Lesson Plans Configuring Windows Server 2008 Network Infrastructure (Exam 70-642)
Table of Contents Course Overview... 3 Section 0.1: Introduction... 5 Section 0.2: Server Management... 6 Section 0.3: Remote Management... 8 Section 0.4: Mathematical Foundations... 9 Section 1.1: IPv4 Addressing... 10 Section 1.2: IPv4 Subnetting... 11 Section 1.3: IPv4 Host Configuration... 13 Section 2.1: IPv6... 15 Section 2.2: IPv6 Addressing... 16 Section 2.3: IPv6 Configuration... 18 Section 2.4: IPv6 Implementation... 20 Section 3.1: DHCP Configuration... 21 Section 3.2: DHCP Options... 23 Section 3.3: Advanced DHCPv4 Settings... 25 Section 3.4: Server Placement... 27 Section 3.5: Superscopes and Split Scopes... 29 Section 3.6: DHCPv6... 30 Section 4.1: DNS Concepts... 32 Section 4.2: Name Resolution... 34 Section 4.3: Zone Configuration... 35 Section 4.4: Active Directory-integrated Zones... 37 Section 4.5: Resource Records... 39 Section 4.6: Client Configuration... 40 Section 4.7: Dynamic DNS... 41 Section 4.8: Stub Zones and Forwarding... 43 Section 4.9: Root Hints and Root Zone... 45 Section 4.10: Zone Delegation... 46 Section 4.11: DNS Features... 47 Section 4.12: New DNS Features... 49 Section 4.13: Single-label Name Resolution... 51 Section 4.14: DNS Design... 53 Section 5.1: Routing... 55 Section 5.2: RIP... 57 Section 5.3: Demand-dial Routing... 59 Section 5.4: ICS and NAT... 61 Section 6.1: Remote Access Concepts... 63 Section 6.2: Dial-up and VPN... 65 Section 6.3: SSTP... 67 Section 6.4: CMAK... 69 Section 7.1: Network Location Profiles... 70 Section 7.2: RADIUS... 71 Section 7.3: Network Access Protection (NAP)... 73 1
Section 7.4: Network Authentication... 75 Section 7.5: Firewall... 77 Section 7.6: IPsec... 79 Section 7.7: DirectAccess... 81 Section 8.1: File Services... 83 Section 8.2: File Shares... 85 Section 8.3: Offline Files... 87 Section 8.4: NTFS Permissions... 88 Section 8.5: Share and NTFS Permissions... 90 Section 8.6: EFS... 91 Section 8.7: BitLocker... 93 Section 8.8: BranchCache... 95 Section 8.9: Distributed File System (DFS)... 97 Section 8.10: Shadow Copy... 99 Section 8.11: Backup and Restore... 101 Section 8.12: Disk Quotas... 103 Section 8.13: FSRM Features... 105 Section 8.14: Print Services... 107 Section 9.1: WSUS... 110 Section 9.2: Client Configuration... 112 Section 10.1: Reliability and Performance Monitor... 114 Section 10.2: Event Viewer... 116 Section 10.3: Network Monitor... 118 Section 10.4: SNMP... 120 Practice Exams... 122 Appendix A: Approximate for the Course... 123 2
Course Overview This course prepares students for the 70-642 Technology Specialist exam: Windows Server 2008 Network Infrastructure, Configuring. It focuses on the details of configuring the infrastructure of a network. Module 0 Introduction This module introduces Microsoft s recommendations of the technical experience a candidate should have before attempting the certification test. Students will become familiar with server and remote management tools. This module provides the mathematical calculations of how to convert numbers from binary to decimal and hexadecimal. This mathematical foundation is necessary for students to understand the IPv4 and IPv6 addresses they will be studying in the course. Module 1 IPv4 This module discusses the details of configuring IPv4 addressing and subnetting. This includes topics of converting IPv4 addresses from binary to decimal, converting subnet masks to slant notation, identifying Ipv4 classes and ranges of IP addresses, and determining local and non-local hosts. Students will learn how to customize the number of subnets and hosts allowed on each subnet. Module 2 IPv6 In this module students will learn why it will become necessary to migrate to IPv6. They will learn the basic format of IPv6 addresses, identifying IPv6 address types, and configuring IPv6 addresses using the GUI and command line. Interoperability strategies for implementing IPv4 and IPv6 are explored. Module 3 DHCP This module covers DHCP configuration, customization options, and advanced settings. Students will learn proper server placement to assure client communication with the DHCP server, the rationale for creating superscopes and split scopes, and DHCPv6 options. Module 4 DNS In Module 4 students will learn the details of how DNS translates host names to IP addresses and the process of DNS name resolution for both the client and server. Topics will also include; creating zone and zone transfers, creating or converting an Active Directory-integrated zone, creating and editing resource records, configuring client registration, automatically updating DNS using Dynamic DNS, resolving queries using stub zones and forwarding, using root hints and a root zone, managing zones through zone delegation, creating WINSintegrated zones and GlobalNames zones support, and implementing strategies and goals when designing a DNS solution. 3
Module 5 Routing Module 5 teaches the students the basics of routing and how to manage routing table entries. Students will become familiar with installing RRAS components, and configuring RIP, demand-dial routing, and ICS and NAT solutions. Module 6 Remote Access Module 6 discusses the details of configuring remote access and network authentication. Topics include; configuring a Remote Access server to use Dialup and VPN connections, configuring client connections, configuring a VPN using SSTP, and using CMAK to manage remote access. Module 7 Network Access and Security In Module 7 students will learn several strategies for controlling network access and enhancing network security. These will include: controlling network location profiles, configuring a RADIUS client, server and proxy, configuring a DHCP server as an enforcement point, enforcing network authentication using Kerberos and NTLM, configuring a firewall, and configuring IPsec to protect IP packets during transmission. Module 8 File and Print This module discusses managing network files and printing. Topics include: managing network file sharing and shared folders, controlling access using NTFS and share permissions, encrypting files and folders, protecting integrity of data through shadow copy, and backup and restore, restricting disk space using disk quotas and FSRM, and managing print services. Module 9 WSUS In this module students will learn how to configure a WSUS server and client to manage the updating of software. They will also learn how to use MBSA to scan for security compliance. Module 10 Performance and Reliability This module covers tools that are used to collect and monitor network data for performance and reliability. The Reliability and Performance Monitor provides network performance statistics. Event Viewer is used to monitor event logs. Network Monitor is used to gather information about network traffic. SNMP is used to manage network-attached devices. Practice Exams In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification test. 4
Section 0.1: Introduction This course prepares students for the 70-642 Technology Specialist exam: Windows Server 2008 Network Infrastructure, Configuring. Microsoft recommends at least one year experience in the following underlying technologies: IP addressing and services Names resolution File and print services Network access and remote access Monitoring network services This section introduces the instructor and the concepts that will be covered in this course. Video/Demo 0.1.1 Course Introduction 1:09 Total About 5 minutes 5
Section 0.2: Server Management This section discusses a new management console, Server Manager, used to install and manage server components. Details include: Server Manager elements: o Role o Role services o Feature Windows PowerShell cmdlets that support Server Manager in Windows Server 2008 R2 The role of Server Core o Limited GUI support o Limited set of server roles o Features available in Windows Server 2008 R2 o Other limitations: No windows Shell Limited managed code support Only MSI support for unattended mode installs o Managing a server core system Students will learn how to: Configure and manage a server using the Server Manager. Install roles on a Server Core server. Configuring Server 2008 Network Infrastructure Objectives 102. Configure Dynamic Host Configuration Protocol (DHCP) 201. Configure a Domain Name System (DNS) server. Lecture Focus Questions: What are the differences among roles, role services, and features? How are dependencies handled during role installation? How does the server core installation differ from a standard server installation? What are the limitations of a server core installation? What are the advantages? 6
Video/Demo 0.2.1 Using Server Manager 6:39 0.2.3 Server Core 1:37 0.2.4 Installing Roles on Server Core 6:05 Total 14:21 Total About 20 minutes 7
Section 0.3: Remote Management This section examines using the following remote management tools to manage a server: Remote Desktop Remote Desktop Gateway MMC snap-ins Remote Server Administration Tools (RSAT) Windows Remote Shell Students will learn how to: Enable Remote Desktop on a Server Core. Enable remote management of the firewall. Open firewall ports to allow remote use of MMC snap-ins. Lecture Focus Questions: How do firewall ports affect your ability to remotely manage a server? What firewall port must be opened for Remote Desktop connections? What advantage does using TS Gateway have over using Remote Desktop? What is the effect of enabling the Remote Administration exception in the firewall? What are the operating system requirements for RSAT? Which remote administration tools could you use if the firewall had only ports 80 and 443 open? Video/Demo 0.3.1 Remote Management 4:06 0.3.2 Managing Server Core 14:45 Total 18:51 Total About 25 minutes 8
Section 0.4: Mathematical Foundations This section explains the mathematical calculations to convert the following numbering systems: Base 2 - Binary Base 10 Decimal Base 16 - Hexadecimal For students to understand IPv4 and IPv6 addresses they will need to know how to convert from binary to decimal and hexadecimal. Configuring Server 2008 Network Infrastructure Objectives 101. Configure IPv4 and IPv6 Addressing. Lecture Focus Questions: How does the decimal form of the binary number 10000000 differ from 01000000? What formula can you use to find the decimal equivalent for the binary number 00010000? How can you determine the binary value of the decimal number 161? What is the binary value for the hexadecimal value of E? What is E's decimal value? How many hexadecimal digits replace a full binary octet? Video/Demo 0.4.1 TCP/IP Mathematics 12:13 Total About 15 minutes 9
Section 1.1: IPv4 Addressing In this section the students will learn how to convert IPv4 addresses and subnet masks from binary to decimal and how to convert subnet masks to slant notation. Students will learn: The five IPv4 classes of IP addresses with the range of IP addresses and the default subnet mask for each class. How to identify the Network ID, host ID, and the default gateway address to determine local and non-local hosts. Configuring Server 2008 Network Infrastructure Objectives 101. Configure IPv4 and IPv6 Addressing. o Configure IP address options Lecture Focus Questions: What is the format of an IPv4 address? What is the purpose of a subnet mask? What is the relationship between slash notation and the subnet mask? What is the default address class of the IP address 132.11.166.5? Video/Demo 1.1.1 IPv4 Addressing 6:10 1.1.2 Classful IPv4 Subnetting 11:22 Total 17:32 Total About 20 minutes 10
Section 1.2: IPv4 Subnetting This section discusses using IPv4 subnetting. Details include: Using a Variable Length Subnet Mask to vary the number of bits in the subnet mask to: o Subnet a single network address into multiple smaller subnets. o Create a supernet which combines multiple network addresses into a single larger subnet. Recommended subnetting tables for students to memorize: o Exponent values for powers of 2 o Binary subnet mask values and decimal equivalent values Students will learn how to: Given a network address and a custom mask, identify valid subnet addresses. Given a scenario with the desired number of hosts, choose a subnet address and mask. Given a subnet address and the subnet mask, identify valid host addresses on that subnet. Configuring Server 2008 Network Infrastructure Objectives 101. Configure IPv4 and IPv6 Addressing. o Subnetting o Supernetting Lecture Focus Questions: How many hosts can you have if you use a subnet mask of 255.255.255.192? How is a supernet different from a subnet? How can a magic number help you identify the possible subnet addresses when using a custom subnet mask? What is the decimal mask value for a /27 mask? How many approximate and actual hosts can you have when using a mask value of /23? What are the first and last addresses in a range used for? 11
Video/Demo 1.2.1 Variable Length Subnet Mask (VLSM) 17:19 1.2.3 IPv4 Subnetting Cheat Sheet 4:38 Total 21:57 Number of Exam Questions 4 questions Total About 30 minutes 12
Section 1.3: IPv4 Host Configuration This section explores IPv4 host configuration. Details include: Configuration values: o IP address o Subnet mask o Default gateway o Host name o DNS server o WINS server o MAC address Methods used to configure IPv4 configuration settings: o Static (manual) assignment o Dynamic Host Configuration Protocol (DHCP) o Automatic Private IP Addressing (APIPA) o Alternate IP configuration Commands to configure Windows host with IPv4 configuration parameters TCP Chimney offloading Students will learn how to: Configure static and automatic IPv4 addressing. Specify an alternate IPv4 configuration. Use the command line to configure IPv4 settings. Configuring Server 2008 Network Infrastructure Objectives 101. Configure IPv4 and IPv6 Addressing. o Configure IP address options Lecture Focus Questions: What is the purpose of an alternate IPv4 configuration? When is a static configuration advantageous? When does a Windows computer use APIPA? What are its limitations? How can you tell when a computer has used APIPA to configure its IP address? What does the MAC address identify? 13
Video/Demo 1.3.1 IPv4 Configuration 4:35 1.3.3 Configuring IPv4 Client Addressing 2:33 1.3.7 Using Netsh 7:32 1.3.9 Allowing Ping through the Firewall 3:45 Total 18:25 Lab/Activity Configure IP Settings Configure Automatic and Alternate Addressing Configure a Subnetted Address Number of Exam Questions 10 questions Total About 50 minutes 14
Section 2.1: IPv6 This section discusses the need to migrate from IPv4 to IPv6. IPv4 was developed in 1974 and due to the rapid Internet growth we are running out of IPv4 addresses. Students will become familiar with the new features in IPv6 that are designed for the long term health and security of networks. Configuring Server 2008 Network Infrastructure Objectives 101. Configure IPv4 and IPv6 Addressing. Lecture Focus Questions: What are the reasons for the shift from IPv4 to IPv6? How does IPv6 make route summarization more efficient? How is IPsec treated differently in IPv6 than in IPv4? Why is NAT not needed when using IPv6? Video/Demo 2.1.1 IPv6 Concepts 3:47 Total About 5 minutes 15
Section 2.2: IPv6 Addressing Students will learn the basic format of IPv6 addresses. IPv6 is a 128 bit address in which the first 64 bits called the prefix identifies the network and subnet address and the last 64-bits is the interface ID which identifies the network connection. They will also learn how to obtain the EUI-64 interface ID from the MAC address. Features of an IPv6 address Address types for IPv6: o Reserved o Multicast o Unicast Global unicast Link-local Unique local o Anycast o Loopback o Unspecified Details of the IPv6 64-bit prefix Configuring Server 2008 Network Infrastructure Objectives 101. Configure IPv4 and IPv6 Addressing. o Configure IP address options o Subnetting o Supernetting Lecture Focus Questions: What is the format of an IPv6 address? How can you represent leading zeroes and groups of zeroes in IPv6? Which type of IPv6 address uses the FC00::/7 prefix? How can you identify a link-local address? What does IPv6 use instead of a broadcast address? How can you easily identify IPv6 multicast addresses? What does the address ::1 represent? What is the purpose of the prefix length? What are the steps for deriving the EUI-64 interface ID from the MAC address? 16
Video/Demo 2.2.1 IPv6 Addressing 3:57 2.2.3 IPv6 Address Types 8:42 2.2.5 IPv6 Prefix and Subnetting 11:54 2.2.7 IPv6 Interface ID 3:27 Total 28:00 Total About 40 minutes 17
Section 2.3: IPv6 Configuration This section examines the following details about IPv6 configuration: Methods to configure IPv6 information on a host: o Static full assignment o Static partial assignment o Stateless autoconfiguration o DHCPv6 The process to configure the IPv6 address for an interface States of an autoconfigured IPv6 address: o Tentative o Valid Preferred Deprecated o Invalid Commands to configure Windows hosts with IPv6 configuration parameters Students will learn how to: Configure IPv6 addresses using the GUI and the command line. Configure an advanced firewall rule to allow the ping command. Specify the IPv6 address and scope ID when using ping for a link-local address. Configuring Server 2008 Network Infrastructure Objectives 101. Configure IPv4 and IPv6 Addressing. o Configure IP address options o Subnetting Lecture Focus Questions: How does a host get its IPv6 address when using stateless autoconfiguration? What information does the DHCP server provide when using stateless DHCPv6? What address does a host use to request an address from a DHCP server? What is the difference between the M and O flags? What are the five states of an autoconfigured IPv6 address? How is the interface ID determined in static partial assignment? 18
Video/Demo 2.3.1 IPv6 Configuration Facts 4:54 2.3.2 IPv6 Autoconfigured Address States 3:58 2.3.5 Configuring IPv6 Addresses 8:24 2.3.6 Using IPv6 Ping 8:09 Total 25:25 Number of Exam Questions 6 questions Total About 35 minutes 19
Section 2.4: IPv6 Implementation In this section students will learn various strategies for implementing IPv4 and IPv6 interoperability: Dual stack Tunneling o Manually configured tunnel o Intra-site Automatic Tunnel Addressing Protocol (ISATAP) o 6-to4 tunneling o Teredo tunneling PortProxy Configuring Server 2008 Network Infrastructure Objectives 101. Configure IPv4 and IPv6 Addressing. o Interoperability between IPv4 and IPv6 Lecture Focus Questions: How does IPv6 support differ on various Microsoft operating systems? What limitations does ISATAP have for IPv6 implementation? Which IPv6 tunneling methods work through NAT? When should you implement Teredo? When is 6to4 tunneling automatically configured in Windows Server 2008? What technology allows an IPv4-only host to communicate with an IPv6- only host? Video/Demo 2.4.1 IPv4 and IPv6 Interoperability 9:46 2.4.2 IPv6 Implementation in Server 2008 1:49 Total 11:35 Number of Exam Questions 3 questions Total About 20 minutes 20
Section 3.1: DHCP Configuration This section discusses how to configure a DHCP server to deliver IP addresses to clients. Details include: Methods to obtain an address from a DHCP server: o DHCP Discover (D) o DHCP Offer (O) o DHCP Request (R) o DHCP ACK (A) Authorizing a DHCP server Objects to configure a DHCP server to deliver IP addresses: o Scope o Exclusion o Reservation The process to configure an existing server running server core for DHCP Using link layer filter to control the issuance or denial of DHCP leases based on MAC address for IPv4 Students will learn how to: Install and authorize a DHCP server. Create and activate scopes. Configure exclusion ranges and reservations. Configuring Server 2008 Network Infrastructure Objectives 102. Configure Dynamic Host Configuration Protocol (DHCP). o DHCP options o Exclusions o Authorize server in Active Directory o Scopes Lecture Focus Questions: What are the steps a client uses to acquire an address from DHCP? When must you authorize a DHCP server? What permissions do you need to authorize a DHCP server? Why does a DHCP server shut down if its address is not found in Active Directory? What does this protect against? How are reservations different from exclusions? How can you change the subnet on a scope? What are the two ways to exclude IP addresses from a scope? 21
What information is necessary to configure a reservation? Video/Demo 3.1.1 DHCP Concepts 5:16 3.1.3 Installing DHCP 3:25 3.1.5 Configuring DHCPv4 Scopes 4:28 3.1.9 Using DHCP MAC Address Filtering 4:11 Total 17:20 Lab/Activity Authorize DHCP Servers Create a Scope Create Exclusion Ranges Create Client Reservations Number of Exam Questions 10 questions About 50 minutes 22
Section 3.2: DHCP Options In this section students will learn about DHCP options to deliver a wide range of TCP/IP configuration parameters. Details include: Common option that can be used to configure DHCP: o 003 Router o 006 DNS Servers o 015 DNS Domain Name o 044 WINS/NBNS Servers o 046 WINS/NBT Node Type Levels that the DHCP options can be set at: o Server o Scope o Reservation Students will learn how to: Configure server, scope, and user/vendor class options. Design DHCP options to customize configuration and minimize administration. Configuring Server 2008 Network Infrastructure Objectives 102. Configure Dynamic Host Configuration Protocol (DHCP). o DHCP options Lecture Focus Questions: What are the most common DHCP options? Where can you configure DHCP options? How can you determine which options take precedence? How are DHCP options configured for IPv4 and IPv6? 23
Video/Demo 3.2.1 DHCPv4 Options 3:55 3.2.2 Create DHCP Options 6:43 Total 10:38 Lab/Activity Configure Server Options Configure Scope Options Design Scope Options Design DHCP Options Number of Exam Questions 1 question Total About 30 minutes 24
Section 3.3: Advanced DHCPv4 Settings This section examines using advanced DHCPv4 settings to optimize DCHP server performance. Details include Advanced DHCPv4 settings: o Bindings o Backup and Restore o Dynamic DNS o Conflict Detection The role of Bootstrap Protocol (BOOTP) Components required by BOOTP o Client workstation o DHCP server o TFTP server Steps to configure a DHCP server to support Bootstrap Protocol (BOOTP) clients for diskless network boot Students will learn how to: Configure server bindings. Backup or restore a DHCP server. Configure proxy settings for dynamic DNS updates. Set the number of conflict detection attempts. Configuring Server 2008 Network Infrastructure Objectives 102. Configure Dynamic Host Configuration Protocol (DHCP). o Creating new options o PXE boot Lecture Focus Questions: How does conflict detection work? How can this affect system performance? How can you transfer the DHCP configuration from one server to another? Why would you configure BOOTP? Which options should you configure through the BOOTP table and not DHCP options? What should you do so that host names for computers running Windows NT 4.0 are automatically registered using DDNS? 25
Video/Demo 3.3.1 Advanced DHCPv4 Settings 2:00 3.3.2 Configuring Advanced Settings 2:49 Total 4:49 Number of Exam Questions 6 questions Total About 15 minutes 26
Section 3.4: Server Placement In this section students will learn how DHCP server placement affects the ability of clients to communicate with the DHCP server. The following strategies to provide DHCP for multiple subnets are presented: DHCP server on each subnet Multihomed DHCP server BOOTP forwarding DHCP relay agent Students will learn how to: Configure a DHCP relay agent. Configuring Server 2008 Network Infrastructure Objectives 101 Configure IPv4 and IPv6 addressing. o Multi-homed 102. Configure Dynamic Host Configuration Protocol (DHCP). o DHCP relay agents Lecture Focus Questions: How can you provide DHCP services to clients on subnets that do not have a DHCP server? What is a multihomed server, and how is it used with DHCP? How does a DHCP relay agent differ from a router that has BOOTP forwarding enabled? What are the advantages to having a DHCP server on every subnet? How can BOOTP forwarding affect your network? Video/Demo 3.4.1 DHCP Server Placement 4:16 3.4.3 Configuring a DHCP Relay Agent 1:27 Total 5:43 27
Lab/Activity Configure a DHCP Relay Agent Number of Exam Questions 4 questions Total About 15 minutes 28
Section 3.5: Superscopes and Split Scopes This section discusses how and when to use superscopes and split scopes. Superscopes are used to combine multiple address ranges into a single logical range. Split scopes provide fault tolerance by two DHCP servers servicing a portion of each range for each subnet. Students will learn how to: Use the 80/20 rule to create a split scope. Configuring Server 2008 Network Infrastructure Objectives 102. Configure Dynamic Host Configuration Protocol (DHCP). o Scopes Lecture Focus Questions: What are the reasons for deploying a superscope? When using multiple DHCP servers for a single scope, how should you configure the scope range for each server? Why do you configure an exclusion for a part of the address range? How should you configure the relay agent to ensure that the preferred server responds before the backup server in a split scope deployment? How does a clustered server provide fault tolerance? Video/Demo 3.5.1 Superscopes and Split Scopes 8:01 Lab/Activity Add a DHCP Server on Another Subnet Number of Exam Questions 3 questions Total About 15 minutes 29
Section 3.6: DHCPv6 This section examines configuring DHCPv6. Details include: Methods to assign IPv6 addresses to clients: o Stateless DCHPv6 o Stateful DHCPv6 Messages exchanged between the client and the DHCP when stateful DHCPv6 is used: o Solicit Packet (S) o Advertise Packet (A) o Request Packet (R) o Reply Packet (R) Students will learn how to: Create and activate an IPv6 scope using the global unicast prefix. Include address range exclusions as part of an IPv6 scope. Configuring Server 2008 Network Infrastructure Objectives 102. Configure Dynamic Host Configuration Protocol (DHCP). o DHCPv6 Lecture Focus Questions: What configuration information is provided by IPv6 routers when using IPv6 autoconfiguration? How does this differ from using APIPA with IPv4? What are the messages used to configure clients in stateful DHCPv6? Under what circumstances do you use stateful DHCPv6? What are the flag settings? What makes autoconfiguration of IPv6 hosts possible? Video/Demo 3.6.1 DHCPv6 4:01 3.6.2 Configuring DHCPv6 4:10 Total 8:11 30
Number of Exam Questions 2 questions Total About 10 minutes 31
Section 4.1: DNS Concepts In this section students will learn concepts of how the Domain Name System (DNS) translates host names to IP addresses. DNS is a distributed database with multiple servers holding different portions of the data. Components of the DNS hierarchy o.(dot) domain o Top Level Domains (TLDs) (.com,.edu,.gov) o Second-level and additional domains o Hosts Terms that relate to DNS: o A fully qualified domain name (FQDN) o Forward lookup o Authoritative server o Referral o Recursion Authoritative DNS zones: o Primary o Secondary o Active Directory-integrated Zone types: o Forward lookup zone o Reverse lookup zone Common resource records: o SOA (Start of Authority) o NS (name server) o A (host address) o AAAA (quad-a) o PTR (pointer) o CNAME (canonical name) o MX (Mail Exchanger) o SRV (service locator) o WINS and WINS-R resource records The role of Dynamic DNS (DDNS) Secure DDNS Configuring Server 2008 Network Infrastructure Objectives 201. Configure a Domain Name System (DNS) server. 202. Configure DNS zones. o Zone types o Dynamic Domain Name System (DDNS) 32
o Secure DDNS o Reverse lookup zones 203. Configure DNS records. o Record types Lecture Focus Questions: What is the purpose of DNS? How does an FQDN identify a host? How is an Active Directory-integrated zone different from a primary zone? How is secondary zone data changed? What is the difference between a forward lookup zone and a reverse lookup zone? What is the purpose of PTR records? How does DDNS simplify DNS management? What type of zone would you create if you wanted to use secure dynamic updates? Video/Demo 4.1.1 DNS Concepts 8:44 4.1.3 Authoritative Zones 8:28 4.1.5 Resource Records 4:52 4.1.7 Dynamic DNS 2:41 Total 24:45 Total About 30 minutes 33
Section 4.2: Name Resolution This section examines the process of DNS name resolution for both the client and the server. Details include: On the client side, there are three checks a client can go through to resolve a DNS name to an IP address: o Hosts file o Local DNS cache o DNS server Command to view the local DNS cache (ipconfig /displaydns) Command to clear the local DNS cache (ipconfig /flushdns) The DNS name resolution process on the server: Configuring Server 2008 Network Infrastructure Objectives 205. Configure name resolution for client computers. Lecture Focus Questions: How does the DNS resolution process on a client differ from the resolution process on a server? Why are there two different DNS cache locations on a DNS server? How do entries in the HOSTS file affect name resolution? What are root hints and how do they affect name resolution performed by a DNS server? Video/Demo 4.2.1 DNS Client Name Resolution 9:41 4.2.2 DNS Server Name Resolution 3:54 4.2.3 Examining Name Resolution 7:26 Total 21:01 Number of Exam Questions 1 question Total About 25 minutes 34
Section 4.3: Zone Configuration In this section students will learn the basics of zone configuration. Configuring the DNS server role The role of A zone transfer The role of a reverse lookup zone Students will learn how to: Add the DNS server role to a server. Create primary, secondary, and reverse lookup zones. Configure zone transfers between primary and secondary zones. Configuring Server 2008 Network Infrastructure Objectives 201. Configure a Domain Name System (DNS) server. o Cache-only 202. Configure DNS zones. o Reverse lookup zones 204. Configure DNS replication. o DNS secondary zones o Securing zone transfer o SOA refresh Lecture Focus Questions: How does a caching-only server reduce name resolution traffic? How can a secondary zone provide security for a DNS domain? What is the role of the SOA record during a zone transfer? What are the advantages to changing zone data through the dnscmd command rather than manually editing the zone file? Why would you choose a secondary server over a caching-only server? What type of name resolution is performed by reverse lookup zones? 35
Video/Demo 4.3.1 Creating a Primary Zone 7:17 4.3.3 Creating Secondary Zones 8:12 4.3.6 Reverse Lookup Zones 6:14 4.3.7 Creating Reverse Lookup Zones 4:15 Total 25:58 Lab/Activity Create a Primary Zone Create a Secondary Zone Create a Reverse Lookup Zone Number of Exam Questions 19 questions Total About 65 minutes 36
Section 4.4: Active Directory-integrated Zones This section discusses how Active Directory-integrated zones can be used to manage zone information. Students will learn how to: Create an Active Directory-integrated zone and configure the replication scope. Convert a primary zone to an Active Directory-integrated zone. Configuring Server 2008 Network Infrastructure Objectives 202. Configure DNS zones. o Active Directory integration 204. Configure DNS replication. o Active Directory Integrated replication scopes Lecture Focus Questions: What are some of the benefits of Active Directory-integrated (AD-I) zones? How is zone data for Active Directory-integrated zones replicated? Under which circumstances could you disable zone transfers for an AD-I zone? When would you need to continue using DNS zone transfers? How do AD-I zones integrate with other zone types such as primary or secondary? What are the four replication scopes of an AD-I zone? Video/Demo 4.4.1 DNS Integration with AD 8:06 4.4.2 Managing Active Directory-integrated Zones 10:31 Total 18:37 Lab/Activity Create an Active Directory-integrated Zone Convert a Zone 37
Number of Exam Questions 10 questions Total About 40 minutes 38
Section 4.5: Resource Records This section provides information about creating and managing resource records. Students will learn how to: Create common resource records. Adding or deleting a DNS record. Configuring Server 2008 Network Infrastructure Objectives 203. Configure DNS records. Lecture Focus Questions: What is the advantage to using DDNS to manage records? What record type would you use to add alternate names for a DNS host? What records are used to identify and locate domain controllers? What happens if you create A and PTR records together if the reverse lookup zone doesn't exist? What happens when you create a CNAME record with a blank name? Video/Demo 4.5.1 Creating Resource Records 8:03 Lab/Activity Create a Zone and Add Records Create A and CNAME Records Troubleshoot Name Resolution 1 Troubleshoot Name Resolution 2 Number of Exam Questions 11 questions Total About 40 minutes 39
Section 4.6: Client Configuration In this section students will learn how to configure DNS client settings. Students will learn how to: Configure a connection-specific suffix using advanced TCP/IP properties. Specify a suffix search order. Manage DNS client registration. Configuring Server 2008 Network Infrastructure Objectives 205. Configure name resolution for client computers. o Suffix search order Lecture Focus Questions: What is the purpose of listing multiple DNS IP addresses on the client? What are the differences between a primary suffix and a connectionspecific suffix? What is a parent suffix? How are they used during name resolution? How do custom search suffixes differ from the default suffix search order? Video/Demo 4.6.1 DNS Client Settings 4:33 Lab/Activity Configure DNS Server Addresses Configure Search Suffixes 1 Configure Search Suffixes 2 Configure DNS Client Registration Configure DNS Group Policy Settings Number of Exam Questions 4 questions Total About 35 minutes 40
Section 4.7: Dynamic DNS This section covers using Dynamic DNS to automatically update DNS records. Settings on the following components are used to configure Dynamic DNS: Client DHCP server DNS server Students will learn how to: Enable dynamic updates on a DNS zone. Configure DHCP server settings to support dynamic updates. Configuring Server 2008 Network Infrastructure Objectives 202. Configure DNS zones. o Secure DDNS 203. Configure DNS records. Lecture Focus Questions: What is the relationship between DNS and DHCP when using dynamic updates? What are the DDNS settings you can configure on the DHCP server? Which operating systems support dynamic updates? What are the restrictions on record creation when using secure dynamic updates? Which zone types support secure dynamic updates? How can DHCP be used to help the dynamic update process? Lab/Activity Enable Dynamic DNS Updates Troubleshoot Dynamic DNS 1 Troubleshoot Dynamic DNS 2 Troubleshoot Dynamic DNS 3 41
Number of Exam Questions 4 questions Total About 25 minutes 42
Section 4.8: Stub Zones and Forwarding This section discusses using stub zones and forwarding to resolve queries. Methods to control the server s use of forwarders include: Secondary zone Stub zone Conditional forwarder Students will learn how to: Create a stub zone. Configure forwarders and conditional forwarding. Configuring Server 2008 Network Infrastructure Objectives 201. Configure a Domain Name System (DNS) server. o Conditional forwarding 204. Configure DNS replication. o DNS secondary zones o DNS stub zones o Active Directory Integrated replication scopes o Securing zone traffic Lecture Focus Questions: How does conditional forwarding differ from standard forwarding? How does a stub zone differ from a secondary zone? How do conditional forwarders differ from stub zones? What records are copied to the zone when you create a stub zone? Why isn't a stub zone authoritative for the zone? Video/Demo 4.8.1 Stub Zones and Conditional Forwarding 10:05 4.8.2 Configuring Forwarding and Stub Zones 11:16 Total 21:21 43
Lab/Activity Configure a Stub Zone Configure Conditional Forwarding Number of Exam Questions 4 questions Total About 35 minutes 44
Section 4.9: Root Hints and Root Zone This section provides an overview of root hints and the root zone. Students will learn how to: Configure or delete a root zone. Configure other DNS servers to point to your server via root hints. Configuring Server 2008 Network Infrastructure Objectives 201. Configure a Domain Name System (DNS) server. o Root hints Lecture Focus Questions: Why would you want to create a zone named. (dot)? What is the purpose of the root hints file? Why would you delete the root hints? What is the name and location(s) of the root hints file on a Windows 2008 server? Video/Demo 4.9.1 Root Hints 4:26 Lab/Activity Configure Root Hints Create a Root Zone Number of Exam Questions 5 questions Total About 20 minutes 45
Section 4.10: Zone Delegation This section explores using zone delegation to divide DNS namespace into separate zones. Students will learn how to: Manage zones through delegation. Configuring Server 2008 Network Infrastructure Objectives 202. Configure DNS zones. o Zone delegation Lecture Focus Questions: Why might you decide to use zone delegation? What does a delegation identify? What records are created when you delegate a domain? Video/Demo 4.10.1 DNS Zone Delegation 5:12 4.10.2 Delegating a Domain 5:21 Total 10:33 Lab/Activity Delegate Domains Create a Delegated Zone Number of Exam Questions 1 question Total About 20 minutes 46
Section 4.11: DNS Features This section discusses the following DNS features: Aging and Scavenging Methods for performing load balancing through DNS: o DNS Round Robin o Netmask Ordering o Record Weighting o Network Load Balancing (NLB) Windows Server 2008 R2 command-line tools Students will learn how to: Configure DNS Round Robin. Manage DNS from the command line. Configuring Server 2008 Network Infrastructure Objectives 202. Configure DNS zones. o Zone scavenging 204. Configure DNS replication. o Round robin Lecture Focus Questions: How do stale records affect DNS server performance? How does the no-refresh interval affect scavenging? When is a DNS record considered stale? What is the difference between DNS Round Robin and Network Load Balancing? How does convergence make NLB a dynamic solution? Video/Demo 4.11.1 DNS Refresh and Scavenging 2:58 4.11.3 DNS Round Robin 3:23 4.11.6 DNS Command-line Tools 12:21 Total 18:42 47
Lab/Activity Configure DNS Round Robin Number of Exam Questions 9 questions Total About 35 minutes 48
Section 4.12: New DNS Features This section discusses new features for Windows Server 2008 and Windows 2008 R2: Link-Local Multicast Name Resolution (LLMNR) Background zone loading IPv6 DNS Support Read-only Domain Controller (RODC) GlobalNames Zone Global Query block List Conditional Forwarding Domain controller search DNSSEC Devolution Cache Locking Socket Pool Auditing Students will learn how to: Configure DNS Devolution. Configure DNS Cache Locking. Configure DNS Socket Pools. Configuring Server 2008 Network Infrastructure Objectives 201. Configure a Domain Name System (DNS) server. o Conditional forwarding o Socket pooling o Cache locking 202. Configure DNS zones. o GlobalNames o DNS Security Extensions (DNSSEC) 205. Configure name resolution for client computers. o Link-Local Multicast Name Resolution (LLMNR) o DNS devolution 49
Lecture Focus Questions: How does background loading have a positive effect on name resolution? How can you ensure that a DNS response is from a valid server? How does DNS Devolution simplify name resolution? How can you defend against cache poisoning attacks? What is the effect of enabling cache locking on Dynamic DNS? What advantage is to be gained by using a larger DNS socket pool? Video/Demo 4.12.1 New 2008 DNS Features 4:11 4.12.2 DNS Devolution 3:46 4.12.3 Configuring DNS Devolution 4:16 4.12.4 Cache Locking and Socket Pools 3:06 4.12.5 Configuring DNS Cache Locking 5:47 4.12.6 Configuring Socket Pool 3:12 4.12.7 DNS Security (DNSSec) 4:36 Total 28:54 Number of Exam Questions 10 questions Total About 45 minutes 50
Section 4.13: Single-label Name Resolution In this section students will learn how to configure a GlobalNames zone. Details include: Strategies to provide single-label name resolution: o GlobalNames zone o Link-Local Multicast Name Resolution (LLMNR) o HOSTS file Managing the GlobalNames zone Students will learn how to: Enable GlobalNames zone support. Create a GlobalNames zone and add CNAME records to support singlelabel name resolution. Configuring Server 2008 Network Infrastructure Objectives 202. Configure DNS zones. o GlobalNames 205. Configure name resolution for client computers o Configuring HOSTS file o Link-Local Multicast Name Resolution (LLMNR) Lecture Focus Questions: When would you use the GlobalNames zone? What type of records do you create in the GlobalNames zone? How can you extend the GlobalNames zone across multiple forests? Which strategies can you use to provide single-label name resolution for IPv6 hosts? When will a Windows client use LLMNR? What limitations does relying on LLMNR have? Video/Demo 4.13.1 GlobalNames Zones and LLMNR 2:06 4.13.2 Configuring the GlobalNames Zone 8:50 Total 10:56 51
Lab/Activity Configure a GlobalNames Zone Number of Exam Questions 8 questions Total About 25 minutes 52
Section 4.14: DNS Design In this section students will learn the strategies and goals for designing DNS namespace. They will also learn a variety of configuration options to use and security considerations when designing a DNS solution. Details include: The goals of Namespace design: o Allow internal users to access internal resources. o Allow external users to access external resources. o Allow internal users to access external public resources. o Prevent external users from accessing internal resources. Methods to accomplish these goals: o Same internal and external domain name o Different internal and external domain names o External domain name with an internal subdomain DNS configuration options: o Primary zone o Secondary zone o Reverse lookup zone o Active Directory-integrated zone o Caching-only server o Zone delegation o Forwarders o Conditional forwarding o Stub zone o Root zone o Root hints o Dynamic DNS o WINS-integrated zone o GlobalNames zone o Link-Local Multicast Name Resolution (LLMNR) o HOSTS file Goals for designing security for DNS Methods to improve DNS security Configuring Server 2008 Network Infrastructure Objectives 201. Configure a Domain Name System (DNS) server. o Conditional forwarding o Root hints o Cache-only 202. Configure DNS zones. o Zone types 53
o Active Directory integration o Dynamic Domain Name System (DDNS) o GlobalNames o Zone delegation o Reverse lookup zones 204. Configure DNS replication. o DNS stub zones o Securing zone transfer 205. Configure name resolution for client computers o Link-Local Multicast Name Resolution (LLMNR) Lecture Focus Questions: When using internal and external DNS, what are the three possible scenarios for the DNS namespace? What are the advantages and disadvantages of each of the three methods? What are the goals of any split namespace design? When should you use conditional forwarding instead of a standard forward? When should you use a WINS server instead of configuring a GlobalNames zone? How do Active Directory-integrated zones improve security and fault tolerance of DNS data? What type of zones should you use on DNS servers exposed to the public network? Video/Demo 4.14.1 DNS Namespace Design 7:40 Number of Exam Questions 2 questions Total About 20 minutes 54
Section 5.1: Routing In this section students will become familiar with routing concepts and the commands to manage routing table entries. Details include: NPAS includes the following role services: o Network Policy Server (NPS) o Remote Access Service o Routing o Health Registration Authority (HRA) o Host Credential Authorization Protocol (HCAP) Routing terminology: o Router o Static Route o Route metric o Default route o Persistent route Commands to manage routing table entries Multicast routing details Students will learn how to: Install the RRAS components of the Network Policy and Access services. Add and modify IPv4 and IPv6 routes through the command line or GUI. Configuring Server 2008 Network Infrastructure Objectives 103. Configure Routing. o Static routing o Choosing a default gateway Lecture Focus Questions: Which role do you install on a Windows Server 2008 server to get the routing component? What is the purpose of a default route? Under what circumstances can you most effectively use static routes? What is the route add switch that allows you to make a route permanent? What routes are automatically added to the routing table when routing is enabled? 55
Video/Demo 5.1.2 Routing Concepts 10:27 5.1.3 Installing Routing and Remote Access 2:07 5.1.4 Configuring Static Routes 13:52 Total 26:26 Lab/Activity Enable LAN Routing Add Static Routes Number of Exam Questions 10 questions Total About 50 minutes 56
Section 5.2: RIP This section provides an overview of RIP dynamic routing protocols. Details include: Key features of RIP that can be configured: o Packet protocol o Authentication o Route Filters o Neighbors o rs o Clean-up updates o VLSM support Students will learn how to: Configure RIP by adding the RIP protocol and adding interfaces to run RIP. Configure RIP sending and receiving protocols, filters, and neighbor lists. Configuring Server 2008 Network Infrastructure Objectives 103. Configure Routing. o Routing Internet protocol (RIP) o Maintaining a routing table Lecture Focus Questions: What is the difference between static and dynamic routing? What routing protocols does Windows Server 2008 support? What is the difference between RIP version 2 and RIP? Why has RIP version 2 become the standard? What is Silent RIP and how does it affect learning and sharing routes? What affect does configuring neighbors have on RIP broadcasts and multicasts? What is route summarization? 57
Video/Demo 5.2.1 Dynamic Routing 4:20 5.2.2 Configuring RIP 3:16 Total 7:36 Lab/Activity Configure RIP Routing Number of Exam Questions 9 questions Total About 25 minutes 58
Section 5.3: Demand-dial Routing This section discusses the processes to establish demand-dial routing to connect two networks through a link that is available on demand. Details include: The process to establish a demand-dial link Details about using demand-dial connections Features of demand-dial routing: o Demand-dial filters o Packet filters o Auto-static routing Configuring and enabling demand-dial routing Students will learn how to: Use the Routing and Remote Access wizard to configure demand-dial routing. Configure auto-static routing for RIP. Configuring Server 2008 Network Infrastructure Objectives 103. Configure Routing. o Demand-dial routing 301 Configure remote access. o Packet filters Lecture Focus Questions: How is a demand-dial link established? What is the difference between dial-in and dial-out credentials? How do demand-dial filters differ from packet filters? Which filter type would you configure to prevent a specific traffic type from using a demand-dial link? Why is auto-static routing important when using demand-dial routing? 59
Video/Demo 5.3.1 Demand-dial Routing 4:17 5.3.2 Configuring Demand-dial Routing 6:59 Total 11:16 Lab/Activity Configure Demand Dial Routing Configure Auto-static Routing Number of Exam Questions 5 questions Total About 30 minutes 60
Section 5.4: ICS and NAT In this section students will learn the basics of using Internet Connection Sharing (ICS) and Network Address Translation (NAT) to share an Internet connection with an internal private network. NAT allows you to connect a private network to the Internet without obtaining registered addresses for every host. Configuring NAT Students will learn how to: Configure a server as a NAT router. Configure a NAT router to provide DHCP and DNS proxy services. Configure address and port mappings in NAT. Configuring Server 2008 Network Infrastructure Objectives 301. Configure remote access. o Network Address Translation (NAT) Lecture Focus Questions: What does a NAT router do? What are the address ranges you can use when you deploy NAT? How can NAT provide security for a private network? What changes take place automatically to the TCP/IP settings when you enable ICS on an interface? What are the limitations of using ICS over NAT? When would ICS be a good choice? When must you use NAT instead of ICS? Video/Demo 5.4.1 ICS and NAT 6:18 5.4.2 Configuring NAT 6:26 Total 12:44 61
Lab/Activity Configure NAT Number of Exam Questions 3 questions Total About 25 minutes 62
Section 6.1: Remote Access Concepts Students will learn concepts of the Remote Access process. Details include: Remote access connections o Point-to-point (PPP) for a dial-up connection o Virtual Private Network (VPN) use a tunneling protocol that wraps and protect packets in transit o VPN protocols supported by Windows Server 2008 and Vista Point-to-Point Tunneling Protocol (PPTP) Layer Two Tunneling Protocol (L2TP) Secure Socket Tunneling Protocol (SSTP) Authentication protocols: o Password Authentication Protocol (PAP) o Challenge Handshake Authentication Protocol (CHAP) o Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) o Extensible Authentication Protocol-Transport Layer Security (EAP- TLS) The role of remote access authorization Remote access is allowed or denied based on components of network policies: o Conditions o Constraints o Permissions o Settings Configuring Server 2008 Network Infrastructure Objectives 301. Configure remote access. o Remote Access Policy o VPN protocols such as Secure Socket Tunneling Protocol (SSTP) and IKEv2 o RAS authentication by using MS-CHAP, MS-CHAPv2, EAP Lecture Focus Questions: Which VPN protocols does Windows Server 2008 support? Which authentication protocols support smart card use? What makes CHAP vulnerable to security breaches? What is the difference between authorization and authentication? What is the server's response to a connection that doesn't match the conditions for a policy? 63