MCSE Core Required Exams in a Nutshell: The required 70: 290, 291, 293 and 294 Exams (In a Nutshell (OReilly))

9.2. Exam 70-293 Suggested Exercises

Exam 70-293 includes many areas of study from Exams 70-290 and 70-291, and expects you to be able to take your knowledge of the related areas of study to the next level. You are expected not only to be a good administrator in these areas, but you are also expected to have the solid planning skills of a network designer. The measured skills are extended to include many new areas of study, including WAN connectivity, WAN configurations, NetBIOS name resolution, high availability, IPSec policy, and public key infrastructure.

You'll need plenty of hands-on and design experience to pass the exam. You'll need to review the study guide closely, especially any areas with which you are unfamiliar. This section provides a numbered list of exercises that you can follow to gain experience in the exam's subject areas. Performing the exercises will be useful to help ensure that you have hands-on and design experience with all areas of the exam.

For this exam, I recommend setting up two test networks or reconfiguring a single test network as necessary to get hands-on practice for the exam. The first network/configuration should include a domain controller, a workstation for administration, and a workstation for remote access testing. The second network/configuration is for planning and implementing high availability, and should include multiple servers running Windows Server 2003, configured as part of a domain environment.

In addition to performing the exercises below, you should also have experience using each of the Windows Server 2003 administrative tools described in the Study Guide.

9.2.1. Choosing Client Operating Systems

  1. Choose operating systems for a client deployment.

  2. List preferred operating systems for Active Directory support.

  3. List preferred operating systems for security.

  4. List nonpreferred operating systems and detail why those operating systems should not be used.

9.2.2. Choosing Server Operating Systems

  1. Choose operating systems for a server deployment.

  2. List the preferred Windows Server 2003 edition for use as a frontend web server.

  3. List the preferred Windows Server 2003 edition for use in a branch office.

  4. List the preferred Windows Server 2003 edition for use two-node clustering with four CPUs.

  5. List the preferred Windows Server 2003 edition for use 4-node clustering with 64 CPUs.

9.2.3. Planning and Implementing Server Roles

  1. Plan the deployment of a new network.

  2. List the server roles that need to be supported for Active Directory, dynamic addressing, name resolution with current clients and servers, and name resolution with pre-Windows 2000 clients and servers.

  3. Detail how the server roles will be implemented.

9.2.4. Planning a Strategy to Enforce System Default Security Settings on New Systems

  1. Create an outline for an enterprise-wide security plan.

  2. Identify potential security risks.

  3. Specify minimum security requirements.

  4. Specify the minimum set of required security features.

  5. Provide plans for meeting required security levels.

9.2.5. Developing a Security Policy

  1. Outline a plan for securing the organization's infrastructure.

  2. Outline a plan for implementing required security features.

  3. Outline a plan for ongoing management and evaluation of security.

9.2.6. Identifying Client and Server Operating System Default Security Settings

  1. Identify default security for filesystem permissions.

  2. Identify default security for share permissions.

  3. Identify default security for registry permissions.

  4. Identify default security for active directory permissions.

  5. Identify default security for account policies.

  6. Identify default security for local policies.

9.2.7. Planning Security for Computers That Are Assigned Specific Roles

  1. Create a plan for implementing baseline security on workstations in a high-security environment.

  2. Create a plan for implementing baseline security on domain controllers in a high-security environment.

  3. Create a plan for implementing baseline security for other server roles in a high-security environment.

  4. Create custom security templates for workstations, domain controllers, and servers with key roles in the organization.

9.2.8. Planning a Network Topology

  1. Plan the infrastructure for a network with multiple subnets, wireless connectivity, and a WAN connection to the Internet.

  2. List the hardware and software components required to implement the desired network infrastructure.

  3. Identify all required resources as part of your planning.

  4. Identify the Data Link Layer protocol to use.

  5. Identify the media types to use on the local subnets, wireless connections, and on the WAN connection.

  6. Plan the physical placement of network resources with regard to range limitations.

9.2.9. Planning a TCP/IP Network Infrastructure Strategy

  1. Create a plan for TCP/IP network infrastructure that supports 500 users who connect locally, wirelessly, and using remote access.

  2. Analyze and list the IP Addressing requirements for workstations and servers on multiple subnets.

  3. Plan an IP routing strategy to support dynamic addressing, network address translation, and remote access.

9.2.10. Creating an IP Subnet Scheme

  1. List the subnet IDs for /28 subnets on the Class C network 192.168.10.0.

  2. List the usable IP addresses in each subnet.

  3. List the broadcast IP address in each subnet.

9.2.11. Troubleshooting TCP/IP Addressing

  1. Disconnect a computer's network cable.

  2. Use the command line to diagnose the problem.

  3. Reconnect the computer's network cable.

  4. Configure invalid settings for TCP/IP.

  5. Use the command line to ping another computer on the network.

  6. Use netdiag to test the computer's configuration.

  7. Reconfigure the computer so it uses valid settings.

  8. Use neTDiag to test the computer's configuration.

9.2.12. Planning an Internet Connectivity Strategy

  1. Create an Internet connectivity plan that ensures the security of the internal network.

  2. Choose an Internet access solution to meet the needs of a small branch office with 50 users.

  3. Choose an Internet access solution to meet the needs of a regional office with 500 users.

  4. Choose an Internet access solution to meet the needs of a large central office with 5,000 users.

9.2.13. Planning a NetBIOS Name Resolution Strategy

  1. Create a name resolution plan for an organization with 500 users with a mix of client types.

  2. Plan the implementation of NetBIOS name resolution.

  3. Choose a name resolution strategy that uses LMHOSTS and WINS as appropriate.

  4. Choose a WINS replication strategy.

  5. Configure replication partners.

  6. Configure DHCP so DHCP clients to automatically get the correct WINS settings.

9.2.14. Planning a Routing Strategy

  1. Create an IP-routing strategy to support multiple subnets and WAN connections.

  2. Choose the appropriate routing protocols for LAN and WAN routing.

  3. Create a routing plan that supports multicast traffic.

9.2.15. Planning Security for Remote Access Users

  1. Analyze protocol security requirements.

  2. Plan authentication methods for remote access clients that use smart cards.

  3. Plan authentication methods for remote access clients that use Windows XP Professional.

  4. Plan authentication methods for remote access clients that use Windows 95.

9.2.16. Planning Security for VPN

  1. Create a plan for remote access using VPN with strict security requirements.

  2. Implement IPSec policy.

  3. Implement remote access policy.

9.2.17. Using Performance Monitoring

  1. Configure performance monitoring on a server as you would for a database server.

  2. Configure performance monitoring on a server as you would for a web server.

  3. Configure performance logging to monitor a server according to a schedule.

  4. Configuring a server with performance alerts for 95 percent or higher CPU utilization and less than 10 percent free space on all essential disks.

  5. Determine if a server has any performance bottlenecks.

9.2.18. Planning Server Availability

  1. Create a plan for ensuring high availability.

  2. Identify applications and services that can use Network Load Balancing.

  3. Identify applications and services that can use Microsoft Cluster Service.

9.2.19. Managing and Implementing Disaster Recovery

  1. Create a disaster recovery plan for a server.

  2. Create an Automated System Recovery (ASR) disk.

  3. Schedule full backups of the server on a weekly basis.

  4. Schedule daily differential backups on the server.

  5. Perform a test restore to original, alternate, and single locations.

9.2.20. Restoring Data from Shadow Copy Volumes

  1. Enable shadow copies on a volume.

  2. Create shadow copies of the volume's shares.

  3. Install the shadow copy client.

  4. Access the shadow copy of a share.

  5. Restore a corrupted or deleted file from previous version.

9.2.21. Planning and Configuring Network Protocol Security

  1. Create a Network Protocol security plan.

  2. Identify the ports used by DNS, WINS, DHCP, HTTP, Active Directory, and remote access.

  3. Identify the ports currently being used by a server.

  4. Configure TCP/IP filtering on a server running Windows Server 2003.

  5. Configure packet filtering on a RRAS server.

  6. Configure Windows Firewall on a workstation running Windows XP Professional.

9.2.22. Planning and Configuring an IPSec Policy for Secure Network Communications

  1. Create an IPSec plan for the network.

  2. Implement IPSec policy so IPSec is required.

  3. Confirm that IPSec policy is being applied.

9.2.23. Using Remote Desktop for Administration

  1. Configure a server so that it can be remotely managed using Remote Desktop.

  2. Open the Remote Desktop Connection client, and then click Options.

  3. Establish a remote session with the computer from a workstation or another server.

9.2.24. Using Remote Assistance

  1. Configure a server so that it can send Remote Assistance requests.

  2. While logged on to the server, ask for remote assistance.

  3. Accept the remote assistance request on another computer.

  4. Access the remote server and give assistance.

9.2.25. Planning Security for Wireless Networks

  1. Install a wireless network adapter on a computer running Windows XP Professional.

  2. Install a wireless router on the network.

  3. Configure the wireless devices to use infrastructure mode.

  4. Configure strict security through Wireless Policy in Active Directory.

9.2.26. Troubleshooting Security for Data Transmission

  1. Determine if IPSec is configured properly.

  2. Enable diagnostic logging for IPSec.

  3. Monitor IPSec policy to ensure that it is working correctly using IP Security Monitor.

  4. Determine through Resultant Set of Policy the GPO from which IPSec policy settings are being applied.

9.2.27. Configuring Software Update Infrastructure

  1. Install an update server.

  2. Configure policy so that updates are installed automatically.

  3. Configure policy so that the update server is used.

9.2.28. Planning and Configuring a Public Key Infrastructure That Uses Certificate Services

  1. Plan a Public Key Infrastructure for an Active Directory domain where smart cards will be used.

  2. Identify the appropriate type of Certificate Authorities to use.

  3. Plan the enrollment and distribution of certificates.

  4. Install Certificate Services.

Категории