Lesson Plans Managing a Windows 2003 Network Infrastructure

Lesson Plans Managing a Windows 2003 Network Infrastructure (Exam 70-291)

Table of Contents Course Overview... 2 Section 0.1: Introduction... 3 Section 1.1: Client Configuration... 4 Section 1.2: IP Addressing... 6 Section 1.3: Troubleshooting IP... 8 Section 2.1: Configuring DHCP... 9 Section 2.2: Managing Scopes... 10 Section 2.3: Configuring DHCP Options... 11 Section 2.4: Managing the DHCP Server... 13 Section 2.5: Troubleshooting DHCP... 14 Section 3.1: DNS Concepts... 15 Section 3.2: Configuring DNS... 16 Section 3.3: Managing DNS Records... 18 Section 3.4: Dynamic DNS Updates... 20 Section 3.5: Configuring DNS Clients... 21 Section 3.6: Active Directory-integrated Zones... 23 Section 3.7: Delegating Domains... 25 Section 3.8: Managing Root Zones and Hints... 26 Section 3.9: Stub Zones and Forwarding... 28 Section 3.10: Zone Transfers... 30 Section 3.11: Designing DNS... 32 Section 3.12: Troubleshooting DNS... 33 Section 4.1: Configuring Remote Access... 35 Section 4.2: Remote Access Clients... 37 Section 4.3: Remote Access Policies... 39 Section 4.4: Using Internet Authentication Service (IAS)... 41 Section 4.5: Troubleshooting Remote Access... 43 Section 5.1: Routing... 44 Section 5.3: Demand Dial Routing... 48 Section 5.4: Network Address Translation... 50 Section 5.5: DHCP Relay Agent... 51 Section 6.1: Firewalls and Proxies... 52 Section 6.2: Virtual Private Networking... 53 Section 6.3: IP Security (IPSec)... 54 Section 6.4: Templates... 56 Section 6.5: Security Principles... 57 Section 7.1: Services... 58 Section 7.2: Software Update Services... 60 Practice Exams... 61 Appendix A: Approximate for the Course... 62 1

Course Overview 0.0 Introduction This module introduces the course and covers the use of Network Monitor. 1.0 TCP/IP Configuration This module covers TCP/IP. Students learn how to configure clients, deploy IP addressing methods, and troubleshoot TCP/IP related problems. 2.0 Managing DHCP This module introduces DHCP. It provides an overview to the Dynamic Host Configuration Protocol (DHCP). It demonstrates the installation and configuration of the DHCP Server Service, and includes a DHCP troubleshooting section. 3.0 Managing DNS This module introduces DNS. The Domain Name System (DNS) links IP addresses to host names. In this module, students will learn about DNS and the role it plays in the network infrastructure. Concepts include zones queries, and name resolution. 4.0 Remote Access This module introduces remote access. A remote access server lets mobile or remote users connect to your network, typically through a modem. Once connected to the remote access server, users have access to all network resources. In this module, students will learn how to install and configure remote access. 5.0 Routing This module introduces routing. A router connects two or more networks, and allows packets to cross between networks. In this module, students will learn how to configure a Windows 2000 Server as a software router. 6.0 Network Security This module introduces the methods for establishing and maintaining security for network resources. 7.0 Network Services This module introduces the methods for managing and maintaining network services. Practice Exams In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. 2

Section 0.1: Introduction This section introduces the course and Network Monitor. Configure, capture, and display filters using Netmon. Enable dedicated capture mode. Increase Netmon buffers and reduce frame size in a capture. 303. Troubleshoot network protocol security. Tools might include the IP Security Monitor MMC snap-in, Event Viewer, and Network Monitor. 501. Monitor network traffic. Tools might include Network Monitor and System Monitor. When might you need to analyze and monitor network traffic? How can Network Monitor help you analyze network traffic? What is the difference between a counter, a filter, and a trigger? 0.1.1 Course Introduction 0:29 0.1.2 Network Monitor 7:48 0.1.3 Using Network Monitor 6:48 Total 15:05 Number of Exam Questions 4 questions Total About 20 minutes 3

Section 1.1: Client Configuration This section introduces the student to client configuration. Details include: Configuration settings for a TCP/IP network: o IP address o Subnet mask o Default gateway o Host name o DNS server o WINS server o MAC address Facts regarding TCP/IP configuration Configure basic TCP/IP settings on a client. Differentiate between host addresses, network IDs, or broadcast IDs. 101. Configure TCP/IP addressing on a server computer. What is the purpose of an IP address? What is the purpose of a subnet mask? What is the purpose of a default gateway? 1.1.1 TCP/IP Configuration 12:11 1.1.2 Configuring IP Settings 2:19 Total 14:30 Lab/Activity Configure IP Settings 4

Number of Exam Questions 2 questions Total About 25 minutes 5

Section 1.2: IP Addressing This section discusses the following details about IP addressing: Options for assigning IP addresses: o Static (manual) assignment o APIPA DCHP o Alternate Facts about IP address assignments Default IP addressing classes and masks Address ranges reserved for private addresses The first address in a range on the subnet is the subnet address The last address in a range on the subnet is the broadcast address Configure a client to use DHCP. Configure a client using Alternate IP Configuration. 101. Configure TCP/IP addressing on a server computer. What are the four ways to assign an IP address? What happens if any of the methods fail? 1.2.1 IP Addressing Methods 5:58 1.2.2 Configuring Client Addressing 1:18 Total 7:16 6

Lab/Activity Configure a Client for DHCP Configure an Alternate IP Address Number of Exam Questions 8 questions Total About 30 minutes 7

Section 1.3: Troubleshooting IP In this section students will learn the tools to troubleshoot IP. Use Ping, Tracert, Pathping, and Ipconfig to diagnose and correct TCP/IP problems. 102. Troubleshoot TCP/IP addressing. 103. Troubleshoot DHCP. What TCP/IP tools can you use for troubleshooting? What is the difference between Tracert, Ping, and Pathping? Which protocol do most of these tools use? 1.3.1 TCP/IP Troubleshooting 7:25 Number of Exam Questions 9 questions Total About 20 minutes 8

Section 2.1: Configuring DHCP This section discusses configuring DCHP server authorization. Install DHCP and create a simple scope. Authorize a DHCP Server. 101. Configure TCP/IP addressing on a server computer. o Manage DHCP. What is a scope? How can you change the subnet on a scope? What two security features must be enabled for a DHCP server to function correctly? 2.1.1 DHCP Concepts 5:06 2.1.2 Installing DHCP 2:03 Total 7:09 Lab/Activity Install and Authorize a DHCP server Authorize a DHCP server Number of Exam Questions 4 questions Total About 20 minutes 9

Section 2.2: Managing Scopes This section covers the managing of scopes. Create and activate scopes. Configure exclusion ranges and reservations. 101. Configure TCP/IP addressing on a server computer. o Manage DHCP scope options. What are the two ways to exclude IP addresses from a scope? What information is necessary to configure a reservation? What is the difference between a reservation and a manual IP assignment? 2.2.1 Creating and Activating a Scope 2:47 2.2.3 Adding Exclusions and Reservations 2:52 Total 5:39 Lab/Activity Create a Scope Create an Exclusion Range Create a Client Reservation Number of Exam Questions 5 questions Total About 25 minutes 10

Section 2.3: Configuring DHCP Options In this section the students will learn how to configure DHCP options. Details include: Options can be set at the following levels: o Server o Scope o Class o Reserved client Configure server, scope, and user/vendor class options. Design DHCP options to customize configuration and minimize administration. 101. Configure TCP/IP addressing on a server computer. o Manage DHCP. o Manage DHCP scope options. What is a DHCP option? What is the benefit of using options? What are some common options? What is the order of precedence between all of the different levels of options? 2.3.1 Scope and Server Options 5:55 2.3.2 Configuring DHCP Options 5:48 Total 11:43 11

Lab/Activity Configure Server Options Configure Scope Options Design Scope Options Design DHCP Options Number of Exam Questions 1 question Total About 35 minutes 12

Section 2.4: Managing the DHCP Server In this section the students will learn the steps for backing up and restoring DHCP. Backup and Restore DHCP. Move DHCP from one server to another. Enable conflict detection. 103. Troubleshoot DHCP. How can you back up DHCP? What is the purpose of conflict detection? What is the purpose of NIC bindings? 2.4.1 DHCP Server Management 7:10 2.4.2 Configuring DHCP Server Parameters 4:28 Total 11:38 Number of Exam Questions 2 questions Total About 15 minutes 13

Section 2.5: Troubleshooting DHCP This section presents some common problems you may encounter as you manage a DHCP server, and explains how to troubleshoot them. Detect and correct rogue DHCP server errors via client TCP/IP properties. Troubleshoot DHCP address assignment. 103. Troubleshoot DHCP. What are the steps of the DORA process? What three ways can we provide IP addresses to all clients in a routed network? What is a rogue DHCP server? What security is present in 2003 DHCP to prevent this? How can you detect rogue DHCP servers? 2.5.1 DHCP Lease Process 6:35 2.5.3 Monitoring DHCP Broadcasts 3:48 2.5.4 Managing DHCP Status 3:32 2.5.5 Rogue Servers 6:35 Total 20:30 Number of Exam Questions 8 questions Total About 35 minutes 14

Section 3.1: DNS Concepts This section discusses the following DNS concepts: Components of the DNS hierarchy o.(dot) domain (also called the root domain) o Top Level Domains o Additional domains o Hosts DNS name resolution process Identify the major components of DNS name resolution. Explain the DNS name resolution process. Create and manage DNS zones. What is the purpose of DNS? What are the steps in the client name resolution process? What are the steps in a DNS server's name resolution process? What is the purpose of subdomains? Is a zone the same thing as a domain? 3.1.1 DNS Concepts 8:39 3.1.2 DNS Name Resolution 16:09 3.1.4 DNS Zones 5:15 Total 30:03 Total About 35 minutes 15

Section 3.2: Configuring DNS This section covers the installation and configuration of DNS. Details include: Types of DNS zones: o Standard primary o Standard secondary o Reverse lookup o Active Directory-integrated Install the DNS service. Configure a DNS server with standard primary or secondary forward or reverse lookup zones. 201. Install and configure the DNS Server service. 202. Manage DNS. What is a zone? What is the difference between a standard primary and secondary zone? How do standard primary and secondary zones differ from Active Directory-integrated zones? What is the difference between a zone and a domain? What is a reverse lookup zone? 3.2.1 Installing and Configuring DNS 3:42 3.2.3 Creating Secondary Zones 5:37 3.2.5 Creating Reverse Lookup Zones 2:27 Total 11:46 16

Lab/Activity Install DNS and Create a Zone Install DNS and Create a Secondary Zone Create a Reverse Lookup Zone Number of Exam Questions 6 questions Total About 35 minutes 17

Section 3.3: Managing DNS Records This section builds on previous sections by covering more zone management tasks. In the last section you installed DNS on student computers and created a zone. This section builds on those tasks. Create, track, and manage the seven most common resource records. Troubleshoot resource records using the Netlogon service. 202. Manage DNS. o Manage DNS record settings. What are the seven most common resource records? What three kinds of servers receive NS records? What records are used to identify and locate domain controllers? What is round robin DNS? 3.3.1 Resource Records 10:50 3.3.3 Creating Resource Records 7:51 Total 18:41 Lab/Activity Create a Zone and Add Records Create A and CNAME Records Troubleshoot Name Resolution 1 Troubleshoot Name Resolution 2 Troubleshoot Name Resolution 3 18

Section 3.4: Dynamic DNS Updates This section covers dynamic DNS, the ability of a system to register its own records. Students will become familiar with how to enable, configure, and manage dynamic DNS. Configure DNS servers and clients for dynamic updates. Configure a DHCP server to proxy dynamic updates. 201. Install and configure the DNS Server service. 202. Manage DNS. How does dynamic DNS differ from standard DNS? How do you enable dynamic updates on a DNS server? What are secure dynamic updates? How can DHCP be used to help the dynamic update process? 3.4.1 Dynamic DNS 9:58 3.4.2 Configuring Dynamic DNS 4:10 Total 14:08 Lab/Activity Enable Dynamic DNS Updates Troubleshoot Dynamic DNS 1 Troubleshoot Dynamic DNS 2 Troubleshoot Dynamic DNS 3 Number of Exam Questions 7 questions Total About 40 minutes 20

Section 3.5: Configuring DNS Clients To make sure students understand client configuration, open the Advanced TCP/IP Settings dialog box and discuss each of the client settings options. Identify the primary suffix using System Properties. Configure a connection-specific suffix using advanced TCP/IP properties. Specify a suffix search order. 201. Install and configure the DNS Server service. o Configure DNS server options. 202. Manage DNS. What is the purpose of listing multiple DNS IP addresses on the client? What is a primary suffix? What is a connection-specific suffix? What is a parent suffix? What is the suffix search order? 3.5.1 DNS Client Configuration 7:54 3.5.2 Configuring DNS Clients 3:33 Total 11:27 Lab/Activity Configure DNS Server Addresses Configure Search Suffixes 1 Configure Search Suffixes 2 Configure DNS Client Registration 21

Section 3.6: Active Directory-integrated Zones Active Directory allows administrators to store DNS information in Active Directory in an Active Directory-integrated zone. Configure an Active Directory-integrated zone. Configure replication scopes. Disable zone transfers for AD-I zones. Enable secure dynamic updates. 201. Install and configure the DNS Server service. o Configure DNS zone options. 202. Manage DNS. o Manage DNS zone settings. What are some of the benefits of Active Directory-integrated (AD-I) zones? How do AD-I zones integrate with other zone types such as primary or secondary? What are the four replication scopes of an AD-I zone? How do AD-I zones integrate with non-microsoft DNS? How do you configure zone transfer with standard vs. AD-I zones? 3.6.1 Active Directory-integrated Zones 12:33 3.6.2 Managing Active Directory-integrated Zones 3:16 Total 15:49 Lab/Activity Create an Active Directory-integrated Zone Convert a Zone to Active-Directory Integrated 23

Section 3.7: Delegating Domains This section discusses delegating domains. Delegate domains. 201. Install and configure the DNS Server service. 202. Manage DNS. What is domain delegation? When would you need to delegate domain? What records are created when you delegate a domain? 3.7.1 Delegating a Domain 2:53 Lab/Activity Delegating a Domain Troubleshooting Delegation Total About 15 minutes 25

Section 3.8: Managing Root Zones and Hints This section covers managing root zones and hints. Zone transfer preserves the integrity of DNS data. This section builds on concepts introduced in earlier sections. Configure or delete a root zone. Configure other DNS servers to point to your server via root hints. Replace a missing or corrupt root hints file. 201. Install and configure the DNS Server service. 202. Manage DNS. What is the name resolution order for a DNS server? Why would you want to create a zone named. (dot)? What is the purpose of the root hints file? Why would you delete the root hints? What is the name and location(s) of the root hints file on a Windows 2003 server? 3.8.1 Root Hints 8:26 3.8.2 Managing Root Zones and Hints 3:22 Total 11:48 Lab/Activity Configure Root Hints Create a Root Zone 26

Section 3.9: Stub Zones and Forwarding This section discusses stub zones and forwarding. Configure forwarding and conditional forwarding. Configure a stub zone. 201. Install and configure the DNS Server service. o Configure DNS zone options. 202. Manage DNS. o Manage DNS zone settings. What configuration options do you have to control and manage name resolution? How does conditional forwarding differ from standard forwarding? How does a stub zone differ from a secondary zone? How do conditional forwarders differ from stub zones? 3.9.1 Stub Zones and Conditional Forwarding 12:54 3.9.2 Configuring a Stub Zone 2:10 3.9.4 Configuring Forwarding 2:30 Total 17:34 Lab/Activity Configure a Stub Zone Configure a Server to Use Forwarders Configure Conditional Forwarding 28

Section 3.10: Zone Transfers Zone transfer preserves the integrity of DNS data. This section builds on concepts introduced in earlier sections by introducing new record management practices. Configure a caching only server. Configure, manage, and troubleshoot zone transfers. Enable zone transfers to named and listed servers. 202. Manage DNS. 203. Monitor DNS. Tools might include System Monitor, Event Viewer, Replication Monitor, and DNS debug logs. What is zone transfer? What is the difference between AXFR and IXFR? How do primary and secondary zones share zone data with other DNS servers? What are the advantages of AD-I zones in relation to zone transfers? 3.10.1 Zones and Zone Transfer 13:50 3.10.2 Zone Transfers 1:04 3.10.3 Configuring a Caching Only Server 1:41 3.10.5 Configuring Zone Transfers 5:08 Total 21:43 30

Lab/Activity Configure a Caching Only Server Enable Zone Transfer to Name Servers Enable Zone Transfer to Listed Servers Disable Zone Transfer Troubleshoot Zone Transfer Number of Exam Questions 7 questions Total About 55 minutes 31

Section 3.11: Designing DNS This section provides guidelines for designing DNS. Zone types and configuration options include: Primary zone Secondary zone Reverse lookup zone Active Directory-integrated zone Caching only server Zone delegation Forwarders Conditional forwarding Stub zone Root zone Root hints Dynamic DNS Secure updates Implement a split-brain DNS solution. Design and manage a DNS solution. When using internal and external DNS, what are the three possible scenarios for the DNS namespace? What are the advantages and disadvantages of each of the three methods? What are the four goals of any split namespace design? 3.10.1 Zones and Zone Transfer 11:06 Total About 15 minutes 32

Section 3.12: Troubleshooting DNS This section presents tools and strategies to troubleshoot DNS. Details include: Tools o Nslookup o Dnscmd o Ping o Network Monitor o Ipconfigu o DNSLint Strategies to provide fault tolerance for DNS servers: o Use Active Direcotry-integrated zones o Create secondary zones o Back up the DNS database Effectively use Ipconfig with all available switches. Restart Netlogon to force re-registration of SRV records. Use Nslookup to list various resource record types. 203. Monitor DNS. Tools might include System Monitor, Event Viewer, Replication Monitor, and DNS debug logs. 502. Troubleshoot connectivity to the Internet. What are some of the troubleshooting tools available for DNS? How does using Ipconfig /registerdns differ from restarting the Netlogon service? How does Nslookup differ from Dnscmd? 33

3.12.1 DNS Troubleshooting 6:56 3.12.2 Monitoring DNS 3:31 Total 10:27 Number of Exam Questions 12 questions Total About 25 minutes 34

Section 4.1: Configuring Remote Access This section covers configuring remote access services. Details include: Methods to assign addresses to remote clients: o DHCP-delivered o Automatic assignment o Static IP address Considerations when configuring remote access Configure a remote access server. Configure addressing for remote access clients. 402. Manage remote access. o Manage Routing and Remote Access routing interfaces. What are the three steps in the remote access connection process? How can you implement a dial-up solution? How do remote access clients get an IP address for the remote access connection? 4.1.1 Remote Access 8:37 4.1.2 Configuring a Remote Access Server 5:47 Total 14:24 Lab/Activity Configure a Remote Access Server Reconfigure a Server for Remote Access 35

Section 4.2: Remote Access Clients This section deals primarily with the different types of authentication protocols. Students will become familiar with the uses of each protocol. Details include: Authentication protocols: o Password Authentication Protocol (PAP) o Shiva Password Authentication Protocol (SPAP) o Challenge Handshake Authentication Protocol (CHAP) o Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP v1) o Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) o Extensible Authentication Protocol (EAP) Protected EAP (PEAP) options for wireless clients: o PEAP-EAP-TLS o PEAP-MS-CHAP v2 Create a remote access client connection. Implement authentication protocols on the remove access client. 401. Configure Routing and Remote Access user authentication. o Configure remote access authentication protocols. What is the difference between authentication and authorization? What authentication protocols are supported by Windows remote access clients and servers? When should each authentication protocol be used? What authentication protocol is used with smart cards? 37

4.2.1 Configuring a Remote Access Client 3:15 4.2.3 Authentication Protocols 8:37 4.2.4 Configuring Client Authentication 2:54 Total 14:46 Lab/Activity Configure a Remote Access Client Connection Number of Exam Questions 5 questions Total About 30 minutes 38

Section 4.3: Remote Access Policies This section covers remote access policies. Policies are used to control access to the remote access server. You may want to make copies of the flow chart included with this section. Details in this section include: Components of a remote access policy: o Conditions o Permissions o Profile RAPCAP process Facts about RADIUS Configure remote access policies. Use the remote access policy logic to implement remote access solutions. Design remote access policies using conditions, permissions, and profile information to only allow authorized individuals access to the network. 401. Configure Routing and Remote Access user authentication. o Configure Routing and Remote Access policies to permit or deny access. How are remote access policies applied to incoming connections? Where are remote access policies stored? What is the difference between conditions, permissions, and profile settings? 4.3.1 Remote Access Policies 11:55 4.3.2 Configuring a Remote Access Policy 2:48 4.3.3 Configuring Profile Settings 2:58 4.3.6 Applying Remote Access Policies 0:57 Total 18:38 39

Lab/Activity Create a Remote Access Policy 1 Create a Remote Access Policy 2 Troubleshoot Remote Access Policies 1 Troubleshoot Remote Access Policies 2 Troubleshoot Remote Access Policies 3 Number of Exam Questions 10 questions Total About 60 minutes 40

Section 4.4: Using Internet Authentication Service (IAS) This section covers IAS, Microsoft s RADIUS implementation. Students do not need an in depth knowledge of IAS configuration. However, they do need a basic understanding of what IAS can do for a remote access environment, and how it works with remote access. Configure a remote access server as a RADIUS client. Configure the IAS server. Configure shared private keys for RADIUS clients and servers. 401. Configure Routing and Remote Access user authentication. o Configure Internet Authentication Service (IAS) to provide authentication for Routing and Remote Access clients. How does IAS differ from a normal remote access server? Why use it? How does IAS relate to RADIUS? What are the three A s handled by the IAS server? When using IAS, where are remote access policies stored? 4.4.1 IAS 3:06 4.4.2 How IAS Works 1:12 4.4.3 Configuring IAS 4:27 Total 18:38 Number of Exam Questions 3 questions Total About 25 minutes 42

Section 4.5: Troubleshooting Remote Access This section presents some common problems you may encounter as you manage remote access servers, and explains how to troubleshoot them. If you use remote access servers and have any troubleshooting examples of your own, this is a great time to share them with the class. Troubleshoot a remote access connection failure. Troubleshoot resource access through a remote access connection. 405. Troubleshoot Routing and Remote Access routing. What process does a remote access client use to establish a remote access connection? What troubleshooting steps should you take if a remote access connection fails? How do the troubleshooting steps differ depending on when the connection fails? Number of Exam Questions 1 question Total About 5 minutes 43

Section 5.1: Routing This section introduces IP routing. Students should be familiar with the basic concept of routing, but most won t be familiar with routing table contents or dynamic routing algorithms. Create a diagram with two routers and one client for each subnet. Label IP addresses and MAC addresses for each device. Enable LAN routing on a server. Add, modify, or delete routes in a static routing table. 403. Manage TCP/IP routing. o Manage routing protocols. o Manage routing tables. o Manage routing ports. What is the purpose of routing? What is a routing table? What routes are automatically added to the routing table when routing is enabled? 5.1.1 Routing Concepts 12:53 5.1.2 Configuring Routing 3:02 5.1.4 Configuring Static Routes 6:38 Total 22:33 Lab/Activity Enable LAN Routing Configure Static Routes 44

Section 5.2: Configuring Routing Protocols This section examines RIP routing, and shows students how to configure an RIP router. Configure RIP routing. Add interfaces to routing protocols. 403. Manage TCP/IP routing. o Manage routing protocols. o Manage routing tables. o Manage routing ports. What is the difference between static and dynamic routing? Under what circumstances do you not need to configure static routes or a routing protocol? When should you choose static routes over a routing protocol? How do RIP and OSPF differ? When should you choose each? In the remote access console, what does it mean to add an interface to a routing protocol? 5.2.1 Dynamic Routing 4:57 5.2.2 Configuring RIP 7:18 Total 12:15 Lab/Activity Configure RIP routing Configure a Routing Solution 1 Configure a Routing Solution 2 Configure a Routing Solution 3 46

Section 5.3: Demand Dial Routing This section introduces demand-dial routing and explains how to configure a demand-dial router. Configure a demand-dial connection with appropriate static routes and credentials. 405. Troubleshoot Routing and Remote Access routing. o Troubleshoot demand-dial routing. What is the purpose of demand-dial routing? How would you compare and contrast demand-dial routing with normal dial-up and normal routing? How do Dial-Out credentials differ from Dial-In credentials? How does a demand-dial filter differ from packet filters? 5.3.1 Demand Dial Routing 1:18 5.3.2 Configuring Demand Dial Routing 6:28 5.3.3 Configuring Demand Dial Properties 2:14 Total 10:00 Lab/Activity Configure Demand Dial Routing Configure Auto-static Routing Configure Demand Dial Solution 1 Configure Demand Dial Solution 2 48

Section 5.4: Network Address Translation This section explains how NAT works, and how to install and manage a NAT server. Create a diagram to show students how NAT works. Describe the Network Address Translation process and its purpose. Identify and use private IP address ranges. Explain IP packet structure and how NAT affects IPSec. What is the purpose of NAT? How does NAT accomplish its goal? What is address and port mapping? 5.4.1 Network Address Translation 7:53 5.4.2 How NAT Works 1:12 Total 9:05 Total About 10 minutes 50

Section 5.5: DHCP Relay Agent This section covers the use and configuration of a DHCP relay agent. Implement DHCP relay on a server. 101. Configure TCP/IP addressing on a server computer. o Manage DHCP Relay Agent. 103. Troubleshoot DHCP. o Verify that the DHCP Relay Agent is working correctly. How can you provide DHCP services in a routed network? Why would you implement DHCP relay? What tool do you use to configure a DHCP relay agent? What information does the DHCP relay need to function correctly? 5.5.1 Configuring a DHCP Relay Agent 2:11 Lab/Activity Configure a DHCP Relay Agent Number of Exam Questions 2 questions Total About 10 minutes 51

Section 6.1: Firewalls and Proxies This section examines security features, including ICF and packet filtering. Prepare a few packet filters before class. Secure a network using TCP/IP filtering, ICF, and packet filtering. Open or close common ports to control allowed traffic. 402. Manage remote access. o Manage packet filters. o Manage devices and ports. What is the purpose of a firewall? What are the basic methods we can use to block traffic through a router? What are the three firewalls built into Windows 2003 and how do they differ? What are the TCP/IP ports used by common traffic types? 6.1.1 Firewalls and Proxies 14:31 6.1.2 Configuring Packet Filters 3:16 Total 17:47 Number of Exam Questions 10 questions Total About 30 minutes 52

Section 6.2: Virtual Private Networking This section explains how a VPN functions. It also explains configuring and troubleshooting VPN clients and servers. Implement a client VPN connection. Configure a VPN server. Select and configure the appropriate tunneling protocol. 404. Implement secure access between private networks o Diagnose and resolve issues related to remote access VPNs. What is the purpose of a VPN connection? What are the two tunneling protocols available for use with VPNs? How do the two protocols differ? 6.2.1 Configuring the VPN Server 2:38 6.2.4 Configuring the VPN Client 3:39 Total 7:17 Lab/Activity Configure a VPN Server Configure VPN Ports Configure a VPN Client Connection Create a Dialup and VPN Connection Number of Exam Questions 10 questions Total About 40 minutes 53

Section 6.3: IP Security (IPSec) This section covers IPSec. Windows comes with the following three IPSec policies: Client (Respond Only) Server (Request Security) Secure Server (Require Security) Implement IPSec between two computers. Assign IPSec policies via Group Policy. Use the IPSecmon admin tool to analyze IPSec traffic. 302. Monitor network protocol security. Tools might include the IP Security Monitor Microsoft Management Console (MMC) snap-in and Kerberos support tools. 303. Troubleshoot network protocol security. Tools might include the IP Security Monitor MMC snap-in, Event Viewer, and Network Monitor. What is the purpose of IPSec? What are the three default IPSec policies and how do they interact? What is the easiest way to deploy uniform IPSec policies to a group of computers? 54

6.3.1 IPSec 20:09 6.3.2 How IPSec Works 1:09 6.3.3 Configuring IPSec 11:13 6.3.4 Monitoring IPSec 10:20 Total 42:51 Number of Exam Questions 11 questions Total About 55 minutes 55

Section 6.4: Templates Templates are one of the tools administrators can use to secure their systems and networks. This section builds on template concepts introduced in a previous course. Select the appropriate built-in security template for a given situation. Use Group Policy to deploy custom or built-in templates. Use the Security Configuration and Analysis tool or secedit.exe to apply a template or compare a template against existing security on a single computer. 301. Implement secure network administration procedures. o Implement security baseline settings and audit security settings by using security templates. What are the two purposes of security templates? What are the basic features of the built-in templates? What is the easiest way to deploy uniform security settings to a group of computers? What tools can be used to deploy templates to a single computer? 6.4.1 Templates 11:38 6.4.2 Configuring Security Templates 5:11 6.4.3 Analyzing Security Baselines 4:21 Total 21:10 Number of Exam Questions 9 questions Total About 35 minutes 56

Section 6.5: Security Principles By understanding the principles of security discussed in this section, students should be able to apply the principles in live situations. Use the Delegation of Control wizard to delegate necessary permissions to perform administrative tasks. Implement auditing and analyze security logs. 301. Implement secure network administration procedures. o Implement the principle of least privilege. What are the two basic goals of any security system? What is the principle of least privilege? What are some of the most important security considerations for computer systems? 6.5.1 Security Principles 4:04 6.5.2 Delegating Administrative Control 4:48 6.5.3 Configuring Auditing 7:06 Total 15:58 Number of Exam Questions 1 question Total About 20 minutes 57

Section 7.1: Services Services are vital to system and network functionality. Familiarize yourself with the different ways to manage services to be able to demonstrate the techniques to the students. Start, stop, and restart services. Modify the service startup behavior. Configure service failure recovery options. Identify service dependencies. Change a service s user account if necessary. 503. Troubleshoot server services. o Diagnose and resolve issues related to service dependency. o Use service recovery options to diagnose and resolve servicerelated issues. What is a service? What is service startup behavior and why might you modify this? What are the three user accounts that various XP/2003 services run under? What is a service dependency? 7.1.1 Services 4:05 7.1.2 Managing Services 4:31 Total 8:36 58

Lab/Activity Restart a Service Change Service Startup Type Configure Service Recovery 1 Configure Service Recovery 2 Configure Service Recovery 3 Configure Service Logon Number of Exam Questions 8 questions Total About 50 minutes 59

Section 7.2: Software Update Services This section covers the Software Update Services component of Windows Server 2003. SUS was introduced in a previous course, so students should already be aware of it. Install and configure SUS. Synchronize and approve updates for SUS clients. Implement Group Policy to point clients to the SUS server. Install the Automatic Updates Client on clients if necessary. 301. Implement secure network administration procedures. What is the purpose of Software Update Services (SUS)? What are the two basic steps to set up SUS after it is installed? What does a client need to use SUS? 7.2.1 SUS Review 3:12 Total About 5 minutes 60

Practice Exams This section provides information to help prepare students to take the exam and to register for the exam. Students will also have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. For example, all questions that apply to Objective 100. IP Addressing are grouped together and presented in practice exam 100. IP Addressing, All Questions. Students will typically take about 30-90 minutes to complete each of the following practice exams. 100. IP Addressing, All Questions (43 questions) 200. Name Resolution, All Questions (52 questions) 300. Network Security, All Questions (20 questions) 400. Routing and Remote Access, All Questions (61 questions) 500. Network Infrastructure, All Questions (19 questions) The Certification Practice Exam consists of 50 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 90 minutes -- just like the real certification exam. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. 61

Appendix A: Approximate for the Course The total time for the LabSim for Microsoft s Implementing a Server 2003 Network Infrastructure Exam 70-290 course is approximately 23 hours and 15 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements: Video/demo times Approximate time to read the text lesson (the length of each text lesson is taken into consideration) Simulations (5 minutes assigned per simulation) Questions (1 minute per question) The breakdown for this course is as follows: Module Sections Minute HR:MM 0.0 Introduction 0.1 Introduction 20 20 :20 1.0 TCP/IP Configuration 1.1 Client Configuration 25 1.2 IP Addressing 30 1.3 Troubleshooting IP 20 75 1:15 2.0 Managing DHCP 2.1 Configuring DHCP 20 2.2 Managing Scopes 25 2.3 Configuring DHCP Options 35 2.4 Managing the DHCP Server 15 2.5 Troubleshooting DHCP 35 130 2:10 3.0 Managing DNS 3.1 DNS Concepts 35 3.2 Configuring DNS 35 3.3 Managing DNS Records 50 3.4 Dynamic DNS Updates 40 3.5 Configuring DNS Clients 35 3.6 Active Directory-integrated Zones 30 3.7 Delegating Domains 15 3.8 Managing Root Zones and Hints 30 3.9 Stub Zones and Forwarding 45 3.10 Zone Transfers 55 3.11 Designing DNS 15 62

3.12 Troubleshooting DNS 25 410 6:50 4.0 Remote Access 4.1 Configuring Remote Access 30 4.2 Remote Access Clients 30 4.3 Remote Access Policies 60 4.4 Using Internet Authentication Service (IAS) 25 4.5 Troubleshooting Remote Access 5 150 2:30 5.0 Routing 5.1 Routing 40 5.2 Configuring Routing Protocols 35 5.3 Demand Dial Routing 35 5.4 Network Address Translation 10 5.5 DHCP Relay Agent 10 130 2:10 6.0 Network Security 6.1 Firewalls and Proxies 30 6.2 Virtual Private Networking 40 6.3 IP Security (IPSec) 55 6.4 Templates 35 6.5 Security Principles 20 180 3:00 7.0 Network Services 7.1 Services 50 7.2 Software Update Services 5 55 :55 Practice Exams 100: IP Addressing (43 questions) 43 200: Name Resolution (52 questions) 52 300: Network Security (20 questions) 20 400: Routing and Remote Access (61 questions) 61 500: Network Infrastructure (19 questions) 19 Certification Practice Exam (50 questions) 50 245 4:05 Total 1395 23:15 63