Wizard of the Network
Your Knowledge in eight areas--DNS, DHCP, remote access, network protocols, IP routing, WINS, NAT, and Certificate Services--will prove your mastery
of network infrastructures.
In your work as an administrator for Windows 2000, more
and more of the services you'll work with are provided
by the network operating system platform. These include
DHCP for automated TCP/IP configuration, DNS for IP address
name resolution, WINS for NetBIOS name resolution, and
remote access and routing components. This core exam for
the new Win2K MCSE title takes elements from the TCP/IP
exams (70-053 and 70-059), then adds to it the networking
components from the Windows NT Server 4.0 exams (RAS,
Network Monitor, and binding order). It then affixes new
Win2K features such as RRAS (which was added as a separate
download after NT 4.0 and further improved in Win2K) and
IPSec. If you've taken earlier exams that covered that
ground, you probably realize this could represent quite
a dangerous mix. However, the good news is that while
the exam may test your knowledge in these areas thoroughly,
you shouldn't encounter "trick" questions that check your
knowledge of obscure features.
a Win2K Network (70-216)
"While the exam tests your knowledge
in these areas thoroughly, you won't
find trick questions that ask about
Implementing and Administering a Microsoft
Windows 2000 Network Infrastructure
Who should take
it? Core exam for the MCSE Windows
What class prepares
you: No. 2153: Implementing a
Microsoft Windows 2000 Network Infrastructure
New Question Types
The first thing that struck me when I tackled this test
in its beta form was the large amount of text in the questions.
It's likely that you'll need all of the time available
to read, understand, and answer each question. Many questions
had one or more exhibits to view (typically, a network
diagram and perhaps a Win2K screenshot) in conjunction
with the text.
Other than the multiple-choice questions we typically
see in certification exams, there are two other question
types worth mentioning. First, Win2K graphical simulation
questions require you to click on the correct area of
the screen to perform the desired action. If you can answer
these types of questions, then Microsoft is convinced
you know how to work with that particular functionality.
Second, be prepared for scenario questions. You're given
a paragraph that describes the situation, followed by
a list of desired objectives. You then read a list of
steps that have been performed, and are asked to determine
which of the objectives have been met. The available responses
for this question are the list of desired objectives;
you have to select all of the correct responses. This
is an improvement over older scenario questions, in which
you had to determine which of the required and optional
objectives were met. However, these new questions can
become a test of your reading comprehension as much as
your technical knowledge.
Through the rest of this review, I'll provide some insights
on eight core areas of this certification exam I think
are worth considering as you prepare for the test.
- Installing, configuring, managing,
monitoring, and troubleshooting DNS,
DHCP, remote access, network protocols,
IP routing, and WINS.
- Managing, monitoring, and troubleshooting
Certificate Services and Network Address
Win2K Active Directory relies on DNS to resolve names
to IP addresses and also to find server resources. So
we'd expect it to be an area that you'll need to know
well in order to prove your expertise in supporting a
Make sure you spend time understanding the main types
of resource records within DNS, their function, and what
record types need to be added to the DNS given a particular
scenario. Some of these records (WINS and SRV) may not
be supported on other DNS platforms. As a network administrator,
you need to be able to handle zone transfers between Win2K
DNS and other platforms that don't understand these resource
records. A common load-balancing technique between identical
Web servers uses the DNS round-robin feature, in which
multiple resource records have the same name and different
IP addresses; spend some time learning how this works
and setting it up.
Tip: Study the Windows
2000 Resource Kit chapter on DNS, Chapter 5 in the
TCP/IP Core Networking Guide, for a good grounding
in the subject.
You should also have a solid grasp of how dynamic update
works in conjunction with DHCP-how to configure this and
what it means for different clients (Win2K Professional
and others). Also become familiar with some of the new
Win2K features of DNS, such as incremental zone transfers.
As you'll recall, zone transfers are how DNS updates are
propagated through the network from the primary DNS to
all of the secondary DNS.
A pure Win2K network no longer needs WINS; but since
so many existing NT networks will be in mixed Win2K/NT
4.0 environments for the immediate future, we should still
make sure we understand how to implement NetBIOS name
resolution. Of course, WINS provides NetBIOS name-to-IP
address resolution. So how is a WINS proxy used for non-NT
machines that need to resolve NetBIOS names to IP addresses?
Understand how to work with the WINS JET database (WINS.MDB)
and the new WINS features such manual tombstoning, where
we mark records for deletion and this deleted state is
passed via WINS replication to the other WINS servers.
Tip: Bone up on the new
WINS Users group that can use the WINS Microsoft Management
Console (MMC) snap-in to read but not update access.
TCP/IP on the Fly
DHCP, or Dynamic Host Configur-sation Protocol, is another
important aspect of Win2K. This lets you automatically
configure TCP/IP for all of the clients on your network.
Many small improvements in Win2K enable DHCP to better
operate in larger enterprise environments. Make sure you
know what's needed to be able to issue addresses-create
the scope, activate the scope, and authorize the DHCP
server with Active Directory (you'd better study access
levels within AD as well, since not just any user or admin
can perform the authorization). Multicast scopes are a
new feature of Win2K, so spend some time understanding
how these work and how to set them up. Do you know what
superscopes are in DHCP and how to best use these when
using multiple DHCP servers on the same subnet?
Tip: The Resource Kit chapter
on DHCP, in Chapter 4 of the TCP/IP Core Networking
Guide, has a section on superscopes that explains
Just Like Being There
Routing and Remote Access Server, or RRAS, allows you
to use Win2K as an IPX and IP platform, provide RAS dial-in,
and also set up secure virtual private networks (VPNs)
across non-dedicated network links. You should understand
how to enable and configure RRAS and what all of the available
configuration options do. Two areas to focus your practice
on are integrating RAS with DHCP, and the new Win2K policy-based
access controls for RAS. In the past, each user account
was granted or denied access via dialup; but the new policy
function lets you construct detailed conditions that grant
or deny access via RAS.
Tip: Know this area very
well! Work with it on your test machines until you can
do it practically blindfolded.
The Path of Packets
Understand how to work with network binding order, and
how to use the Network Monitor tool to trace packets to
and from a Win2K server. Know how to configure TCP/IP
packet filters for a given requirement. For example, in
an Internet environment, how would you configure filters
to allow a specific protocol (say, DNS or HTTP) but ignore
all others? Spend time drilling down on network component
configuration. Also, you'll need to understand the tools
available for problem solving-what to use when, and what
each tool can do for you. These include ipconfig, ping,
nslookup, and tracert.
Tip: Spend some time with
the new Win2K options for the ipconfig command: /registerdns,
/displaydns, and /flushdns. Similarly, you need to be
aware of what the netstat -RR command does.
Of course, with Win2K, you can expect to prove your mastery
of IPSec. For instance, do you know what the preconfigured
IPSec configurations do (Client, Server, and Secure Server),
or how to apply IPSec configurations with Group Policy?
Network design involves IP subnetting territory, so make
sure you're nimble with subnetting. As well as the regular
xxx.xxx.xxx.xxx subnet format, make sure you understand
how the network prefix format works. For example, an address
of 10.1.2.1/16 means that the 16 left-most bits of the
IP address represent that network address, which is equivalent
to a subnet mask of 255.255.0.0.
Tip: As in previous exams,
this topic boils down to two main types of question. In
the first instance, a company has been assigned a given
network address (say, 188.8.131.52), and then needs to
use this to assign IP addresses to x clients on each of
y different subnets. You need to determine which subnet
mask fits the requirements. In the second type of question,
you're given two IP addresses and asked to determine which
subnet mask will put these into the same subnet or into
different subnets. Often this question is posed as a problem-solving
exercise: Machine A can't communicate with machine B (on
a different IP network); you need to determine the correct
subnet mask to ensure that machines A and B are on different
subnets so that machine A correctly sends its packets
for machine B via a router.
NAT and Certificate Services
With Internet Connection Sharing you need to understand
how to ensure your users can connect to a shared Internet
Connection once it's created and shared and your network
IP address has been reconfigured to 192.168.0.1.
Also make sure you understand how Encrypted File System
works with keys and how Group Policy can control how your
users' work with EFS.
Words of Wisdom
I have no doubt that this exam will test every one of
your brain cells-especially in your ability to read, understand,
and answer each question in the allotted time. Learn from
my mistake: I stayed up late cramming the night before
the exam and had only a few hours of sleep. I started
the exam fine, but after an hour or so my body was telling
me it wanted to curl up and sleep in the corner. This
is obviously not an ideal situation for exam-taking. Get
plenty of rest beforehand so that you're at your best.
The test covers a wide stretch of ground in confirming
your knowledge of Win2K networking. I suggest you read
the TCP/IP Core Networking Guide from the Windows
2000 Resource Kit for its excellent and thorough coverage
of troubleshooting, DHCP, DNS, WINS, and IPSec. While
it won't answer every question you'll face on the exam,
it will give you a great deal of useful background information.
Chapter 1 provides an introduction to TCP/IP and covers
the subnetting concepts you need as a knowledgeable network
administrator. The Windows 2000 Server Internetworking
Guide from the Resource Kit also covers RRAS
extensively. Read and remember. Good luck!