Exam Reviews

Wizard of the Network

Your Knowledge in eight areas--DNS, DHCP, remote access, network protocols, IP routing, WINS, NAT, and Certificate Services--will prove your mastery of network infrastructures.

In your work as an administrator for Windows 2000, more and more of the services you'll work with are provided by the network operating system platform. These include DHCP for automated TCP/IP configuration, DNS for IP address name resolution, WINS for NetBIOS name resolution, and remote access and routing components. This core exam for the new Win2K MCSE title takes elements from the TCP/IP exams (70-053 and 70-059), then adds to it the networking components from the Windows NT Server 4.0 exams (RAS, Network Monitor, and binding order). It then affixes new Win2K features such as RRAS (which was added as a separate download after NT 4.0 and further improved in Win2K) and IPSec. If you've taken earlier exams that covered that ground, you probably realize this could represent quite a dangerous mix. However, the good news is that while the exam may test your knowledge in these areas thoroughly, you shouldn't encounter "trick" questions that check your knowledge of obscure features.

Implementing a Win2K Network (70-216)

Reviewer's Rating: "While the exam tests your knowledge in these areas thoroughly, you won't find trick questions that ask about obscure features."

Title: Implementing and Administering a Microsoft Windows 2000 Network Infrastructure

Who should take it? Core exam for the MCSE Windows 2000 track.

What class prepares you: No. 2153: Implementing a Microsoft Windows 2000 Network Infrastructure

New Question Types

The first thing that struck me when I tackled this test in its beta form was the large amount of text in the questions. It's likely that you'll need all of the time available to read, understand, and answer each question. Many questions had one or more exhibits to view (typically, a network diagram and perhaps a Win2K screenshot) in conjunction with the text.

Other than the multiple-choice questions we typically see in certification exams, there are two other question types worth mentioning. First, Win2K graphical simulation questions require you to click on the correct area of the screen to perform the desired action. If you can answer these types of questions, then Microsoft is convinced you know how to work with that particular functionality.

Second, be prepared for scenario questions. You're given a paragraph that describes the situation, followed by a list of desired objectives. You then read a list of steps that have been performed, and are asked to determine which of the objectives have been met. The available responses for this question are the list of desired objectives; you have to select all of the correct responses. This is an improvement over older scenario questions, in which you had to determine which of the required and optional objectives were met. However, these new questions can become a test of your reading comprehension as much as your technical knowledge.

Through the rest of this review, I'll provide some insights on eight core areas of this certification exam I think are worth considering as you prepare for the test.

  • Installing, configuring, managing, monitoring, and troubleshooting DNS, DHCP, remote access, network protocols, IP routing, and WINS.

  • Managing, monitoring, and troubleshooting Certificate Services and Network Address Translation (NAT).

Name Resolution

Win2K Active Directory relies on DNS to resolve names to IP addresses and also to find server resources. So we'd expect it to be an area that you'll need to know well in order to prove your expertise in supporting a network.

Make sure you spend time understanding the main types of resource records within DNS, their function, and what record types need to be added to the DNS given a particular scenario. Some of these records (WINS and SRV) may not be supported on other DNS platforms. As a network administrator, you need to be able to handle zone transfers between Win2K DNS and other platforms that don't understand these resource records. A common load-balancing technique between identical Web servers uses the DNS round-robin feature, in which multiple resource records have the same name and different IP addresses; spend some time learning how this works and setting it up.

Tip: Study the Windows 2000 Resource Kit chapter on DNS, Chapter 5 in the TCP/IP Core Networking Guide, for a good grounding in the subject.

You should also have a solid grasp of how dynamic update works in conjunction with DHCP-how to configure this and what it means for different clients (Win2K Professional and others). Also become familiar with some of the new Win2K features of DNS, such as incremental zone transfers. As you'll recall, zone transfers are how DNS updates are propagated through the network from the primary DNS to all of the secondary DNS.

A pure Win2K network no longer needs WINS; but since so many existing NT networks will be in mixed Win2K/NT 4.0 environments for the immediate future, we should still make sure we understand how to implement NetBIOS name resolution. Of course, WINS provides NetBIOS name-to-IP address resolution. So how is a WINS proxy used for non-NT machines that need to resolve NetBIOS names to IP addresses? Understand how to work with the WINS JET database (WINS.MDB) and the new WINS features such manual tombstoning, where we mark records for deletion and this deleted state is passed via WINS replication to the other WINS servers.

Tip: Bone up on the new WINS Users group that can use the WINS Microsoft Management Console (MMC) snap-in to read but not update access.

TCP/IP on the Fly

DHCP, or Dynamic Host Configur-sation Protocol, is another important aspect of Win2K. This lets you automatically configure TCP/IP for all of the clients on your network. Many small improvements in Win2K enable DHCP to better operate in larger enterprise environments. Make sure you know what's needed to be able to issue addresses-create the scope, activate the scope, and authorize the DHCP server with Active Directory (you'd better study access levels within AD as well, since not just any user or admin can perform the authorization). Multicast scopes are a new feature of Win2K, so spend some time understanding how these work and how to set them up. Do you know what superscopes are in DHCP and how to best use these when using multiple DHCP servers on the same subnet?

Tip: The Resource Kit chapter on DHCP, in Chapter 4 of the TCP/IP Core Networking Guide, has a section on superscopes that explains this well.

Just Like Being There

Routing and Remote Access Server, or RRAS, allows you to use Win2K as an IPX and IP platform, provide RAS dial-in, and also set up secure virtual private networks (VPNs) across non-dedicated network links. You should understand how to enable and configure RRAS and what all of the available configuration options do. Two areas to focus your practice on are integrating RAS with DHCP, and the new Win2K policy-based access controls for RAS. In the past, each user account was granted or denied access via dialup; but the new policy function lets you construct detailed conditions that grant or deny access via RAS.

Tip: Know this area very well! Work with it on your test machines until you can do it practically blindfolded.

The Path of Packets

Understand how to work with network binding order, and how to use the Network Monitor tool to trace packets to and from a Win2K server. Know how to configure TCP/IP packet filters for a given requirement. For example, in an Internet environment, how would you configure filters to allow a specific protocol (say, DNS or HTTP) but ignore all others? Spend time drilling down on network component configuration. Also, you'll need to understand the tools available for problem solving-what to use when, and what each tool can do for you. These include ipconfig, ping, nslookup, and tracert.

Tip: Spend some time with the new Win2K options for the ipconfig command: /registerdns, /displaydns, and /flushdns. Similarly, you need to be aware of what the netstat -RR command does.

Of course, with Win2K, you can expect to prove your mastery of IPSec. For instance, do you know what the preconfigured IPSec configurations do (Client, Server, and Secure Server), or how to apply IPSec configurations with Group Policy?

Network design involves IP subnetting territory, so make sure you're nimble with subnetting. As well as the regular xxx.xxx.xxx.xxx subnet format, make sure you understand how the network prefix format works. For example, an address of means that the 16 left-most bits of the IP address represent that network address, which is equivalent to a subnet mask of

Tip: As in previous exams, this topic boils down to two main types of question. In the first instance, a company has been assigned a given network address (say,, and then needs to use this to assign IP addresses to x clients on each of y different subnets. You need to determine which subnet mask fits the requirements. In the second type of question, you're given two IP addresses and asked to determine which subnet mask will put these into the same subnet or into different subnets. Often this question is posed as a problem-solving exercise: Machine A can't communicate with machine B (on a different IP network); you need to determine the correct subnet mask to ensure that machines A and B are on different subnets so that machine A correctly sends its packets for machine B via a router.

NAT and Certificate Services

With Internet Connection Sharing you need to understand how to ensure your users can connect to a shared Internet Connection once it's created and shared and your network IP address has been reconfigured to

Also make sure you understand how Encrypted File System works with keys and how Group Policy can control how your users' work with EFS.

Additional Information
To prepare for this exam, begin by reading Microsoft's Exam Preparation Guide at www.microsoft.com/trainingandservices/exams/

Words of Wisdom

I have no doubt that this exam will test every one of your brain cells-especially in your ability to read, understand, and answer each question in the allotted time. Learn from my mistake: I stayed up late cramming the night before the exam and had only a few hours of sleep. I started the exam fine, but after an hour or so my body was telling me it wanted to curl up and sleep in the corner. This is obviously not an ideal situation for exam-taking. Get plenty of rest beforehand so that you're at your best.

The test covers a wide stretch of ground in confirming your knowledge of Win2K networking. I suggest you read the TCP/IP Core Networking Guide from the Windows 2000 Resource Kit for its excellent and thorough coverage of troubleshooting, DHCP, DNS, WINS, and IPSec. While it won't answer every question you'll face on the exam, it will give you a great deal of useful background information. Chapter 1 provides an introduction to TCP/IP and covers the subnetting concepts you need as a knowledgeable network administrator. The Windows 2000 Server Internetworking Guide from the Resource Kit also covers RRAS extensively. Read and remember. Good luck!

comments powered by Disqus
Most   Popular