cannot connect to the Windows
Update servers, however, you can access to other Web site not residing in the intranet.
What actions must you take to connect to the Windows Update servers?

A. You must run the ipconfig/registerdns.
B. You must configure the forwarders on Certkingdom-SR10.
C. You must set the authentication to the proxy server in the WSUS settings.
D. You must run the gpupdate /force command on Certkingdom-SR10.

Answer: C

Explanation: In the Software Update Services administration console, there is an option to
configure your internet connection settings. These settings include proxy server settings. If you
have a proxy server between the SUS server and the internet, you need to configure the proxy
server settings in the SUS options.


QUESTION 4
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003. Certkingdom.com has a
subsidiary named Test Labs, Inc. that has a domain named testlabs.com.
The Certkingdom.com network has a DNS server named Certkingdom-SR05. Certkingdom-SR05 acts as a secondary
zone for testlabs.com
What actions must you take to track when the DNS server at Test Labs, Inc. sends notifications of
modifications in the zone of testlabs.com to Certkingdom-SR05?

A. You must run the gpresult command in verbose mode.
B. You must select debug logging and set the log to store Notification events on Certkingdom- SR05.
C. You must run the secedit command in analysis mode.
D. You must configure a two-way initiated demand-dial connection.

Answer: B

Explanation: Debug logging is disabled by default and has to be enabled on Certkingdom-SR05. Select
the Log packets for debugging check box to configure Debug Logging. To receive useful debug
logging information, you should select a Packet direction, a Transport protocol, and at least one
more option. You can also specify the file path and name, and the maximum size for the log file.
Enabling Debug Logging slows DNS server performance.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, MCSA/MCSE:
Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network
Infrastructure Guide & DVD Training System, Syngress Publishing Inc., Rockland, 2003, p. 551


QUESTION 5
You work as the network administrator at Certkingdom.com. The Certkingdom.com network consists of a domain
named Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003.
The Certkingdom.com network has a Web server named Certkingdom-SR11. During a routine monitoring you
notice an increase in network traffic. Due to this you need to find out the MAC address of the
workstation that initiated the transfers and the command that was used. However, you action must
not effect Certkingdom-SR11.
What actions must you take?

A. You must run the ipconfig/registerdns.
B. You must use the Netmon utility.
C. You must capture the IP traffic to Certkingdom-SR11.
D. You must Enable Server Message Block (SMB) signing on all the workstations.

Answer: C

Explanation: Network Monitor tool allows you to capture dat
A. The tool also allows you to identify
its source from where it came from. The Network Monitor tool also allows you to analyze the
content of the message. Use a Network Monitor capture filter to capture IP traffic from any
computer to Certkingdom-SR11, and apply the capture filter before capturing the data.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, MCSA/MCSE:
Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network
Infrastructure Guide & DVD Training System, Syngress Publishing Inc., Rockland, 2003, pp. 198,
543
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, Part 1, Chapter 3, pp. 140, 144, 145.


QUESTION 6
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003.
The Certkingdom.com network has only one DNS server named Certkingdom-SR11 that only hosts the zone for
Certkingdom.com. During the course of the day you have received complaints that the response time of
the connections to other workstations is very poor.
What actions must you take to see if it is the DNS client traffic on Certkingdom-SR11?

A. You must set up a log of the Total queries/sec and the DNS counters Dynamic updates/sec.
B. You must configure a Network Monitor capture filter.
C. You must run the gpresult command.
D. You must set up the Performance Logs and Alerts to note down the Physical-Disk object.

Answer: A

Explanation: The System Monitor utility is used to collect and measure the real-time performance
data for a local or remote computer on the network. Through System Monitor, you can view
current data or data from a log file. When you view current data, you are monitoring real-time
activity. When you view data from a log file, you are importing a log file from a previous session.
Using the System Monitor, you can generate statistics on the following types of information
regarding DNS services:
AXFR requests (all-zone transfer requests), IXFR requests (incremental zone transfer requests),
DNS server memory usage, Dynamic updates, DNS Notify events, Recursive queries, TCP and
UDP statistics, WINS statistics and Zone transfer issues. Thus to find out where DNS client traffic
is responsible for the slow speed at which computers connect within the Certkingdom.com domain, then
you should create a log of the Dynamic Updated/sec and the Total queries/sec given the fact that
Certkingdom-SR05 is the only DNS server in the domain.
Reference:
James Chellis, Paul Robichaux and Matthew Sheltz, MCSA/MCSE: Windows Server 2003
Network Infrastructure Implementation, Management, and Maintenance Study Guide, Sybex Inc.
Alameda, 2003, pp. 70-73, 304


QUESTION 7
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the workstations,
Windows XP Professional.
The Certkingdom.com network has a Web server named Certkingdom-SR10 that has the Internet Information
Services (IIS) 6.0 installed. Certkingdom-SR10 hosts a Web site that can be reached from the internal
network and the Internet. The internal traffic at Certkingdom.com needs authentication without a secure
protocol to access the Web site; however Internet traffic needs to authenticate with a secure
protocol.
What actions must you take to ensure that the all accesses to Certkingdom-SR10 use a secure protocol?

A. You need to configure the log to capture Notification events.
B. You need to apply the hisecdc.inf predefined security template.
C. You need to monitor network traffic and IIS logs.
D. You need to apply a custom security template.

Answer: C

Explanation: To make sure that the users are using a secure protocol, you must use the Network
Monitor. The Network Monitor allows you to capture frames directly from the network. As soon as
the frames are captured it will display and filter captured frames. The Network Monitor also allows
you to edit captured frames and transmit them on the network.
Reference:
Diana Huggins, Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam 70-291),
Chapter 4
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, 1: 26, 3: 3.


QUESTION 8
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the workstations,
Windows XP Professional.
The Certkingdom.com network has two servers, named Certkingdom-SR30 and Certkingdom-SR31, which contain file with
sensitive company information. You create a new OU named SenSrv and move Certkingdom-SR30 and
Certkingdom-SR31 to the new OU. You then create a new GPO that and configure it to encrypt all network
connections. You then link the GPO to the SenSrv OU.
How would you check to see if encrypted connections to Certkingdom-SR30 and Certkingdom-SR31 are taking
place?

A. By opening the Resultant Set of Policy console.
B. By running the Microsoft Baseline Security Analyzer (MBSA).
C. By applying the hisecdc.inf predefined security template.
D. By opening the IP Security Monitor console.

Answer: D

Explanation: Administrators can use the IP Security Monitor tool to confirm whether IP Security
(IPSec) communications are successfully secured. The tool can display the number of packets
that have been sent over the Authentication Header (AH) or Encapsulating Security Payload
(ESP) security protocols, and how many security associations and keys have been generated
since the computer was last started. The IP Security Monitor is implemented as a Microsoft
Management Console (MMC) snap-in on the Windows Server 2003 and Windows XP Professional
operating systems. It includes enhancements that allow you to view details about an active IPSec
policy, in addition to Quick Mode and Main Mode statistics, and active IPSec SAs. IP Security
Monitor also enables you to search for specific Main Mode or Quick Mode filters.
Reference:
Diana Huggins, Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam 70-291),
Chapter 5
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, p. 15: 20
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, Implementing,
Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training
System, Syngress Publishing Inc., Rockland, 2003, p.795


QUESTION 9
You work as the network administrator at Certkingdom.com. The Certkingdom.com network consists of a domain
named Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the
workstations, Windows XP Professional. The Certkingdom.com network has a DNS server named
Certkiller -SR03.
Certkingdom.com changes ISPs. Now you receive complaints that Certkingdom.com users cannot connect to Web
sites on the Internet by using the URL of the Web site.
You configure your workstation with the DNS server address of the new ISP. You can now
connect to Web sites by entering their URL in the browser.
How would you configure Certkingdom-SR03 to allow all users to connect to Internet Web sites without
causing connectivity problems on the internal network?

A. You need run the Oclist.exe command and the Security Configuration and Analysis console on
Certkingdom-SR03.
B. You need to utilize the default root hints of Certkingdom-SR03 and set up a forwarder to the new ISP.
C. You need run the Dcgpofix on Certkingdom-SR03 and set up forwarding to the new ISP.
D. You need to disable recursion and run the Security Configuration and Analysis console on
Certkingdom-SR03.

Answer: B

Explanation: Forwarders are used to inform DNS where to look for name resolution when not in
the local DNS database. With Windows Server 2003 conditional forwarding, recursive query
requests can be subject to different DNS forwarder servers based on the domain name queried.
The root hints file (cache hints file) contains host information needed to resolve names external of
the authoritative DNS domains. It holds names and addresses of root DNS servers which are
normally located on the Internet. In this situation where your network is connected to the Internet,
the root hints file should contain the addresses of the root DNS servers on the Internet. With the
default installation of Windows Server 2003, DNS uses the root hints file. It is not necessary to
configure forwarders to access the Internet. Even though it is recommended to configure
forwarders to point to your external domain, root hints will function quite fine.
Reference:
Diana Huggins, Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam 70-291),
Chapter 3
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, Part 1, Chapters 4 & 5, pp. 193, pp. 194; and pp. 247.


QUESTION 10
You work as the network administrator at Certkingdom.com. The Certkingdom.com network consists of a domain
named Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the
workstations, Windows XP Professional.
Certkingdom.com has a Web server named Certkingdom-SR10 which is connected to the Internet. During the
course of the day you have received instructions from the CIO to use System Monitor to determine
how much bandwidth is used on Certkingdom-SR10’s Internet connection. You decide to use the Bytes
Total/sec counter with a sample rate of 10 seconds. You also plan to archive the logs once a day.
Due to limited hard drive space, you need to prevent the logs from getting too big.
What actions must you take to?

A. You should disable recursion.
B. You should create a one-way initiated demand-dial connection.
C. You should configure an alert trigger when the Datagrams/sec counter is high.
D. You should keep Certkingdom-SR10 on the existing counter and set the sample rate to 60 seconds.

Answer: D

Explanation: The function of the Network Interface Bytes Total/Sec counter is to measures the
total number of bytes that are sent/ received from the network interface. You use less processor
cycles when you reduce the sampling frequency.
Reference:
Dan Holme and Orin Thomas, MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing
and Maintaining a Microsoft Windows Server 2003 Environment, Microsoft Press, Redmond, 2003,
Chapter 12, p. 479


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Free Microsoft 70-291 Q & A / Study Guide Part II

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com


 

 

 

QUESTION 1:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional. The Certkingdom.com network contains a
print server named Certkingdom -PR01 that has a built-in network interface.
A Certkingdom.com user named Andy Reid is a member of the Research and
Development department. Andy Reid complains that he cannot print to a print
device attached to Certkingdom -PR01.
You have received instruction to ensure that Andy Reid can print to the print
device. First you verify that the IP address for Certkingdom -PR01 is correct and that
the latest drivers for the print device are installed. You now want to verify that the
print jobs are being sent to the correct MAC address for Certkingdom -PR01.
What should do?

A. On Certkingdom -PR01, run the net session command.
B. On Certkingdom -PR01, run the netstat command.
C. On Certkingdom -PR01, run the netsh command.
D. On Certkingdom -PR01, run the netcap command.

Answer: D

Explaination: Netstcap.exe is a command line tool that could be used to capture the
network traffic. A filter can be created to be used during the capture to determine the
MAC address the print jobs are being sent to. The Network Monitor Capture Utility (
Netcap.exe) can be used to capture network traffic in Network Monitor. Netcap provides
capture abilities only from a command prompt; to open the resulting capture (.cap) files,
you must use the full Network Monitor interface. Netcap is installed when you install the
Support tools that are on the Windows XP CD-ROM. Netcap provides capture abilities
that are similar to the version of Network Monitor that is included with the Windows
Server products; however, you must use Netcap at a command prompt. Netcap installs
the Network Monitor driver and binds it to all adapters when you first run the Netcap command.
Incorrect Options:
A: The net session command can be used to view the computer names and user names of
users on a server, to see if users have files open, and to see how long each user’s session
has been idle. Net session manages server computer connections – used without
parameters, net session displays information about all sessions with the local computer.
B: The netstat command is not a utility to use when troubleshooting NetBIOS names, but
is used to display TCP/IP and port information.
C: The Network Shell utility (Netsh.exe) can perform a wide range of system
configuration tasks. You can use commands in the Netsh Interface IP context to
configure the TCP/IP protocol (including addresses, default gateways, DNS servers, and
WINS servers) and to display configuration and statistical information.
Reference:
Microsoft Knowledge Base: 306794: How to Install the Support Tools from the Windows
XP CD-ROM Network Monitor is provided with Windows Server products and
Microsoft Systems Management Server (SMS). Microsoft Corporation, 2004
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd & Laura Hunter,
MCSA/MCSE: Exam 70-291: Implementing, Managing, and Maintaining a Windows
Server 2003 Network Infrastructure Guide & DVD Training System, pp. 686, 854-856,
926


QUESTION 2:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of two subnets. All servers on the Certkingdom.com network run
Windows Server 2003 and all client computers run Windows XP Professional. All
servers are located in a central data center that uses a single IP subnet and all client
computers are located in one subnet.
The data center contains two routers named Certkingdom -SR01 and
Certkingdom -SR02, two domain controllers named Certkingdom -DC01 and
Certkingdom -DC02, and two file servers named Certkingdom -SR03 and
Certkingdom -SR04. The IP addresses of these servers are indicated in the table
below.

Host name IP address
Certkingdom-DC01 10.10.10.1
Certkingdom -DC02 10.10.10.2
Certkingdom -SR01 10.10.1.1
Certkingdom -SR02 10.10.1.2
Certkingdom -SR03 10.10.11.1
Certkingdom -SR04 10.10.11.2

You have received instruction from the CIO to install a new database server in the
data center. You install Windows Server 2003 on a new server computer named
Certkingdom -DB01 and hand it over to a database administrator named Dean
Austin. Dean Austin installs Microsoft SQL Server 2005 and makes some changes to
the TCP/IP settings on Certkingdom -DB01 as shown in the following table.

Parameter Value
IP address 10.10.1.3
Subnet mask 255.255.255.0
Default gateway 10.10.1.2

Later, Dean Austin complains that Certkingdom -DB01 cannot communicate with the
other servers in the data center. All other servers in the data center can
communicate with the other servers as well as the client computers. You log on to
Certkingdom -DB01 and attempt to ping Certkingdom -DC01 but you receive the
following error message: “Destination host unreachable”.
What should you do to ensure that Certkingdom -DB01 can communicate with the
other computers in the Certkingdom.com network?

A. Configure Certkingdom -DB01 with a default gateway of 10.10.1.1.
B. Configure Certkingdom -DB01 with a subnet mask of 255.255.0.0.
C. Configure Certkingdom -DB01 with an IP address of 10.10.10.3.
D. Configure Certkingdom -DB01 with an IP address of 10.10.11.3.

Answer: B

Explaination: Large networks are subdivided to create smaller subnetworks to reduce
overall network traffic by keeping local traffic on the local subnet and sending all
nonlocal traffic to the router. In order to create a subnetwork, we need to have a system
for addressing that allows us to use the network ID and host ID within the class-based
system. This is accomplished through the use of a subnet mask. To determine the
appropriate custom subnet mask (typically referred to simply as subnet mask) for a
network, you must first:
1. Determine the number of host bits to be used for subnetting.
2. Determine the new subnetted network IDs.
3. Determine the IP addresses for each new subnet.
4. Determine the appropriate subnet mask.
Incorrect Answers:
A: You need to assign the correct subnet mask to ensure connectivity.
C, D: The problem in this scenario is not a faulty IP address. It is the appropriate subnet
mask that has to be determined to enable connectivity.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter,
MCSA/MCSE: Exam 70-291: Implementing, Managing, and Maintaining a Windows
Server 2003 Network Infrastructure Guide & DVD Training System, p. 57


QUESTION 3:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of two subnets named Subnet A and Subnet B. Subnet A and
Subnet B are connected by a router. All computers on the Certkingdom.com network
are configured with static IP addresses. All network servers run Windows Server
2003 and all client computers run Windows XP Professional.
Certkingdom.com hires a new Sales manager named Amy Wilson. You install a new
client computer named Certkingdom -WS291 for Amy Wilson. You then add
Certkingdom -WS291 to Subnet A. The relevant portion of the network is configured
as shown in the exhibit.

However, Amy Wilson complains that Certkingdom -WS291 cannot communicate
with other hosts on the network.
What should you do to ensure that Certkingdom -WS291 can communicate with all
local and remote computers on the Certkingdom.com network?

A. Configure Certkingdom -WS291 with a default gateway of 192.168.28.84.
B. Configure Certkingdom -WS291 with a default gateway of 192.168.2.1.
C. Configure Certkingdom -WS291 with a subnet mask of 255.255.255.128.
D. Configure Certkingdom -WS291 with a subnet mask of 255.255.255.192.

Answer: C

Explaination: It is evident from the exhibit that the file server and
Certkingdom -WS291 have a different subnet mask. This is the reason why they
cannot communicate with each other. You must therefore change the subnet mask
of Certkingdom -WS291 to 255.255.255.128.
Incorrect Answers:
A, B: The problem is not the gateway IP address that is faulty, but rather the subnet
mask.
D: This option suggests the correct object that has to be changed, but it gives the wrong
subnet mask.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter,
MCSA/MCSE: Exam 70-291: Implementing, Managing, and Maintaining a Windows
Server 2003 Network Infrastructure Guide & DVD Training System, p. 57


QUESTION 4:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com
Certkingdom.com has its headquarters in Chicago and branch offices in Dallas and
Miami. All servers on the Certkingdom.com network run Windows Server 2003 and all
client computers run Windows XP Professional. You work in the Miami branch
office.
The network at the Miami branch office consists of 25 different subnets, each with a
maximum of six computers. The network administrator at headquarters has
allocated the 192.168.3.0/24 network address to the Miami branch office.
You install a new server named Certkingdom -SR21 in the Miami branch office. You
need to configure the Internet Protocol (TCP/IP) properties for Certkingdom -SR21.
You configure Certkingdom -SR21 with an IP address of 192.168.3.44. What subnet
mask should you use?

A. A subnet mask of 255.255.255.0.
B. A subnet mask of 255.255.255.128.
C. A subnet mask of 255.255.255.192.
D. A subnet mask of 255.255.255.240.
E. A subnet mask of 255.255.255.248.

Answer: E

Explaination: The network address is: 192.168.2.0/24, which means
11111111.11111111.11111111.0 in binary.
Therefore, you can use the last octet to configure the 30 subnets and 6 hosts in each
subnet
You need only six host PCs. When you convert to binary, it is: 00000111. As a result,
you use 3 bits.
This leaves 5 bits for the subnets 11111000 converted to decimal:
128+64+32+16+8=248, therefore the subnet mask will be: 255.255.255.248.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter,
MCSA/MCSE: Exam 70-291: Implementing, Managing, and Maintaining a Windows
Server 2003 Network Infrastructure Guide & DVD Training System, p.57


QUESTION 5:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com
Certkingdom.com has its headquarters in Chicago and a branch office in Dallas. All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional. You work in the Dallas branch office.
The network at the Dallas branch office consists of a single subnet that contains 150
client computers and 12 servers. The network administrator at headquarters has
allocated the 10.10.0.0/16 network address to the Dallas branch office.
You have received instruction from your manager to place all servers at the Dallas
branch office into a separate subnet that uses the 192.168.10 public addressing
scheme. Your manager asks you to make allowance for a maximum of 30 servers in
the new subnet.
Which subnet mask should you use for the new subnet?

A. 255.255.255.224
B. 255.255.255.240
C. 255.255.255.248
D. 255.255.255.252
E. 255.255.255.254

Answer: A

Explaination: A 255.255.255.224 subnet mask gives five host address bits, so the
maximum number of host addresses is 2 ^ 5 – 2 = 30 host addresses. Thus
255.255.255.224 is the only subnet mask that will allow for sufficient IP addresses in
case of further growth, whilst still conserving as many current addresses as possible.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter,
MCSA/MCSE: Exam 70-291: Implementing, Managing, and Maintaining a Windows
Server 2003 Network Infrastructure Guide & DVD Training System, p. 62


QUESTION 6:

DRAG DROP
You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
You have installed a new server named Certkingdom -SR06 on the network. The
relevant portion of the network is shown on the exhibit.

You want to configure Certkingdom -SR06 with a valid static IP configuration.
Certkingdom -SR06 must be able to communicate with all hosts on the network and
on the internet. You also need to configure Certkingdom -SR06 to use the DNS server
on the local subnet for name resolution. In addition, you must configure redundancy
for name resolution.
How should you configure Certkingdom -SR06?
To answer drag the appropriate IP addresses and Subnet masks to the appropriate
places.

Answer:

Explaination:
The Class C address 192.168.0.100 has to be the IP address to enable
Certkingdom -SR06 to communicate with all hosts on the network and on the internet
as 192.168.0.1, 192.168.0.2 and 192.168.0.110 are already in use. 192.168.5.2 and
192.168.5.100 are on the wrong subnet, and besides, 192.168.5.12 is already in use.
The subnet mask for this Class C address is 255.255.255.0. The default gateway
should be 192.168.0.1. To configure redundancy for name resolution, configure the
preferred DNS server/primary address as 192.168.0.2, and the alternate DNS
server/secondary address as 192.168.5.2.
Reference:
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291):
Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 network
Infrastructure, Part 1, Chapter 2, pp. 80-116


QUESTION 7:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional. Certkingdom.com has its headquarters in
Chicago and branch offices in Dallas and Miami. You work in the Miami branch
office.
The Miami branch office has a file server named Certkingdom -SR25 that hosts
critical documents. Certkingdom -SR25 is configured with a DHCP client reservation.
Certkingdom.com users from all three offices download documents from
Certkingdom -SR25.
One day Certkingdom.com users complain that they cannot access the documents on
Certkingdom -SR25. You discover that the DHCP server has failed. The DHCP server
is located at headquarters.
You have received instruction from the CIO to ensure that Certkingdom -SR25 is
available even if it is unable to obtain or renew a lease from the DHCP server.
How could you accomplish this task?

A. On the DHCP server, increase the DHCP lease period.
B. Configure alternate IP settings for Certkingdom -SR25 on the Alternate Configuration
tab of the Internet Protocol (TCP/IP) properties.
C. Configure the DHCP scope in the 169.254.0.1. – 169.254.255.254 range.
D. On the DHCP server, configure the DHCP 001 Resource Location Servers reservation
option for Certkingdom -SR25.

Answer: B

Explaination: Windows Server 2003 includes the Alternate Configuration feature.
The Windows Server 2003 servers can be configured to use an alternate static IP
configuration if a DHCP server is unavailable. When a DHCP client determines that
the DHCP server is unavailable, it will automatically change over and also configure
the TCP/IP stack with the static address information specified on the Alternate
Configuration tab of the Internet Protocol (TCP/IP) properties.
Incorrect Answers:
A: Increasing the lease period would result in DHCP clients requesting leases less
frequently, but won’t guarantee that Certkingdom -SR25 will be available when the DHCP
server is down.
C: Modifying the DHCP scope to the 169.254.0.1. – 169.254.255.254 range will still be
reliant on the DHCP server.
D: Configuring the DHCP 001 Resource Location Servers reservation option for
Certkingdom -SR25 on the DHCP server will not ensure that Certkingdom -SR25 will
receive an IP address or have the IP address renewed.
Reference:
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291):
Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 network
Infrastructure, Part 1, Chapter 2, pp. 114, 117


QUESTION 8:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional. The Certkingdom.com network contains a
server named Certkingdom -SR34. Certkingdom -SR34 is configured as a DHCP server
and has been authorized in Active Directory. The Telnet service has been installed
and started on Certkingdom -SR34.
One day Certkingdom.com users complain that they cannot access network resources.
Your investigations reveal that the DHCP Server service on Certkingdom -SR34 has
stopped. You install the administrative tools on a client computer named
Certkingdom -WS291 and log on to the computer. When you open the DHCP console
on Certkingdom -WS291 and attempt to connect to Certkingdom -SR34, you receive an
error message that states: “Cannot find the DHCP Server.” You then attempt to
ping Certkingdom -SR34 but fail.
How can you connect to the DHCP Server service on Certkingdom -SR34 by using the
DHCP console on Certkingdom -WS291?

A. Establish a Telnet session to Certkingdom -SR34 and then run the net start dhcp
command.
B. Establish a Telnet session to Certkingdom -SR34 and then run the net start dhcpserver
command.
C. Establish a Telnet session to Certkingdom -SR34 and then run the ipconfig /renew
command.
D. On Certkingdom -WS291, run the netsh dhcp server\\ Certkingdom -SR34 show server
command.

Answer: B

Explaination: You can start the DHCP Server service by executing the Net Start
Dhcpserver command at the command prompt.
Telnet is a protocol that enables an Internet user to log on to and enter commands on a
remote computer linked to the Internet, as if the user were using a text-based terminal
directly attached to that computer. Telnet is part of the TCP/IP suite of protocols. The
term telnet also refers to the software (client or server component) that implements this
protocol.
Given the fact that you can ping Certkingdom -SR34 you should then establish a Telnet
session to Certkingdom -SR34 and then run the appropriate command.
Reference:
J. C. Mackin & Ian McLean, MCSA/MCSE self-paced training kit (exam 70-291):
implementing, managing, and maintaining a Microsoft Windows Server 2003 network
infrastructure, Microsoft Press, Redmond, 2004, p. 7-23


QUESTION 9:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional. The Certkingdom.com network contains a
server named Certkingdom -SR51 that is configured as a print server for a print
device that has a built-in network interface. The print device is used by the Sales
department to print Sales reports.
A Certkingdom.com user named Clive Allen is a member of the Sales department. Clive
Allen complains that he cannot print to the print device attached to
Certkingdom -SR51.
You verify that the IP address for Certkingdom -SR51 is correct and that the correct
drivers for the print device are installed. You now want to verify that the print jobs
are being sent to the correct MAC address for Certkingdom -SR51.
You log on to Certkingdom -SR51. What should you do next?

A. Run the net session command.
B. Run the netstat command.
C. Run the netsh command.
D. Run the netcap command.

Answer: D

Explaination: Netstcap.exe is a command line tool that could be used to capture the
network traffic. A filter can be created to be used during the capture to determine the
MAC address the print jobs are being sent to. The Network Monitor Capture Utility (
Netcap.exe) can be used to capture network traffic in Network Monitor. Netcap provides
capture abilities only from a command prompt; to open the resulting capture (.cap) files,
you must use the full Network Monitor interface. Netcap is installed when you install the
Support tools that are on the Windows XP CD-ROM. Netcap provides capture abilities
that are similar to the version of Network Monitor that is included with the Windows
Server products; however, you must use Netcap at a command prompt. Netcap installs
the Network Monitor driver and binds it to all adapters when you first run the Netcap
command.
Incorrect Options:
A: The net session command can be used to view the computer names and user names of users
on a server, to see if users have files open, and to see how long each user’s session has
been idle. Net session manages server computer connections – used without parameters,
net session displays information about all sessions with the local computer.
B: The netstat command is not a utility to use when troubleshooting NetBIOS names, but
is used to show what ports your computer is listening on.: -R is used to reload your
LMHOSTS file located in %systemroot%\system32\drivers\etc., -r will show you which
name resolutions have been answered via broadcasts, and which have been answered via
a NetBIOS name server, -RR switch of the command utility refreshes your NetBIOS
name with a configured WINS server.
C: The Network Shell utility (Netsh.exe) can perform a wide range of system
configuration tasks. You can use commands in the Netsh Interface IP context to
configure the TCP/IP protocol (including addresses, default gateways, DNS servers, and
WINS servers) and to display configuration and statistical information.
Reference:
Microsoft Knowledge Base: 306794: How to Install the Support Tools from the Windows
XP CD-ROM Network Monitor is provided with Windows Server products and
Microsoft Systems Management Server (SMS). Microsoft Corporation, 2004
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd & Laura Hunter,
MCSA/MCSE: Exam 70-291: Implementing, Managing, and Maintaining a Windows
Server 2003 Network Infrastructure Guide & DVD Training System, pp. 686, 854-856,
926


QUESTION 10:

Network Topology Exhibit:

LAN Settings Exhibit:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional. The Certkingdom.com network contains a
Microsoft Internet Security and Acceleration (ISA) Server computer named
Certkingdom -SR01, a DNS server named Certkingdom -SR02, a DHCP server named
Certkingdom -SR03, a file server named Certkingdom -SR21, and a Web server named
Certkingdom-SR25. Certkingdom -SR25 also serves as a central antivirus server.
Certkingdom -SR21 is located on the 10.10.11.0 subnet and Certkingdom -SR25 is
located in the perimeter network. Certkingdom -SR21 contains antivirus software
that checks for new virus definitions on Certkingdom -SR25 every hour. You can also
access Certkingdom -SR25 through a virus update Web page to perform manual
virus definition updates.
Certkingdom -SR03 suffers a catastrophic failure and is removed from the network.
Due to budgetary constraints, a replacement for Certkingdom -SR03 will only be
acquired in the next financial year. You need to redesign network addressing
scheme, and change the IP addresses for Certkingdom -SR01 to the addresses shown
in the Network Topology exhibit.
Certkingdom -SR02 contains the new host (A) resource records for
Certkingdom -SR01.
You receive reports about a new virus threat and want to protect the network
immediately by manually downloading the new virus definitions to
Certkingdom -SR21. you log on to Certkingdom -SR21 but discover that you cannot
access the virus update Web page on Certkingdom -SR25. The static TCP/IP
configuration on Certkingdom -SR21 uses Certkingdom -SR02 as the preferred DNS
server.
You confirm that Certkingdom -SR01 is configured properly. On Certkingdom -SR21,
you view the Internet Explorer LAN settings that are shown in the LAN Settings
exhibit.
What should you do to allow Certkingdom -SR21 to connect to Certkingdom -SR25?

A. At a command prompt on Certkingdom -SR21, run the ipconfig /flushdns command.
B. In the LAN settings of Internet Explorer on Certkingdom -SR21, select the
Automatically detect settings check box.
C. At a command prompt on Certkingdom -SR01, run the ipconfig / flushdns command.
D. At a command prompt on Certkingdom -SR01, run the ipconfig /registerdns command.

Answer: A

Explaination: Running the ipconfig /flushdns command will flush and reset the DNS
resolver cache which is necessary to allow connection. Run this command on
Certkingdom -SR21 to connect to Certkingdom -SR25.
Incorrect Answers:
B: Selecting the “Automatically detect settings” checkbox is not going to allow
Certkingdom -SR21 to connect to WWW.
C: The ipconfig /flushdns command flushes and resets the DNS resolver cache. This is
not what is necessary.
D: The ipconfig /registerdns command refreshes all DHCP leases and registers any related
DNS names. This option is available only on Windows 2000 and newer computers that
run the DHCP Client service. This is not going to allow Certkingdom -SR21 to connect to
WWW when it is run on Certkingdom -SR01.
Reference:
James Chellis, Paul Robichaux and Matthew Sheltz, MCSA/MCSE: Windows Server
2003 Network Infrastructure Implementation, Management, and Maintenance Study
Guide, p. 311


QUESTION 11:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional. The Certkingdom.com network contains a
DHCP server named Certkingdom -SR15 that is configured with a single scope.
Certkingdom.com hires a new Sales manager named Andy Reid. You install a new client
computer named Certkingdom -WS291 for Andy Reid. You connect
Certkingdom -WS291 to the network by plugging the network cable into the network
adapter on Certkingdom -WS291 and attempt to connect to Certkingdom -SR25.
However, you cannot access any of the servers on the network. When you open a
command prompt on Certkingdom -WS291 and run the ipconfig /renew command,
you receive the following response.

You log on to a client computer named Certkingdom -WS292 and run the ipconfig
/renew command successfully.
What should you do to ensure that Certkingdom -WS291 can receive its IP address
configuration from the Certkingdom -SR25?

A. Restart the DHCP service on Certkingdom -SR25.
B. Restart Certkingdom -WS291.
C. Restart Certkingdom -SR25.
D. Add additional IP addresses to the scope on Certkingdom -SR25.

Answer: B

Explaination: It is probable that the TCP/IP stack has a problem because the
computer is unable to send a DHCP discover broadcast packet. This can happen
when you insert a network cable after the PC has been started. You should restart
the client PC to successfully obtain a new IP address.
Incorrect Answers:
A, C, D: This is unnecessary because Certkingdom -WS292 did obtain an IP address from
the DHCP server, thus indicating that the DHCP server configuration is not the issue.
Reference:
Deborah Littlejohn Shinder and Dr. Thomas W. Shinder, MCSA/MCSE Exam 70-290:
Managing and Maintaining a Windows Server 2003 Environment Study Guide & DVD
Training System, p. 629


QUESTION 12:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional. Certkingdom.com has its headquarters in
Chicago and branch offices in Dallas and Miami. The Certkingdom.com network
contains a DHCP server named Certkingdom -SR01. The relevant portion of the
network is shown in the following network diagram.

You work at headquarters. A Certkingdom.com employee named Andy Booth is one of
three employees that are relocated to headquarters from the Dallas office. Andy
Booth uses a portable client computer named Certkingdom -WS291. Andy Booth
complains that when he plugs Certkingdom -WS291 into the LAN connection in his
new cubicle, he cannot connect to network resources on the LAN or the Internet.
None of the other employees are experiencing the same problem.
When you run the ipconfig command from a command prompt on
Certkingdom -WS291, you see the output as shown in the exhibit.

What should you do to allow Certkingdom -WS291 to connect to network resources
on the LAN or the Internet?

A. Configure Certkingdom -WS291 with a subnet mask of 255.255.240.0.
B. Configure Certkingdom -WS291 with a default gateway of 192.168.3.12.
C. Configure Certkingdom -WS291 with a primary DNS suffix of Certkingdom.com
D. Configure Certkingdom -WS291 to automatically lease an IP address from
Certkingdom -SR01.

Answer: D

Explaination: The client computers on the subnet use DHCP to obtain their IP
configurations. Certkingdom -WS291 has a static IP address, and therefore cannot
obtain a valid IP configuration from the DHCP server.
Incorrect Answers:
A: By changing the subnet mask you will not ensure that Certkingdom -WS291 will
connect to other computers and the Internet.
B: Changing the default gateway will not enable Certkingdom -WS291 LAN connection.
Besides, 192.168.3.12 is the IP address of the DHCP server.
C: Adding a primary DNS suffix means that only domain names listed in that window
will be tried for resolution purposes. Both the connection-specific and primary DNS
suffix are ignored.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter,
Implementing, Managing, and Maintaining a Windows Server 2003 Network
Infrastructure Guide & DVD Training System, p. 515


QUESTION 13:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows 2000 Professional. Certkingdom.com has headquarters in
London and branch offices in Paris, Berlin, Milan, Madrid, Stockholm, Warsaw,
Minsk, and Athens. Each branch office has a server that provides DHCP Server
services and between two to twenty client computers. A client computer in each
branch office is configured with a shared dial-up connection. You work at
headquarters.
The Berlin branch office has only two client computers named Certkingdom -WS291
and Certkingdom -WS292. A Certkingdom.com user named Kara Lang works in the
Berlin office. One morning Kara Lang complains that the shared dial-up connection
on Certkingdom -WS291 is no longer working.
Your investigation reveals that Certkingdom -WS292 can connect to shared folders
on Certkingdom -WS291 and that Certkingdom -WS291 can connect to the network at
headquarters. However, Certkingdom -WS292 cannot connect to resources on the
network at headquarters.
What should you do to ensure that both Certkingdom -WS291 and
Certkingdom -WS292 can connect to resources on the network at headquarters?

A. Reconfigure Internet Connection Sharing on Certkingdom -WS291.
B. Configure the shared dial-up connection on Certkingdom -WS291 so that automatic
dialog is enabled.
C. Configure Certkingdom -WS292 to receive an IP lease from a DHCP server.
D. Configure Certkingdom -WS292 to use Certkingdom -WS291 for DNS name resolution.

Answer: C.

Explaination: The problem is most likely caused by an incorrect or non-existent
default gateway setting on Certkingdom -WS292. If you configure
Certkingdom -WS292 to use DHCP to obtain IP addressing information,
Certkingdom -WS292 will receive the correct settings from the ICS service on
Certkingdom -WS291.
Incorrect Answers:
A: The question refers to a shared dial-up connection on Certkingdom -WS291 not
working. If the dial-up connection is shared, then Internet Connection Sharing is enabled
already.
B: The question states that Certkingdom -WS291 automatically connects to the network at
the main office whenever the user on Certkingdom -WS291 attempts to access resources
located on the main office network. This indicates that automatic dial-up is already
configured.
D: Certkingdom -WS291 is not a DNS server. The ICS service has a DNS proxy that
would pass DNS requests to whichever DNS server Certkingdom -WS291 is using.
Reference:
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291):
Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 network
Infrastructure, Part 1, Chapters 1 & 2, pp. 45, 124


QUESTION 14:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows NT Workstation 4.0. The network contains 2,500 client
computers that are configured with static IP addresses.
Certkingdom.com issues a new network policy that requires all network computers to
have dynamically assigned IP configurations. You enable the DHCP Server service
on a member server named Certkingdom -SR25. Three network support technicians
have been instructed to configure the IP properties on all client computers to
receive a DHCP lease from Certkingdom -SR25.
It is estimated that the change over will take two weeks to complete. You need to
ensure that the DHCP server will not lease an IP address that is statically
configured on a computer that the network support technicians have not yet seen to.
What should you do?

A. On Certkingdom -SR25, configure Conflict detection attempts to 1.
B. On Certkingdom -SR25, configure Conflict detection attempts to 3.
C. On Certkingdom -SR25, configure client reservations for each client computer’s MAC
address.
D. On Certkingdom -SR25, activate and reconcile the scopes.

Answer: A

Explaination: When conflict detection attempts are set, the DHCP server uses the
Packet Internet Groper (ping) process to test available scope IP addresses before
including these addresses in DHCP lease offers to clients. A successful ping means
that the IP address is in use on the network. This results in the DHCP server not
offering to lease the address to a client.
If the ping request fails and times out, it indicates that the IP address is not in use on the
network. In this case, the DHCP server offers to lease the address to a client. Each
additional conflict detection attempt delays the DHCP server response by a second while
waiting for the ping request to time out. This in turn increases the load on the server. A
value of no greater than two (2) is recommended for ping attempts.
Incorrect Answers:
B: Due to the latency involved in ping attempts, the higher the conflict detection value is
set, the longer the lease process will be for every client that uses the DHCP server.
C: Configuring client reservations for each client computer MAC address will involve a
physical visit to each and every client computer if you do not ping it successfully.
D: The scope would already be activated in this scenario.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter,
Implementing, Managing, and Maintaining a Windows Server 2003 Network
Infrastructure Guide & DVD Training System, pp. 208-209


QUESTION 15:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and client
computers run Windows XP Professional, Windows 2000 Professional, or Windows
NT Workstation. All client computers are configured with default settings.
The Certkingdom.com network contains a server named Certkingdom -SR31 that
functions as a DHCP and DNS server, and a server named Certkingdom -SR38 that
contains antivirus server software. All DNS zones on Certkingdom -SR31 are enabled
for DNS dynamic updates. The computer account for each client computer is the
owner of its own DNS host record. No other server provides DNS services.
What must you do to ensure that Certkingdom -SR38 can contact client computers by
using fully qualified domain names (FQDNs) to propagate virus definition updates?

A. On Certkingdom -SR31, modify the Dynamically update DNS A and PTR records only
if requested by the DHCP clients option.
B. On Certkingdom -SR38, modify the Always dynamically update DNS A and PTR
records option.
C. On Certkingdom -SR31, modify the Discard A and PTR records when lease is deleted
option.
D. On Certkingdom -SR31, modify the Dynamically update DNS A and PTR records for
DHCP clients that do not request dynamic updates (for example, clients running
Windows NT 4.0) option.

Answer: D

Explaination: Dynamically Update DNS A And PTR Records For DHCP Clients That
Do Not Request
Updates – This checkbox lets you handle these older clients graciously by making the
updates using a separate mechanism. When checking this check box you will ensure that
Certkingdom -SR38can resolve FQDNs for all client computers on the network under the
given circumstances and the role that Certkingdom -SR31 plays.
Incorrect Answers:
A: Dynamically Update DNS A And PTR Records Only If Requested By The DHCP
Clients – This radio button (which is on by default) tells the DHCP server to register the
update only if the DHCP client asks for DNS registration. When this button is active,
DHCP clients that aren’t hip to DDNS won’t have their DNS records updated. However,
Windows 2000, XP, and Server 2003 DHCP clients are smart enough to ask for the
updates.
B: Always Dynamically Update DNS A And PTR Records – This radio button forces the
DHCP server to register any client to which it issues a lease. This setting may add DNS
registrations for DHCP-enabled devices that don’t really need them, like printer servers;
however, it allows other clients (like Mac OS, Windows NT, and Linux machines) to
have their DNS information automatically updated. This is not what is required.
C: Discard A And PTR Records When Lease Is Deleted – When a DHCP lease expires,
what should happen to the DNS registration? Obviously, it would be nice if the DNS
record associated with a lease vanished when the lease expired; when this checkbox is
checked (as it is by default), that’s exactly what happens. If you uncheck this box, your
DNS will contain entries for expired leases that are no longer valid; when a particular IP
address is reissued on a new lease, the DNS will be updated, but in between leases you’ll
have incorrect data in your DNS-always something to avoid.
Reference:
James Chellis, Paul Robichaux and Matthew Sheltz, MCSA/MCSE: Windows Server
2003 Network Infrastructure Implementation, Management, and Maintenance Study
Guide, p. 246


 

 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

Microsoft releases six critical security bulletins for October

For October’s Patch Tuesday, Microsoft released 10 security bulletins, six of which it’s rated as critical. (The remaining four updates address two moderate threats, one important threat, and one low threat.) In addition, several of the bulletins affect Office applications for the Mac.
Details

Redmond released 10 security bulletins for October’s Patch Tuesday, rating six as critical. Due to space constraints, I’ll review the critical updates this week, and I’ll wrap up this month’s Patch Tuesday coverage with the rest in the next issue.

Keep in mind that attackers are actively exploiting some of these threats, so make sure to examine each update on a case-by-case basis. To learn about specific workarounds and mitigating factors, read each security bulletin in detail.

Fortunately for managers and “patch masters,” most of these threats are only critical for older platforms and applications—a fact that greatly reduces the impact of these critical patch warnings. In most cases, Microsoft Baseline Security Analyzer (MBSA) 2.0 or Systems Management Server (SMS) 2003 will identify the need for a patch, but earlier versions may not work properly. However, MBSA 2.0 and SMS 2003 may not work in some instances, particularly for Macintosh platforms and Office 2000.
MS06-057

Microsoft Security Bulletin MS06-057, titled as both “Vulnerability in Windows Shell Could Allow Remote Code Execution” and “Vulnerability in Windows Explorer Could Allow Remote Execution,” addresses the Windows Shell Remote Code Execution Vulnerability (CVE-2006-3730). There have been reports that attackers are actively exploiting this vulnerability.

This is a critical threat for Windows 2000 Service Pack 4 and all versions of Windows XP; it is a moderate threat for all versions of Windows Server 2003. This bulletin replaces Microsoft Security Bulletin MS06-045 for Windows XP SP1 only.


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

Possible workarounds include patching the registry, disabling ActiveX controls, and altering Internet Explorer security zones—all of which can have serious side effects. See the security bulletin for more details.
MS06-058

Microsoft Security Bulletin MS06-058, “Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution,” addresses four separate problems:

* PowerPoint Malformed Object Pointer Vulnerability (CVE-2006-3435)
* PowerPoint Malformed Data Record Vulnerability (CVE-2006-3876)
* PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877)
* PowerPoint Malformed Record Vulnerability (CVE-2006-4694)—attackers are actively exploiting this vulnerability.

This is a critical threat for PowerPoint 2000; it is an important threat for PowerPoint 2002, PowerPoint 2003, PowerPoint 2004 for Mac, and PowerPoint v.X for Mac. This bulletin replaces Microsoft Security Bulletin MS06-028 for all affected versions.

See the security bulletin to learn about possible workarounds and mitigating factors, which are numerous.
MS06-059

Microsoft Security Bulletin MS06-059, “Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution,” is another threat that affects both Windows and Macintosh platforms and addresses multiple vulnerabilities:

* Excel Malformed DATETIME Record Vulnerability (CVE-2006-2387)
* Excel Malformed STYLE Record Vulnerability (CVE-2006-3431)
* Excel Handling of Lotus 1-2-3 File Vulnerability (CVE-2006-3867)
* Excel Malformed COLINFO Record Vulnerability (CVE-2006-3875)

While both the Lotus 1-2-3 and STYLE Record vulnerabilities were publicly disclosed threats, there were no reports of active exploits at the time of publication.

This collective group poses a critical threat for Excel 2000; it’s an important threat for Excel 2002, Excel 2003, Excel Viewer 2003, Excel 2004 for Mac, and Excel v.X for Mac. This bulletin replaces Microsoft Security Bulletin MS06-037 for all affected versions.
MS06-060

Microsoft Security Bulletin MS06-060, “Vulnerabilities in Microsoft Word Could Allow Remote Code Execution,” is another threat that affects both Windows and Macintosh platforms and addresses multiple vulnerabilities:

* Microsoft Word Vulnerability (CVE-2006-3647)
* Microsoft Word Mail Merge Vulnerability (CVE-2006-3651)
* Microsoft Word Malformed Stack Vulnerability (CVE-2006-4534)
* Microsoft Word for Mac Vulnerability (CVE-2006-4693)

This collective group poses a critical threat for Word 2000; it’s an important threat for Word 2002, Word 2003, Word 2003 Viewer, Word 2004 for Mac, and Word v.X for Mac. This bulletin replaces Microsoft Security Bulletin MS06-027 for Word 2000, Word 2002, Word 2003, and Word 2003 Viewer. These are newly disclosed threats, and there had been no reports of active exploits at the time of publication.
MS06-061

Microsoft Security Bulletin MS06-061, “Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution,” addresses two separate threats:

* Microsoft XML Core Services Vulnerability (CVE-2006-4685)
* XSLT Buffer Overrun Vulnerability (CVE-2006-4686)

This bulletin affects Windows 2000 SP4, all versions of Windows XP, all versions of Windows Server 2003, Office 2003 SP1, Office 2003 SP2, Microsoft XML Core Services 4.0, and Microsoft XML Core Services 6.0. While the XML Core Services Vulnerability poses an important to low threat—depending on the version—the XSLT Buffer Overrun Vulnerability is a critical threat, so the collective rating is critical for all affected versions.

These are newly disclosed threats, and there had been no reports of active exploits at the time of publication.

Note: While Microsoft updated the bulletin to remove a mistaken update note, this bulletin doesn’t replace any prior security patches.
MS06-062

Microsoft Security Bulletin MS06-062, “Vulnerabilities in Microsoft Office Could Allow Remote Code Execution,” addresses four separate threats:

* Office Improper Memory Access Vulnerability (CVE-2006-3434)
* Office Malformed Chart Record Vulnerability (CVE-2006-3650)
* Office Malformed Record Memory Corruption Vulnerability (CVE-2006-3864)
* Microsoft Office Smart Tag Parsing Vulnerability (CVE-2006-3868)

This bulletin affects Office 2000 SP3, Office XP SP3, Office 2003 SP1, Office 2003 SP2, Office 2004 for Mac, and Office v.X for Mac. It also affects Project 2000 Service Release 1, Project 2002 SP1, and Visio 2002 SP2. It is a critical threat for Office 2000, and it’s an important threat for all remaining versions.

This bulletin replaces Microsoft Security Bulletin MS06-048 for all affected versions. Microsoft has updated the security bulletin itself to V1.1 to clarify some details.

The Microsoft Office Smart Tag Parsing vulnerability was the only publicly disclosed threat, but there had been no reports of active exploits at the time of publication.
Final word

And if six critical patches aren’t enough, don’t forget that Microsoft also recently released a critical patch out of sequence—Microsoft Security Bulletin MS06-055 for XML problems. Yes, folks, these critical threats are the ones Redmond felt could wait for the regular scheduled Patch Tuesday! Tune in next week for details on the remaining security bulletins.

Points You Need to Know For Becoming MCTS Certified

Microsoft Certified Technology Specialist (MCTS) is one of the most popular certifications awarded by Microsoft. This certification will help you demonstrate your range of expertise, practical skills, and a thorough knowledge of Microsoft technologies. The Microsoft Certified Technology Specialist (MCTS) credential endorses the knowledge and skills of an IT professional with respect to performing a given job role including those like database administrator or enterprise messaging administrator. One of the most distinguishing features of this certification process is that it is built by Microsoft on the technical proficiency assessed by the Microsoft Certified Technology Specialist (MCTS ) certifications. This fact will enable you get one or more MCTS certifications as you progress on your way to securing an MCTS Training.


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

MCTS certification attests that the candidates have the necessary set of skills to deploy, build, optimize, design various applications operating technologies with respect to a particular job role and that they are capable of designing and making a number of technology decisions crucial to accomplish successful technology implementation projects.

While the Microsoft Certified Techonlogy Specialist (MCTS ) credential enables IT professionals with a more focussed and simpler framework to display their technical and professional skills, some reputed MCTS certification training programs available on the net enables the candidates to systematically acquire the required knowledge and skills needed to make their cherished IT dreams come alive and besides easily securing a great paying job in the purview of the IT industry.

One of the most important aspects that you need to note regarding this certification is that it also highlights your exclusive field of expertise as there are about twelve concentrations available within this one certification. This will help you distinguish yourself among other IT professionals by possessing the up-to-date skills and surpassing job-role capabilities to effectively work with a comprehensive set of Microsoft technologies.

While choosing the right site for getting trained for this certification, always look for programmes that are offered by certified instructors. This will help you with a quality education necessary to enhance your IT career. One of the greatest advantages of securing this certification is that you are actually letting the employers know that you are more capable than others to get the job done right.

Are you looking for MCTS Certification Training? Here I’d recommend you to make use of practice exams with Self preparation self study, developed by experienced and Subject Specialist Exams Expert with Money Back Guarantee MCTS Certification Training incase you fail in your exams. Visit for details.

In-depth look at Microsoft Home Server – CES 2007

Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

I had a chance to speak with members of the Microsoft Home Server team at CES about Microsoft Home Server 2006.  I managed to get some in-depth questions answered on the product so here it is.

Question:  Will Home Server be available to the do-it-yourself buyers or will it only be available as a packaged deal?

Microsoft:  For the time being, it will only be available as a packaged deal from major PC makers.  But there is a lot of interest from the do-it-yourself market and Microsoft is looking in to it.

Question:  What is Home Server based on?  Is it based on Windows Server 2007 (or what ever it will be called)?

Microsoft:  It’s based on Windows Server 2003 R2 along with some other components that the Home Server team developed for the home product.

Question:  I noticed a fairly nice looking rich client management console.  Is that web based or is that a rich client that needs to be installed?

Microsoft:  Neither.  It’s a rich Win32 application hosted on the server delivered to the client’s desktop seamlessly using the RDP (Remote Desktop Protocol).  This is a feature similar to Microsoft Terminal Services in Windows Server 2007.  The user interface is also available to remote users via web interface.  The connection from the client to server is extremely thin and efficient (often less than 2 kbps in my experience on RDP).

Question:  On the custom domain names that buyers may get if they adopt MS Home Server early (details not worked out yet), will that support DDNS Dynamic DNS non-static IP Internet connections typical of most DSL and Cable broadband connections?

Microsoft:  Microsoft will support Dynamic DNS for custom domain names.

Question:  How does the remote access work?  Is that an HTTP tunneling technology that can bypass firewalls or is it just using RDP on TCP 3389 or some other redirected port?

Microsoft:  It’s not using HTTP tunneling, but Microsoft Home Server can act as an RDP proxy which allows a single server on a single IP address to simultaneously host multiple RDP connections to multiple PCs.

Question:  How does Microsoft deal with the issue of security.  It’s hard enough for an IT professional to secure a publicly available server exposed to the Internet let alone someone in the home.  This opens up a whole new can of worms on the security front because we now have millions of homes connected to the Internet with a wide-open server 24×7.

Microsoft:  Microsoft has put a lot of work in hardening the home server using technology from Windows Server 2003 R2 with IIS 6.0 web server.

Note that IIS 6.0 since 2003 has only had two moderately critical flaws which is really quite amazing for a web server.  Apache 2.0 has had more than 10 times the number of flaws in the same time period and some of which were more critical.  But the biggest security issue with web servers besides poor administration is poor custom ASP or PHP coding which thankfully is not an issue with most home servers.  Homes are currently safe if they have a firewall or router even if a serious flaw exists on the home network because it isn’t open to the public Internet.  This is not just a Microsoft problem since the same thing is being done with Linux-based servers and appliances, but we’re talking about the server that holds all the user’s data open to the Internet.  Only time will tell on the cyber-crime front but my prediction is that it will be a huge problem afflicting the industry in general as we move to a more connected digital society.

Question:  One of the biggest security headaches in running a secure web server is the secure authentication issue and the pain of setting up and buying expensive SSL certificates.  A lot of IT shops don’t even get this right and they set up these untrusted self-signed digital certificates that violate fundamental SSL security principles and many American Banks can’t even seem to get this concept straight.  What chance does a home user have of dealing with this huge implementation challenge?  What is Microsoft doing to make this easier?

Microsoft:  We’re working on this.

Question:  Wouldn’t it make sense for Microsoft to offer free SSL certificate signing with every Home Server and automate the whole thing?

Microsoft:  That’s good feedback.

Question:  Cisco has a technology on their firewalls called cut-through-proxy where ports aren’t open until a user authenticates.  Wouldn’t that type of technology be good for the home and in general to minimize the open ports and vectors for attack?

Microsoft:  We’re aware of this technology and it’s good feedback.

Question:  How does Microsoft Home Server deal with PC backup?

Microsoft:  Microsoft offers a full PC backup solution that includes data and system imaging.  Even if a hard drive died on a PC, the customer can put in a blank hard drive and do a bare metal recovery using a bootable recovery CD.

Question:  How does Microsoft deal with the issue of offline-backup from the home server?  Let’s say the user’s computer is hacked and the hacker destroys or encrypts all the user’s data on the client and file shares on the Home Server.

Microsoft:  Microsoft will have an add-on product that supports offline backups like an external USB/Firewire hard drive.  The home server will run as a separate service that has exclusive access to the offline backup.  The normal home server services will not have access to the offline backup.  Microsoft Home Server also has point-in-time snapshot capability so that users can recover files from a previous state like a day or week before.  (Vista also has this feature natively).

Question:  Does Microsoft Home Server support single instant storage like Windows Server 2003 R2?  (This means if two people in a home had separate folders with the same files on the same server, Home Server will only store one instance of the file)

Microsoft:  Not at this point.

Question:  Does Microsoft Home Server have the IAS (RADIUS) authentication server component of Windows Server 2003 built in?  (This allows people to run Enterprise Class wireless LAN security that’s easy to manage.)

Microsoft:  Not at this point.

Question:  Is Microsoft Home Server an Active Directory server?

Microsoft:  No, Windows XP home and Vista basic can’t support domain joins.  Only business editions of Windows can support domain joins.

Question:  But wouldn’t this make file sharing difficult since users are often prompted to enter in a username and password?  Furthermore, Workgroup networking and file sharing has never worked consistently in Windows XP even if you manually sync up the usernames and passwords.

Microsoft:  The Home Server client agent will synchronize passwords so that file shares on different machines can be seamlessly accessed.  It’s also made Workgroup network file sharing more consistent and users won’t need to type in passwords for different shares.

Get High Score in MCSE Exams

The practice exams are must for getting the information technology certifications. The MCSE certification provides the features for becoming a system engineer in a comfortable manner. This will be useful not only for the job seekers, but for the working professionals also. The ways for becoming a high quality system administrator will be provided by this certification such that it gives the best solution. A person should know the exam codes that are required for getting this certification in a proper way. This will be helpful for solving the complex problems in the information technology companies.


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

The self paced training kits are available for the persons who want to get this certification, as it involves both preparation and practice. Some companies are providing the training programs for the passing the mcse practice exam in a better way. The test papers and the exams are found to be helpful for getting this certification without any difficulties. Some kits are providing the video guides and the study guides for the persons who want to clear these exams in a right way. The MCSE certification makes the possible ways for overcoming the challenges in the information technology companies.

The solved papers and the model papers are available for getting this certification and it helps to avoid the difficulties. The online gives the updated study materials for the persons who are preparing these exams. The search engines are giving the ways for the clearing the mcse secrets in a correct way. The simulation process is provided for the persons who want to become an efficient engineer. The ways for improving the standards both in life and companies are provided by this certification and also shows the ways for getting the high paid jobs in the topmost information technology companies all over the world.

The examinations are playing a main role in analyzing the skills and knowledge of the person in a proper way. The exams are also helping you to get a good job in a big concern also. There are different types of exams available to you to do to get a job. You can search the different useful exams for getting a good job in your life. Those will help you to start a good career also. The Microsoft exams are the best one to improve your skills and also to get a secure job in your life too.

You can get the details of the institutes in the online easily. You can also get the training for these mcse exams in the institutes. It will help you to pass this exam in an easy way. The study guides are the one will help for the preparation of this exam and it is available in the online. You can clarify your doubts about these mcse exams from the experts and professionals in the online. This will help you to know the benefits of this exam in a better way. You can get the certification for this exam after you finish it with high score. This will allow you to search a better job in the software industry easily.

Trend Micro issues virtualisation security warning

Companies could be at risk if hackers turn their attentions away from the desktop

Attacks targeted at datacentres and virtualised environments could represent the next vanguard of threats if cyber criminals begin to shift their attention away from the increasingly well secured desktop, according to security experts.

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com


Trend Micro chief technology officer Raimund Genes told V3.co.uk that, despite the many benefits of cloud computing, the back-end virtual infrastructures of many clouds are potentially at risk.

“If the desktop becomes more difficult to attack they will focus on the datacentre,” he said. “VMware has done a good job with security, but is it 100 per cent flawless? The same is true with other providers. It’s something we need to be aware of.”

Genes also criticised Microsoft’s Essentials security tool for relying on an outdated anti-virus signature update system which is poor at protecting against zero-day threats and lacks the agility of a cloud-based protection network.

“Every malware is now zero-day,” he said. “Microsoft’s detection is lousy. It doesn’t use the cloud and it doesn’t offer exposure layer protection.”

Genes criticised the “security monoculture” that the free Essentials security tool could create, claiming that it will make it easier for hackers to circumvent.

His argument echoes that of Panda Security, which also railed against Microsoft’s free anti-virus product last month, calling for a European anti-trust investigation over the policy of pushing out the software via the Microsoft and Windows Update services.

Windows @ 25: 25 things you didn’t know about the Microsoft OS

It’s 25 years since Microsoft launched the first version of Windows, and what started out in November 1985 as a graphical front end for DOS has grown into the most widely used operating system. To mark Windows’ 25th, we’ve put together 25 facts about the OS to highlight some of the more memorable moments in its history.

1. The origins of Windows can be traced to September 1981 when Microsoft began working on a project entitled Interface Manager.

2. The release of Windows 1.0 in 1985 was actually two years later than planned. We’d be on Windows 8 now if they’d stuck to their schedules.

3. Microsoft supported Windows 1.0 until the final day of 2001, some 16 years later.

4. Windows 3.1, despite being first launched in 1992, found a niche role as an embedded operating system, and was still in use in 2008 by Virgin Atlantic and Qantas in some onboard entertainment systems on long-distance flights.


Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com


5. Fortune named Microsoft as the ‘Most Innovative Company Operating in the US’ in 1993 as sales of Windows started to rocket.

6. Many editions of Windows required endless floppy disks to install the system. For example, Windows 95 came on 13 disks.

7. Microsoft used Start Me Up by The Rolling Stones on adverts for the launch of Windows 95. The Stones were reportedly paid between $8m and $14m, but this is said to be a gross exaggeration.

8. Music was also part of the obligatory free stuff that Microsoft bundled in with Windows 95 – to be exact, a video of Buddy Holly by rock band Weezer to show off the system’s multimedia capabilities.

9. Microsoft also cashed in on the success of Friends in the 1990s by commissioning a promotional video, labeled a ‘cyber sitcom’, featuring Jennifer Aniston and Matthew Perry showing off the top 25 features of Windows 95. The firm claimed it was a “fast and funny” guide to the new operating system. It was anything but.

10. In the US, the Empire State Building was lit up to match the colours of the Windows logo for the 95 launch.

11. In the UK, Microsoft paid for 1.5 million issues of The Times to be given away with a bundled supplement about Windows 95 on the day it launched. This was twice the daily circulation of the paper at the time.

12. All this advertising clearly worked, as more than a million copies of Windows 95 were sold in the first four days after its release. How Microsoft executives must wish for a return to those days, instead of watching Apple enjoying queues of fans waiting for new products.

13. Nevertheless, Windows has a 91 per cent market share for client operating systems that use the internet, so those executives needn’t be too glum.

14. Bill Gates appeared in two adverts with American comedian Jerry Seinfeld in 2008 in which, as well as displaying what we’ll kindly refer to as questionable comic timing, he and Seinfeld made some sort of left-field comment on the way Windows had helped connect billions of people on the planet, or something like that.

15. Musician Brian Eno, of Roxy Music, composed Windows 95’s startup music. He produced 84 pieces before settling on the now famous sound.

16. There are estimated to be some 25 million Windows crashes everyday.

17. The successor to Windows XP, which eventually became Vista, was codenamed Longhorn during development stages, which is also a type of cow. You can draw your own comparisons.

18. Bill Gates is actually called William Henry Gates III and has a knighthood bestowed on him by the Queen, although more for his charity work than for Windows.

19. During the pre-release phase of Windows 98, Gates was hit by the Blue Screen of Death when showing off the new Plug and Play feature, something he managed to laugh off rather well.

20. Windows supports 34 languages including Hebrew, Latvian and Arabic.

21. Windows 8 is most likely to be released sometime around 2012, based on previous operating cycle timelines.

22. Windows XP is said to have 50 million lines of code, the figure rising with each new release.

23. It’s impossible to name a folder as ‘Con’ on Windows. Try it. On the desktop, in the hard drive, wherever you try, it will just revert back to the name ‘New Folder’.

24. Microsoft used US cities for codenames of some of the new Windows developments, such as Chicago for Windows 95 and Memphis for Windows 98.

25. And finally, while Windows has been a staple of the desktop computing environment for the past 25 years, another Microsoft attempt at providing a user interface for personal computers proved less successful, and was even placed in Time magazine’s 50 Worst Inventions.

It’s name? Microsoft Bob, a “front room” layout of the desktop environment that was essentially Clippy on steroids. It didn’t last long.

Making Windows 7 Home Premium the Ultimate OS, Part 4: Disk Encryption

As you step through the various Windows 7 product editions, an interesting picture emerges. Windows 7 Home Premium is, quite clearly, the sweet spot from a functionality perspective and the reason I consider this version to be the starting point for any Windows 7 user, and the focal point of this article. When you move up from Home Premium to Professional, you get a smaller bump in functionality, and if you look over the past two parts of this series, you’ll see some of the key Windows 7 features that are unique to Professional edition and the free or cheap tools I recommend to Home Premium users to replace them. But when you jump up from Professional to Ultimate, there’s an even smaller leap. In fact, there are really only two key features that are unique to Windows 7 Ultimate. And they’re both based around the notion of encryption-based data protection.

These features are so key, in fact, that I consider it almost criminal that Microsoft doesn’t make them available to all Windows users. I’d like to see that change in the future. But for now, you’ll need to seek out other ways to duplicate the functionality in the features Microsoft provides via its BitLocker and BitLocker To Go functionality.

BitLocker came first, in Windows Vista, and provides full-disk encryption for fixed hard drives. BitLocker To Go, meanwhile, debuts in Windows 7 and adds this same encryption functionality to removable storage media like USB memory keys. You can find out more about BitLocker To Go in my Windows 7 Feature Focus article.

I’ve found an excellent replacement for BitLocker, but have yet to find anything that is as seamless and well designed as BitLocker To Go. Fortunately, there’s a nice (if temporary) workaround you can take advantage of if you’d like to use BitLocker To Go. Here’s what I found.

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

Full disk encryption replacement: Zone Alarm DataLock

Cost: $20 (Normally $30)
Download: http://www.zonealarm.com/security/en-us/zonealarm-data-lock.htm
Description: Hard drive encryption makes everything on your computer’s hard drive unreadable to unauthorized eyes. It jumbles the data in such a way that it cannot be deciphered unless a special password is entered. If your laptop PC is stolen or lost, hard drive encryption prevents your personal data from getting into the wrong hands, even if you never recover your hardware. All your data is fully protected – even temporary and deleted files. Your encrypted hard drive is inaccessible unless a special login and password are entered. No password, no access – thieves are locked out. This login cannot be bypassed by removing the hard drive or by booting off a CD.

Notes: ZoneAlarm DataLock is essentially a consumer version of a Check Point product that’s been around for a while. I’ve been using it on my own Windows 7 Home Premium-based laptop (a ThinkPad SL410) and it appears to work quite well. As with any disk encryption solution, the actually encryption process is time consuming. But once it’s done, you won’t notice that it’s there–it doesn’t impact performance at all, from what I can tell–other than when you boot the computer, since there is a separate security logon at boot time.

There are a couple of interesting differences between DataLock and BitLocker (aside from the boot time logon). First, DataLock also works with Windows XP and Vista as well as Windows 7. Second, if you forget your boot-time logon, you can actually call ZoneAlarm to get it; Microsoft doesn’t offer any kind of BitLocker recovery functionality.

There are a few questions here. ZoneAlarm notes that “not all systems will be compatible” but doesn’t explain what that means. (I had no issues installing it, but I only did so on one system.) The product costs $20, and while ZoneAlarm says you don’t need to pay a yearly license fee, once you go beyond the first year of usage, you will need to pay a small renewal fee after the first year for ongoing technical support, which presumably includes logon recovery. Also, I noticed that Windows Home Server-based PC backup stopped working after installing DataLock. I will test whether reinstalling the WHS Connector software fixes this after I return from the trip I’m currently on.

Making Windows 7 Home Premium the Ultimate OS
There’s not a lot of UI to show here: It just sits in the background, protecting your data.
Other alternatives to BitLocker and BitLocker To Go

Here are some other reader recommendations for BitLocker and BitLocker To Go replacements that you may want to check out.
TrueCrypt

Cost: FREE
Download: http://www.truecrypt.org/
Description: TrueCrypt is free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux.

Main features:

* Creates a virtual encrypted disk within a file and mounts it as a real disk.
* Encrypts an entire partition or storage device such as USB flash drive or hard drive.
* Encrypts a partition or drive where Windows is installed (pre-boot authentication).
* Encryption is automatic, real-time (on-the-fly) and transparent.
* Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
* Provides plausible deniability, in case an adversary forces you to reveal the password.
* Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.

Notes: TrueCrypt is hard. But if you don’t mind navigating through a technical interface, it can basically do everything that BitLocker and BitLocker To Go can do. So you may find it worth the effort.
7Zip

Cost: FREE
Download: http://www.7-zip.org/
Description: 7-Zip is an open source file archiver with a high compression ratio. It supports strong AES-256 encryption in 7z and ZIP formats, so it’s possible, in a very manual way, to protect important documents and other data files on a USB hard drive or memory stick.

Windows 7 Annoyances

After the poor reception of Windows Vista by customers, Microsoft knew it had to retrench for that system’s successor, Windows 7. And retrench it did: Windows 7 has entered the market to universally positive reviews from the tech press and customers alike. Part of the reason is that Windows 7 is a more modest upgrade than was Windows Vista. And part of it is that Microsoft tried to create a more cohesive and simpler system than it had with Windows 7’s predecessor.

So Windows 7 is a huge success, no doubt about it. But if you’re coming to Windows 7 from a previous Windows version, you’re going to notice a number of changes–some big, some small–and that’s true if you were previously using Windows Vista, XP, or an even older version. And while Windows 7’s changes are mostly improvements, unfamiliarity can lead to a loss of productivity. So if you’re looking for a way to fix some of Windows 7’s most obvious annoyances, or simply change some crucial feature back to the way it used to work, fear not: I’ve got your back.

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

Taskbar

Looking at the Windows 7 user interface, the most obvious change is the new taskbar, which represents a major functional departure from the previous several Windows versions. Now, instead of just providing buttons that represent running applications and other open windows, the taskbar also comingles shortcuts for frequently-needed applications and other objects. If you’re familiar with Mac OS X, you may feel that the new taskbar is a rip-off of that system’s Dock. In many ways, however, it simply combines the functionality from the XP/Vista taskbar taskbar with the Quick Launch toolbar. Regardless of its origins, one thing is clear: The Windows 7 taskbar is different enough that it will cause some headaches for users who are accustomed to previous Windows versions.

Annoyance: By default, the Windows 7 taskbar displays only a single icon for every shortcut or button. So if you have several Internet Explorer windows (or tabs) open, you’ll only see one button. That can be confusing, but it also means there’s no descriptive text caption on the button to describe what the window(s) are displaying, as was the case with all previous Windows versions dating back to Windows 95.

Windows 7 Annoyances
How many windows of each application are actually open? It’s impossible to say.

Solution: Fortunately, you can overcome Microsoft’s less-than-ideal default taskbar behavior and arrive at a display that more closely resembles previous Windows versions. To do so, right-click a blank area of the taskbar and choose Properties. Then, in the Taskbar buttons pull-down, choose “Combine when taskbar is full.” This will cause the taskbar to make two display changes. First, each button (each of which represents an open application or window) will include a caption, and not just a nondescript icon. Second, when you open multiple windows of the same application (as with IE or Windows Explorer), each window will get its own button.

Windows 7 Annoyances
With a small change, the Windows 7 taskbar is much more usable.

Annoyance: Most people who use Windows 7 quickly come to accept the way it combines shortcuts (links to non-running applications and windows) with buttons (links to running apps and windows). But there is one bizarre limitation: You cannot add two links on the taskbar for the same application. This is particularly problematic for Windows Explorer links: If you’d like to place separate shortcuts for, say, the Documents and Pictures libraries, you can’t: Instead, Windows 7 places links to both of these locations into the Windows Explorer shortcut’s Jump List.

Solution: Fortunately, there is a way around this limitation. Here how it works: Create a shortcut to the Windows Explorer location you want on the desktop. Then, right-click the shortcut and choose Properties. In the Target field, add the word “explorer” (no quotes) before the folder path. (If the path has any spaces, the path must be inside quotes.) The shortcut’s icon will change to the default Windows Explorer icon, but you can of course change it again as needed. Now, pin this shortcut to the taskbar: Instead of pinning it to the existing Windows Explorer shortcut, it will create a new shortcut. Voila!

Annoyance: While many users will embrace the new taskbar, some wish to retain a separation between shortcuts and links to running applications and open windows. And many of these people miss the Quick Start toolbar, which Microsoft removed from Windows 7.

Solution: You can enable the Quick Launch toolbar in Windows 7. To do so, right-click a blank area of the taskbar and choose Toolbar and then New toolbar. In the Choose a folder window that appears, type the following text into the Folder field: “%userprofile%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch” (no quotes) and click Select Folder. You’ll see the Quick Launch toolbar appear in truncated form at the right of the taskbar. To modify this, unlock the taskbar (right-click and uncheck “Lock the taskbar”). Then, drag it where you’d like it and then disable two options, “Show text” and “Show title,” by right-clicking the Quick Launch toolbar. This will make the toolbar look as it did in previous Windows versions.

Windows 7 Annoyances
Yes, Virginia, you really can enable the Quick Launch toolbar in Windows 7.

Annoyance: Windows Vista included an excellent utility called Software Explorer, part of Windows Defender, that made it very easy to prevent applications from starting up when Windows boots and, in many cases, littering the notification area with unneeded icons. Windows 7, sadly, removes this utility.

Solution: Unless you want to hunt down a third party utility, you’re going to have to go old school on Windows 7 and stretch some pre-Vista plumbing skills. There are a number of places to look at if you wish to streamline the Windows 7 boot process, but one is key: The System Configuration utility–type “msconfig” (no quotes) in Start Menu Search to find it–is a spiritual predecessor of sorts to Software Explorer and it provides a list of startup apps in its Startup tab that you can edit.
Start Menu

Annoyance: While the Windows 7 Start Menu is largely unchanged from Windows Vista, many users of the new OS will be coming from Windows XP or older Windows versions, and they may prefer the classic Start Menu from those versions. Unfortunately, Microsoft has removed this option from Windows 7.

Solution: Fortunately, an enterprising third party developer makes available a Classic Start Menu replacement for the Windows 7 Start Menu, so you can get back the Start Menu that graced Windows 95 through Windows Vista. It’s part of the Classic Shell project (see below).
Windows Explorer

Annoyance: If it seems like Microsoft has changed the layout and capabilities of Windows Explorer with each new Windows version, well, they have. And this trend continues in Windows 7, which, like Windows Vista, no longer includes a number of useful toolbar buttons that were available in Windows XP and older Windows versions.

Solution: Once again, Classic Shell comes to the rescue. This Explorer plug-in provides missing buttons like Cut, Copy, Paste, Delete, and Properties, and provides other old-school functionality, such as bringing back the pre-Windows 7 file copy dialog. It also displays free disk space and the file/folder size in the Explorer window status bar. Just like XP.

Windows 7 Annoyances
Classic Shell adds a mini-toolbar to Windows Explorer (in the upper right), providing easy access to commands Microsoft removed.
Compatibility

Anytime Microsoft releases a new Windows version, there are fears that device or application compatibility issues will render an otherwise decent upgrade into a disaster. And while this was certainly true with Windows Vista, Windows 7 does a much better job of maintaining backwards compatibility. Of course, no software is perfect.

Annoyance: An application won’t install or run under Windows 7.

Solution: Like previous versions of Windows, Windows 7 provides a nice suite of compatibility tools. These tools allow the system to fool installers and application programs into believing that they are running under older versions of Windows, and they’re typically found in the Compatibility tab of the Properties window for the application in question. But Windows 7 makes it much easier to work through these issues thanks to a new Troubleshooting infrastructure that provides plain English wizards, with step-by-step walkthroughs for compatibility problems and a host of other common issues. To more easily determine whether an application can be made to run correctly under Windows 7, open the Action Center (“action” in Start Menu Search) and click the Troubleshooting link. Then, click the link titled “Run programs made for previous versions of Windows” under Programs and follow the steps in the Program Compatibility wizard.

Tip: You can run this wizard more quickly by typing “compat” into Start Menu Search.

Annoyance: An application still won’t install or run under Windows 7.

Solution: Some legacy applications simply won’t ever install or run correctly under Windows 7. In this case, new Windows features called Windows Virtual PC and Windows XP Mode will help you solve the problem using virtualization technology. Windows Virtual PC is the next generation version of Microsoft’s Virtual PC product. It requires hardware virtualization support in the PC’s microprocessor and BIOS, and offers some important benefits over its predecessors, including USB support and the ability to run virtualized (“guest”) applications alongside native (“host”) applications. Windows Virtual PC is available for free to all Windows 7 users.

Windows XP Mode is a specially packaged and complete virtualized version of Windows XP with Service Pack 3 (SP3). It is provided, for free, to all users of Windows 7 Professional, Enterprise, and Ultimate editions. And because it runs under Windows Virtual PC, any applications you installed inside this environment can run alongside your normal Windows 7 applications. It’s the perfect solution for those few remaining applications that simply won’t run in Windows 7 natively.
Windows Update

Annoyance: Microsoft has done a nice job of improving the Windows Update application in Windows 7, but one glaring issue remains. If you leave the PC unattended overnight and the system automatically installs critical or important security updates that require a reboot, you might get back to the PC in the morning to discover that all your applications have shut down and, potentially, you’ve lost some data.

Solution: You can prevent Windows Update from automatically rebooting your PC, though it will require a bit of work. The reason is that the Registry Key that controls this functionality is missing from Windows 7.

To do so, open the Registry Editor (Start Menu Search, “regedit”) and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Polices\Microsoft\Windows. Then, create a new key called WindowsUpdate and, inside of that key, another new key called AU. Inside of that key, create a new DWORD (32-bit) value named NoAutoRebootWithLoggedOnUsers. Modify its value data, setting it to 1. You will have to restart the computer for the change to take effect.
Final thoughts

Every version of Windows comes with new challenges and new ways of doing things. And while Windows 7 is does indeed represent a major functional improvement over its predecessor, it’s also different enough from Windows XP and Vista to cause a bit of grief. Fortunately, there are simple workarounds to most problems, and while any change can be traumatic, Windows 7 is, in many ways, the least annoying upgrade Microsoft has ever shipped.