Lesson Plans LabSim for Microsoft’s Planning a 2003 Network Infrastructure (Exam 70-293) Table of Contents Course Overview .................................................................................................. 2 Section 0.1: Introduction ....................................................................................... 4 Section 1.1: Remote Management........................................................................ 5 Section 1.2: Network Monitor ................................................................................ 7 Section 1.3: Performance ..................................................................................... 8 Section 2.1: DNS Concepts .................................................................................. 9 Section 2.2: Namespace Design ......................................................................... 10 Section 2.3: Controlling Name Resolution .......................................................... 11 Section 2.4: DNS Performance ........................................................................... 13 Section 2.5: DNS Security .................................................................................. 15 Section 2.6: Troubleshooting DNS ...................................................................... 17 Section 3.1: Configuring WINS ........................................................................... 18 Section 3.2: Managing WINS .............................................................................. 19 Section 3.3: Integrating WINS and DNS ............................................................. 21 Section 4.1: TCP/IP Configuration ...................................................................... 22 Section 4.2: Network Components...................................................................... 24 Section 4.3: Optimizing DHCP ............................................................................ 25 Section 4.4: Troubleshooting TCP/IP .................................................................. 27 Section 5.1: Routing............................................................................................ 28 Section 5.2: Remote Access ............................................................................... 30 Section 5.3: Wireless Networking ....................................................................... 32 Section 6.1: Internet Connectivity ....................................................................... 33 Section 6.2: Network Address Translation (NAT)................................................ 34 Section 6.3: Firewalls .......................................................................................... 36 Section 7.1: Security Planning and Monitoring ................................................... 37 Section 7.2: Group Policy ................................................................................... 39 Section 7.3: Templates and Baselines ................................................................ 40 Section 7.4: Encryption ....................................................................................... 42 Section 7.5: Authentication and Communication ................................................ 43 Section 7.6: Software Security ............................................................................ 45 Section 8.1: PKI Concepts .................................................................................. 46 Section 8.2: Configuring Certificate Services ...................................................... 47 Section 8.3: Managing Certificates ..................................................................... 49 Section 8.4: Smart Cards .................................................................................... 51 Section 9.1: Load Balancing ............................................................................... 52 Section 9.2: Clustering ........................................................................................ 54 Section 9.3: Backup and Recovery ..................................................................... 55 Section 9.4: Distributed File System ................................................................... 57 Practice Exams ................................................................................................... 58 Appendix A: Approximate Time for the Course ................................................... 59 ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 1 Course Overview Introduction The introduction covers the different versions of Windows Server 2003. Each version is constructed to meet specific networking requirements. Students learn the capabilities of each version, and how each version can be deployed. 0.0 Introduction This module covers different server management practices. Students learn how to perform remote management tasks and monitor server and network performance. 1.0 Server Management This module covers different server management practices. Students learn how to perform remote management tasks and monitor server and network performance. 2.0 DNS Name Resolution This module covers DNS name resolution. Students learn about every facet of DNS from name resolution to DNS integration with Active Directory. Students also learn how to configure and control name resolution in a network environment. 3.0 NetBIOS Name Resolution This module covers NetBIOS name resolution. Though a legacy deployment, many networks and applications require NetBIOS to function properly. Students learn when and how to deploy NetBIOS name resolution. 4.0 Network Addressing and Protocols This module covers network addressing and network protocols. Students learn about TCP/IP and address assignment through DHCP. They also learn practices to help optimize DHCP performance. 5.0 Routing and Remote Access This module covers routing and remote access. Students learn how to choose and deploy a routing solution and configure remote access. This module also introduces students to wireless networking. 6.0 Internet Connectivity This module covers Internet connectivity. Students learn the different methods for establishing network connections to the Internet. This module also introduces students to basic security practices, like firewall deployment. ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 2 7.0 Security This module covers security. Students will learn how to create a security plan, implement security through Group Policy and security templates, use encryption, establish secure network authentication, and secure software. 8.0 Public Key Infrastructure (PKI) This module introduces students to PKI (Public Key Infrastructure). Students learn about the components of PKI, how to use PKI in a network environment, and smart card deployment. 9.0 Availability This module covers network availability. Students learn how to use features and tools designed to accomplish network and data fault tolerance and redundancy. Practice Exams In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 3 Section 0.1: Introduction Summary Make a chart similar to the one in the video. Prepare to discuss the advantages, disadvantages, and best uses for each Server 2003 version. Students will learn how to: Configure capture and display filters using Netmon. Enable Dedicated Capture Mode. Increase Netmon buffers and reduce frame size in a capture. Planning a 2003 Network Infrastructure Objectives 204. Plan network traffic monitoring. Tools might include Network Monitor and System Monitor. Lecture Focus Questions: How do the various 2003 server editions differ from each other? What are the domain and forest functional levels? How can Network Monitor help you analyze network traffic? When would you use Network Monitor? Video/Demo Time 0.1.1 Course Introduction 5:54 0.1.2 2003 Server Versions 7:07 Total 13:01 Number of Exam Questions 2 questions Total Time About 15 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 4 Section 1.1: Remote Management Summary Make sure you understand the differences between out-of-band and in-band management tools to explain to the class. If possible, set up a terminal services client and server. Run a session during the class to show how terminal services functions. Students will learn how to: Enable and configure a server and client to use Remote Desktop. Troubleshoot Remote Desktop connections. Planning a 2003 Network Infrastructure Objectives 302. Plan security for remote access users. o Plan remote access policies. o Plan authentication methods for remote access clients. Lecture Focus Questions: What is the difference between an in-band and out-of-band remote management tool? How do you configure EMS? What are some in-band remote management tools? What group membership and user rights must a user have to use Remote Desktop? What are three ways to submit a Remote Assistance request? Video/Demo Time 1.1.1 Emergency Management Services (EMS) 5:39 1.1.3 Terminal Services 9:10 Total 14:49 Lab/Activity Enable Remote Desktop ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 5 Number of Exam Questions 7 questions Total Time About 30 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 6 Section 1.2: Network Monitor Summary If possible, install Network Monitor on a machine. Show students captured data, and explain how to interpret the data. Students will learn how to: Use Network Monitor to troubleshoot network issues. Planning a 2003 Network Infrastructure Objectives 204. Plan network traffic monitoring. Tools might include Network Monitor and System Monitor. Lecture Focus Questions: What are the differences between the two versions of Network Monitor? What is promiscuous mode? What do capture and display filters do? Why would you implement Dedicated Capture Mode? When would you use a trigger? Video/Demo Time 1.2.1 Network Monitor 7:48 1.2.2 Using Network Monitor 6:48 Total 14:36 Number of Exam Questions 2 questions Total Time About 20 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 7 Section 1.3: Performance Summary Use the chart in the lesson and video to create some performance scenarios. Using the information on the chart, help the students diagnose and suggest corrective actions for the problems in the scenarios. If possible, open the Performance Console and create a log to monitor performance. Show the students real-Total Time and logged data. Students will learn how to: Use System Monitor to track real-time performance of your server. Use Counter Logs to track performance of your server over time. Use Alerts to alert administrators on server performance based on preset thresholds. Planning a 2003 Network Infrastructure Objectives 402. Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks. o Identify system bottlenecks by using System Monitor. Lecture Focus Questions: What is the difference between an Object and a Counter? What conditions indicate a processor bottleneck? What action would you take to correct the situation where the pagefile counter was over 70%? Video/Demo 1.3.1 Performance Console Time 8:04 Number of Exam Questions 9 questions Total Time About 20 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 8 Section 2.1: DNS Concepts Summary DNS is a difficult concept for students to grasp. Make sure you know the material in the section very well before your class. Planning a 2003 Network Infrastructure Objectives 207. Plan a host name resolution strategy. o Plan zone replication requirements. o Plan a forwarding configuration. Lecture Focus Questions: What are the steps in the DNS name resolution process? How does a zone differ from a domain? What are the advantages of Active Directory-integrated zones? Why would you choose to use a stub zone or conditional forwarding? Video/Demo 2.1.1 DNS Concepts Time 8:39 2.1.2 DNS Name Resolution 16:09 2.1.4 Active Directory-integrated Zones 12:33 2.1.5 Stub Zones and Conditional Forwarding 12:54 2.1.6 Dynamic DNS Total 9:58 60:13 Total Time About 65 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 9 Section 2.2: Namespace Design Summary This section discusses namespace design strategies. Students will learn how to: Design a DNS namespace to meet design requirements. Planning a 2003 Network Infrastructure Objectives 207. Plan a host name resolution strategy. o Plan a DNS namespace design. Lecture Focus Questions: When using internal and external DNS, what are three possible scenarios for the DNS namespace? What are the advantages and disadvantages of each of the three methods? What are the four goals of any split namespace design? Video/Demo 2.2.1 Namespace Design Time 11:06 Total Time About 15 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 10 Section 2.3: Controlling Name Resolution Summary Make a copy of the Cache.dns file to discuss during class. Understand and explain the function of the root hint servers. Students will learn how to: Implement forwarding solutions, including conditional forwarding. Create a root zone. Configure custom root hints. Planning a 2003 Network Infrastructure Objectives 207. Plan a host name resolution strategy. o Plan a forwarding configuration. Lecture Focus Questions: What configuration options do you have to control and manage name resolution? How does conditional forwarding differ from standard forwarding? How do conditional forwarders differ from stub zones? What is the purpose of the root hints file? What is the name and location(s) of the root hints file on a Windows 2003 server? When might you want to create a root zone? Video/Demo Time 2.3.2 Root Hints 8:26 2.3.3 Managing Root Zones and Hints 3:22 2.3.6 Configuring Forwarding 2:30 Total ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 14:18 11 Lab/Activity Configure Root Hints Create a Root Zone Configure a Server to Use Forwarders Configure Conditional Forwarding Number of Exam Questions 8 questions Total Time About 45 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 12 Section 2.4: DNS Performance Summary Create some scenarios that allow students to suggest methods for improving DNS performance. Be sure to discuss the tradeoffs among reliability, price, performance, and security. Students will learn how to: Create a secondary zone. Create an Active Directory-integrated zone. Configure a caching only server. Create a stub zone. Planning a 2003 Network Infrastructure Objectives 207. Plan a host name resolution strategy. o Plan zone replication requirements. o Plan a forwarding configuration. Lecture Focus Questions: How can using secondary servers increase performance? How does an Active Directory-integrated zone improve performance? What are the key configuration characteristics of a caching-only server? When would you choose a stub zone over a caching-only server or a secondary server? Video/Demo 2.4.2 Zones and Zone Transfer Time 13:50 2.4.3 Creating Secondary Zones 5:37 2.4.5 Managing Active Directory-integrated Zones 3:16 2.4.7 Configuring a Caching Only Server 1:41 2.4.9 Configuring a Stub Zone 2:10 Total ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 26:34 13 Lab/Activity Install DNS and Create a Secondary Zone Convert a Zone to Active Directory-integrated Configure a Caching Only Server Configure a Stub Zone Number of Exam Questions 6 questions Total Time About 55 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 14 Section 2.5: DNS Security Summary Create some scenarios in which DNS data is at risk. Allow the students to explore alternatives for correcting the potential risks. Students will learn how to: Enable secure dynamic updates. Limit zone transfers to listed or name servers. Disable zone transfer on an Active Directory-integrated zone Planning a 2003 Network Infrastructure Objectives 207. Plan a host name resolution strategy. o Plan for DNS security. Lecture Focus Questions: How can you secure the dynamic DNS update process? How can you disable zone transfers but still maintain zone data replication on multiple servers? What type of zone automatically secures zone transfers? How can you secure zone transfers between primary and secondary servers? Video/Demo 2.5.3 Configuring Zone Transfers Time 5:08 Lab/Activity Create an Active Directory-integrated Zone Enable Zone Transfer to Name Servers Enable Zone Transfer to Listed Servers Disable Zone Transfer ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 15 Number of Exam Questions 4 questions Total Time About 30 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 16 Section 2.6: Troubleshooting DNS Summary Create some scenarios that illustrate DNS problems. Allow the students to determine the tools and methods most appropriate for dealing with the problems. Students will learn how to: Monitor DNS traffic. Use Nslookup, Dnscmd, and DNSLint to gather information about DNS problems. Use Ipconfig options to resolve DNS troubleshooting problems. Planning a 2003 Network Infrastructure Objectives 207. Plan a host name resolution strategy. o Examine the interoperability of DNS with third-party DNS solutions. 209. Troubleshoot host name resolution. o Diagnose and resolve issues related to DNS services. Lecture Focus Questions: What are some of the troubleshooting tools available for DNS? How does using Ipconfig /registerdns differ from restarting the Netlogon service? How does Nslookup differ from Dnscmd? How can you tell the difference between an IP address problem and a name resolution problem? What versions of BIND support key features required by Active Directory? Video/Demo Time 2.6.1 Troubleshooting DNS 6:56 2.6.2 Monitoring DNS 3:31 Total 10:27 Number of Exam Questions 14 questions Total Time About 30 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 17 Section 3.1: Configuring WINS Summary Create some scenarios in which WINS in necessary to the success of the network deployment. Have the students decide which types of WINS solutions work most effectively. Students will learn how to: Install and configure a WINS server. Configure client computers to use a WINS server. Planning a 2003 Network Infrastructure Objectives 208. Plan a NetBIOS name resolution strategy. Lecture Focus Questions: What is the purpose of WINS? How do clients register with WINS? How is WINS different from DNS? Video/Demo 3.1.1 WINS Concepts Time 10:52 3.1.2 Installing and Configuring WINS 2:12 3.1.4 Configuring WINS Clients 4:11 Total 17:15 Lab/Activity Install WINS Disable NetBIOS over TCP/IP Number of Exam Questions 5 questions Total Time About 35 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 18 Section 3.2: Managing WINS Summary Create some scenarios in which students have to design a WINS replication strategy. Students will learn how to: Configure WINS servers as Push and/or Pull replication partners. Create static WINS records. Planning a 2003 Network Infrastructure Objectives 208. Plan a NetBIOS name resolution strategy. o Plan a WINS replication strategy. Lecture Focus Questions: What is the purpose of WINS replication? Why can't two servers, each configured as Pull partners, replicate WINS data with each other? What is tombstoning? When might you need to create static WINS records? Video/Demo Time 3.2.1 WINS Management 6:56 3.2.2 Managing the WINS Server 4:28 3.2.3 Configuring WINS Replication 6:52 3.2.6 Managing WINS Records 7:13 Total 25:29 Lab/Activity Configure WINS Replication Troubleshoot WINS Replication Create a Static Record ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 19 Number of Exam Questions 10 questions Total Time About 55 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 20 Section 3.3: Integrating WINS and DNS Summary Create some scenarios that both require and don’t require WINS and DNS integration. Have the students decide when it’s appropriate to integrate WINS and DNS. Students will learn how to: Configure a WINS-integrated zone in DNS. Planning a 2003 Network Infrastructure Objectives 208. Plan a NetBIOS name resolution strategy. Lecture Focus Questions: How can a DNS server search the WINS database? When is it appropriate to create a WINS-integrated zone? What DNS record type is created when you configure a WINS-integrated zone? Why might you not replicate WINS data in a DNS zone? Video/Demo 3.3.1 Configuring a WINS-integrated Zone Time 3:09 Lab/Activity Create a WINS-integrated Zone Total Time About 10 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 21 Section 4.1: TCP/IP Configuration Summary Subnetting is a difficult concept for student to grasp. Create several addresses for which students must find the subnet masks. Have students (if possible) convert decimal numbers to binary and vice versa. Students will learn how to: Given a network address and the desired number of hosts and subnets, select the appropriate subnet mask to minimize IP address waste. Configure basic TCP/IP settings on a server or client. Planning a 2003 Network Infrastructure Objectives 201. Plan a TCP/IP network infrastructure strategy. Create an IP subnet scheme. Lecture Focus Questions: What is the purpose of a subnet mask? How can we divide networks into subnetworks using subnet masks? How can we merge subnetworks into larger, super networks? Video/Demo 4.1.1 Subnetting 4.1.3 Configuring IP Settings Total Time 24:02 2:19 26:21 Lab/Activity Choose IP Settings 1 Choose IP Settings 2 Choose IP Settings 3 ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 22 Number of Exam Questions 4 questions Total Time About 50 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 23 Section 4.2: Network Components Summary This section covers different network protocols. Create scenarios that require different protocols (integrate a Netware server into the network, for example). Allow the students to decide which protocols work most effectively. Students will learn how to: Install and uninstall networking components. Disable unneeded networking components. Planning a 2003 Network Infrastructure Objectives 205. Plan and modify a network topology. o Identify network protocols to be used. Lecture Focus Questions: What is the difference between protocols that have been installed and bound? What is the difference between a protocol, service, and client component? When can you safely disable NetBIOS over TCP/IP? Video/Demo 4.2.1 Configuring Protocols Time 6:48 Lab/Activity Remove the NetWare Client Disable Network Components Number of Exam Questions 1 question Total Time About 20 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 24 Section 4.3: Optimizing DHCP Summary Create scenarios that allow the students to suggest and discuss different DHCP design options, including implementing split scopes and relay agents. Students will learn how to: Configure split scopes for multiple DHCP servers on the same subnet. Configure split scopes for DHCP servers on different subnets servicing a single scope. Deploy DHCP Relay with split scopes for full fault-tolerance. Planning a 2003 Network Infrastructure Objectives 201. Plan a TCP/IP network infrastructure strategy. o Analyze IP addressing requirements. 206. Troubleshoot TCP/IP addressing. o Diagnose and resolve issues related to DHCP server address assignment. 401. Plan services for high availability. Lecture Focus Questions: What are three ways you can provide DHCP redundancy and fault tolerance? What is the single-most effective way to increase DHCP server performance? When should you use the 50/50 rule over the 80/20 rule for scope configuration? ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 25 Video/Demo Time 4.3.1 DHCP Concepts 5:06 4.3.2 DHCP Fault Tolerance 6:44 4.3.3 Configuring a Split Scope 6:40 Total 18:30 Lab/Activity Add a DHCP Server on Another Subnet Add a DHCP Server to a Subnet Design a DHCP Strategy 1 Design a DHCP Strategy 2 Number of Exam Questions 7 questions Total Time About 50 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 26 Section 4.4: Troubleshooting TCP/IP Summary If possible, prepare several machines to allow you to demonstrate the troubleshooting commands. Use the commands to isolate problems on each of the individual machines. Students will learn how to: Use the following tools to troubleshoot connectivity: Ping, Tracert, Pathping, Ipconfig. Planning a 2003 Network Infrastructure Objectives 206. Troubleshoot TCP/IP addressing. o Diagnose and resolve issues related to client computer configuration. o Diagnose and resolve issues related to DHCP server address assignment. Lecture Focus Questions: What are some TCP/IP troubleshooting tools available for your use? What is the difference between Tracert, Ping, and Pathping? What protocol do most of these tools use? Video/Demo 4.4.1 TCP/IP Troubleshooting Time 7:25 Lab/Activity Troubleshoot TCP/IP 1 Troubleshoot TCP/IP 2 Troubleshoot TCP/IP 3 Troubleshoot TCP/IP 4 Number of Exam Questions 2 questions Total Time About 30 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 27 Section 5.1: Routing Summary Create scenarios that allow students to explore different routing solutions. Students will learn how to: Select the appropriate routing solution for a given scenario. Implement RIP and OSPF. Configure multicast routing. Planning a 2003 Network Infrastructure Objectives 201. Plan a TCP/IP network infrastructure strategy. o Plan an IP routing solution. 301. Plan a routing strategy. o Identify routing protocols to use in a specified environment. o Plan routing for IP multicast traffic. Lecture Focus Questions: What is the purpose of routing? What is a routing table? What is the difference between static and dynamic routing? How do RIP and OSPF differ? Video/Demo Time 5.1.1 Dynamic Routing 4:57 5.1.2 Configuring RIP 7:18 Total 12:15 Lab/Activity Configure RIP Routing Configure a Routing Solution 1 Configure a Routing Solution 2 ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 28 Number of Exam Questions 10 questions Total Time About 40 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 29 Section 5.2: Remote Access Summary Create some remote access policies. Make them complex enough to have the students work through authentication and permissions problems for several different users and groups. Students will learn how to: Select the correct authentication protocol for a given scenario. Configure remote access policies with appropriate conditions, permissions, and profile settings. Configure RADIUS authentication on remote access servers and the IAS server. Planning a 2003 Network Infrastructure Objectives 302. Plan security for remote access users. o Plan remote access policies. o Analyze protocol security requirements. o Plan authentication methods for remote access clients. Lecture Focus Questions: What are the three steps in the remote access connection process? What is the purpose of authentication? What are six authentication protocols supported by Windows? How does authorization differ from authentication? What is the policy logic (in detail) for Remote Access Policies? Where are Remote Access Policies stored? How does IAS/RADIUS differ from a normal RRAS server? Why use it? What are the three A’s handled by the IAS server? When using IAS, where are remote access policies stored? ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 30 Video/Demo Time 5.2.1 Remote Access 8:37 5.2.2 Configuring a Remote Access Server 5:47 5.2.4 Remote Access Policies 11:55 5.2.6 Configuring a Remote Access Policy 2:48 5.2.9 Authentication Protocols 8:37 Total 37:44 Lab/Activity Configure a Remote Access Server Create a Remote Access Policy 1 Create a Remote Access Policy 2 Number of Exam Questions 11 questions Total Time About 70 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 31 Section 5.3: Wireless Networking Summary If possible, allow the students to connect to a wireless network. Discuss the different types of authentication and encryption available. Students will learn how to: Implement wireless authentication with WAPs, RADIUS, and IAS. Implement 802.1x certificate-based authentication. Implement WEP. Planning a 2003 Network Infrastructure Objectives 505. Plan security for wireless networks. o Plan security for data transmission. o Secure data transmission between client computers to meet security requirements. Lecture Focus Questions: What is the difference between ad hoc and infrastructure wireless networks? What two problems exist with wireless network security? How can you effectively secure your wireless network? Video/Demo 5.3.1 Wireless Networking Time 11:28 Number of Exam Questions 2 questions Total Time About 15 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 32 Section 6.1: Internet Connectivity Summary Create scenarios that require different types of Internet connectivity solutions. Have the students explore the different options to come up with the most effective deployments. Students will learn how to: Choose appropriate Internet connectivity solutions. Planning a 2003 Network Infrastructure Objectives 203. Plan an Internet connectivity strategy. Lecture Focus Questions: Why implement NAT instead of normal routing? When would you use ICS an alternative to NAT? What are the advantages of a proxy server? In what ways can you secure a connection to the Internet? What IP addresses should you use on your private network when connected to the Internet? Video/Demo 6.1.1 Internet Connectivity Time 12:01 Number of Exam Questions 3 questions Total Time About 15 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 33 Section 6.2: Network Address Translation (NAT) Summary Find examples of networks that use NAT. If possible, create a NAT server for the students to work with. Students will learn how to: Implement NAT with correct private and public interfaces. Implement address and port mapping with the public interface. Set up NAT as a DHCP allocator or DNS Proxy. Planning a 2003 Network Infrastructure Objectives 203. Plan an Internet connectivity strategy. Lecture Focus Questions: What is the purpose of NAT? How does NAT accomplish its goal? Why do you have to tell NAT what is the private interface vs. the public interface? What is address and port mapping? Video/Demo Time 6.2.1 Network Address Translation 7:53 6.2.2 Configuring NAT 3:33 6.2.5 Managing NAT 3:21 6.2.7 Allowing Web Services 6:04 Total 20:51 Lab/Activity Configure a NAT Router Add NAT to a Router Configure NAT for DHCP and DNS ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 34 Number of Exam Questions 5 questions Total Time About 40 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 35 Section 6.3: Firewalls Summary Create some scenarios in which certain networks offer only certain services. Have the students decide which ports must be opened and closed to provide the appropriate types of access. Students will learn how to: Implement TCP/IP Filtering, Internet Connection Firewall (ICF), and remote access packet filtering. Identify ports to open or block to design a firewall solution. Planning a 2003 Network Infrastructure Objectives 503. Plan for network protocol security. o Specify the required ports and protocols for specified services. Lecture Focus Questions: What is the purpose of a firewall? What are the basic methods we can use to block traffic? What are the three firewalls built into Windows 2003 and how do they differ? What are some common ports? Video/Demo Time 6.3.1 Firewalls and Proxies 6.3.2 Configuring Firewalls 14:31 r Total 5:22 20:51 Total Time About 25 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 36 Section 7.1: Security Planning and Monitoring Summary This section discusses planning and monitoring security. Details include: Audit policies in Group Policy that can be configured: o Account logon o Account management o Logon o Object access o Policy change o Privilege use o Process tracking o System events Considerations when configuring auditing Guidelines when considering security Students will learn how to: Delegate control over resources to another user or group. Implement auditing policies and analyze security logs. Planning a 2003 Network Infrastructure Objectives 603. Plan a framework for planning and implementing security. Lecture Focus Questions: What are the two basic goals of any security system? What is the principle of least privilege? What are some of the most important security considerations for computer systems? ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 37 Video/Demo Time 7.1.1 Security Goals 4:04 7.1.2 Delegating Administrative Control 4:48 Total 9:52 Number of Exam Questions 2 questions Total Time About 15 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 38 Section 7.2: Group Policy Summary If possible, create some group policies. Use these group policies for demonstrations during the lecture. Planning a 2003 Network Infrastructure Objectives 503. Plan for network protocol security. 504. Plan secure network administration methods. Lecture Focus Questions: What is the purpose of Group Policy? What basic things can you deploy using Group Policy? What is the default processing order of Group Policies? (hint: LSDOU) What are the six exceptions to LSDOU? What are some new features of Group Policy? What are the four ways to retrieve RSOP information? Video/Demo Time 7.2.1 Group Policy Review 6:44 7.2.2 Group Policy Features 6:19 Total 13:03 Number of Exam Questions 2 questions Total Time About 20 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 39 Section 7.3: Templates and Baselines Summary If possible, show the students the preconfigured templates, where they’re located, and how to deploy them. Run the MBSA and have your students analyze the data that it retrieves. Concepts covered in this section include: Predefined security templates provided by Windows: o Setup Security.inf o DC Security.inf o Secure*.inf o Hisec*.inf o Compatws.inf Tips when applying templates Security Analysis and Configuration Microsoft Baseline Security Analyzer (MBSA) Students will learn how to: Use Group Policy to deploy custom or built-in templates. Use the Security Configuration and Analysis tool or Secedit.exe to apply a template or compare a template against existing security on a single computer. Given a scenario, select the built-in template to provide the needed security. Use MBSA to analyze security vulnerabilities on local and remote computers. Planning a 2003 Network Infrastructure Objectives 101. Configure security for servers that are assigned specific roles. 102. Plan a secure baseline installation. o Plan a strategy to enforce system default security settings on new systems. o Identify client operating system default security settings. o Identify all server operating system default security settings. Lecture Focus Questions: What are the two purposes of security templates? What are the basic features of the built-in templates? What is the easiest way to deploy uniform security settings to a group of computers? What tools can be used to deploy templates to a single computer? ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 40 Video/Demo 7.3.1 Templates Time 11:38 7.3.2 Configuring Security Templates 5:11 7.3.5 Security Baseline 3:07 7.3.2 Microsoft Baseline Security Analyzer Total 13:25 33:21 Number of Exam Questions 11 questions Total Time About 50 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 41 Section 7.4: Encryption Summary Create some network scenarios that require encryption. Have the students determine which deployments are most effective. Students will learn how to: Use Group Policy to implement multiple DRAs. Lecture Focus Questions: What is the overall purpose of encryption? What is symmetric encryption and what major security problem comes with it? What is asymmetric encryption? How is secure transmission of data implemented using asymmetric encryption? How is a digital signature implemented using asymmetric encryption? How does EFS combine symmetric and asymmetric encryption? What is a DRA and how can you implement multiple DRAs? How can you disable EFS? Video/Demo 7.4.1 Encryption Basics 7.4.2 Encrypted File System 7.4.3 Managing Recovery Agents Total Time 9:45 10:23 4:22 24:30 Total Time About 25 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 42 Section 7.5: Authentication and Communication Summary Create scenarios in which different networks support different types of client machines. Have the students design authentication strategies for each of the scenarios. Students will learn how to: Enforce NTLM v2, SMB signing, and IPSec through Group Policy. Configure IPSec policies, such as to customize authentication with a preshared key or computer certificate. Utilize the IPSecmon admin tool to analyze IPSec traffic Planning a 2003 Network Infrastructure Objectives 501. Configure network protocol security. o Configure protocol security by using IPSec policies. 502. Configure security for data transmission. o Configure IPSec policy settings. 503. Plan for network protocol security. o Plan an IPSec policy for secure network communications. Lecture Focus Questions: What is the difference between Kerberos and NTLM? How can you enforce the use of Kerberos and NTLMv2 for maximum security? How does Kerberos and SMB signing contrast to IPSec? What are the three default IPSec policies and how do they interact? What is the easiest way to deploy uniform IPSec policies to a group of computers? ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 43 Video/Demo Time 7.5.1 Kerberos and NTLM 7:06 7.5.3 SMB and LDAP Signing 7:27 7.5.5 IPSec 7.5.7 Configuring Communication Policies 20:09 4:09 7.5.11 Configuring IPSec Policies 11:13 7.5.12 Monitoring IPSec 10:20 Total 60:24 Lab/Activity Enforce SMB Signing Troubleshoot SMB Signing Enforce NTLM v2 Number of Exam Questions 17 questions Total Time About 100 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 44 Section 7.6: Software Security Summary Create scenarios that require different types of software restrictions. Have the students decide which restriction options work best in different situations. Students will learn how to: Implement software restriction policies via Group Policy. Configure any of the four software restriction rules. Design a SUS infrastructure. Planning a 2003 Network Infrastructure Objectives 604. Plan a security update infrastructure. Tools might include Microsoft Baseline Security Analyzer and Microsoft Software Update Services. Lecture Focus Questions: What are the two basic methods used to restrict software installation? What are the four software restriction rules? What is the purpose of SUS? What are the two basic steps to set up SUS once it is installed? What does a client need to use SUS? Video/Demo Time 7.6.1 Software Restrictions 7:19 7.6.3 Software Update Services 3:12 7.6.4 SUS Design 8:52 Total 19:23 Number of Exam Questions 2 questions Total Time About 25 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 45 Section 8.1: PKI Concepts Summary Make a diagram similar to the diagram shown in the video. Have the students fill in the trust relationships. Open the trusted certificate list in an Internet browser. Discuss the contents of the list with the students. Planning a 2003 Network Infrastructure Objectives 602. Plan a public key infrastructure (PKI) that uses Certificate Services. o Identify the appropriate type of certificate authority to support certificate issuance requirements. o Plan the enrollment and distribution of certificates. Lecture Focus Questions: What is the purpose of a certificate? What kind of information is found on a certificate? What is the basic certificate lifecycle? Video/Demo Time 8.1.1 Software Restrictions 10:54 8.1.2 Certificate Authorities 7:48 Total 18:42 Total Time About 20 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 46 Section 8.2: Configuring Certificate Services Summary Design different scenarios for implementing certificate services. Have the students determine which type of CA is best for each of the scenarios. Students will learn how to: Install and configure an Enterprise or Standalone CA. Configure basic CA properties. Planning a 2003 Network Infrastructure Objectives 602. Plan a public key infrastructure (PKI) that uses Certificate Services. o Identify the appropriate type of certificate authority to support certificate issuance requirements. o Plan the enrollment and distribution of certificates. Lecture Focus Questions: What are the four types of CAs you can install with 2003 server? How does an Enterprise CA differ from a Standalone CA? What features come with Enterprise CAs? Video/Demo 8.2.1 Windows CAs Time 14:30 8.2.2 Installing a Certificate Authority 9:44 8.2.6 Managing the CA 5:51 Total 30:05 Lab/Activity Install a Root CA Install a Subordinate CA ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 47 Number of Exam Questions 8 questions Total Time About 50 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 48 Section 8.3: Managing Certificates Summary Create scenarios that involve different certificate management tasks. Have the students determine the steps necessary to fulfill the requirements of each task. Students will learn how to: Use the three certificates management tools: Certificates snap-in, Certificate Templates snap-in, CA snap-in. Utilize Group Policy to enable clients to trust your CAs. Configure a custom certificate template and deploy it through the CA. Configure autoenrollment via Group Policy, Certificate Templates, and the CA. Use the Certificate Publishers, Certificate Managers, and Key Recovery Agent groups. Implement CA and Certificate Template permissions. Planning a 2003 Network Infrastructure Objectives 602. Plan a public key infrastructure (PKI) that uses Certificate Services. o Identify the appropriate type of certificate authority to support certificate issuance requirements. o Plan the enrollment and distribution of certificates. Lecture Focus Questions: What is the purpose of Certificate Templates? What are three basic certificates groups? What are the basic CA permissions? What are the basic Certificate template permissions? ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 49 Video/Demo Time 8.3.1 Requesting and Issuing Certificates 15:40 8.3.2 Certificate Templates 10:37 8.3.3 Using Certificate Templates 15:57 8.3.4 Certificate Groups and Permissions 8.3.5 Configuring Certificate Auto-enrollment 8.3.6 Revoking Certificates Total 7:30 10:16 8:13 68:13 Number of Exam Questions 8 questions Total Time About 75 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 50 Section 8.4: Smart Cards Summary Discuss with the students the advantages and disadvantages of smart cards. Have them suggest uses for smart card authentication. Students will learn how to: Configure computer and user accounts to use smart cards for authentication. Planning a 2003 Network Infrastructure Objectives 602. Plan a public key infrastructure (PKI) that uses Certificate Services. o Plan for the use of smart cards for authentication. Lecture Focus Questions: What is a smart card? Why are smart cards a more secure authentication method than a simple username and password? Why must an enterprise CA issue smart card certificates? Lab/Activity Require Smart Cards for Computer Logon Require Smart Cards for User Logon Number of Exam Questions 3 questions Total Time About 15 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 51 Section 9.1: Load Balancing Summary Create scenarios that call for an NLB implementation. Have the students suggest different NLB solutions for each scenario’s requirements. Prepare to discuss the advantages and disadvantages of NLB. If possible, prepare an example of an actual NLB deployment. Students will learn how to: Configure NLB through LAN Connection properties or NLB Manager. Configure cluster IP information in DNS. Implement Unicast or Multicast mode. Planning a 2003 Network Infrastructure Objectives 401. Plan services for high availability. o Plan a high availability solution that uses Network Load Balancing. 404. Manage Network Load Balancing. Tools might include the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility. Lecture Focus Questions: What is the purpose of Network Load Balancing? What is a cluster IP and how do clients find it? What is meant by the term convergence? What is the difference between Unicast and Multicast modes? How does NLB differ from Round Robin DNS? Video/Demo Time 9.1.1 Network Load Balancing (NLF) 13:53 9.1.2 Configuring Load Balancing 12:17 Total ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 26:10 52 Number of Exam Questions 7 questions Total Time About 35 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 53 Section 9.2: Clustering Summary Create scenarios that require the use of clustering. Have the students design a clustering solution for each scenario. Also, create scenarios for cluster recovery. Walk the students through the process of recovering from a cluster failure. Students will learn how to: Install and configure clustering using the Cluster Administrator tool. Configure a quorum resource. Recover from a cluster node or quorum failure. Planning a 2003 Network Infrastructure Objectives 401. Plan services for high availability. o Plan a high availability solution that uses Network Load Balancing. 404. Manage Network Load Balancing. Tools might include the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility. Lecture Focus Questions: What is the purpose of clustering? What is the quorum resource? What is meant by Active vs. Passive nodes? What tool is used to configure Clustering? Video/Demo 9.2.1 Cluster Services Time 6:40 9.2.2 Configuring Clustering 12:12 9.1.1 Recovering from a Cluster Failure 12:31 Total 31:23 Number of Exam Questions 6 questions Total Time About 40 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 54 Section 9.3: Backup and Recovery Summary Create scenarios that require different backup strategies. Have the students determine which strategies are best given the scenario requirements. Students will learn how to: Back up and restore data and system state data. Implement a backup and recovery strategy according to design plan specifications. Enable VSS and use it to recover lost or corrupted files. Use the Recovery Console and ASR to recover from a system failure. Planning a 2003 Network Infrastructure Objectives 405. Plan a backup and recovery strategy. o Identify appropriate backup types. Methods include full, incremental, and differential. o Plan a backup strategy that uses volume shadow copy. o Plan system recovery that uses Automated System Recovery (ASR). Lecture Focus Questions: What are the differences among the various types of backups? How does a daily backup work? What two types of backups would you not use together? What would you select to back up if you needed to back up the registry? What is VSS? When would you need to install the Previous Versions client? How does VSS save Total Time when you need to recover a document? What are the options for recovering a system? ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 55 Video/Demo Time 9.3.1 Backup 7:02 9.3.2 Backing Up Data 6:04 9.3.3 Restoring Data 3:07 9.3.5 Shadow Copy Volumes 3:54 9.3.6 Using VSS 7:28 9.3.8 System Recovery 5:57 Total 33:32 Number of Exam Questions 17 questions Total Time About 55 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 56 Section 9.4: Distributed File System Summary Create scenarios that require the deployment of a stand-alone or fault-tolerant DFS root. Use the solutions the students provide to discuss the advantages and disadvantages of each type of deployment. Students will learn how to: Implement a DFS Root and DFS Links. Configure root or link replicas for fault-tolerance. Windows Server 2003 Objectives 401. Plan services for high availability. Lecture Focus Questions: What is the purpose of DFS? How does DFS make searching for files easier for users? How can you implement fault tolerance with DFS? Video/Demo Time 9.4.1 DFS 5:32 9.4.2 Configuring a DFS Root and Links 8:10 9.4.6 Adding Root and Link Replicas 7:46 Total 21:28 Lab/Activity Create a Standalone DFS Root Create a Domain DFS Root Design a DFS Solution Design DFS Fault Tolerance Number of Exam Questions 1 question Total Time About 45 minutes ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 57 Practice Exams Summary This section provides information to help prepare students to take the exam and to register for the exam. Students will also have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. For example, all questions that apply to Objective 100. Server Roles are grouped together and presented in practice exam 100. Server Roles, All Questions. Students will typically take about 30-90 minutes to complete each of the following practice exams. 100. Server Roles, All Questions (15 questions) 200. Network Infrastructure, All Questions (76 questions) 300. Routing and Remote Access, All Questions (21 questions) 400. Server Availability, All Questions (40 questions) 500. Network Security, All Questions (26 questions) 600. Security Infrastructure, All Questions (23 questions) The Certification Practice Exam consists of 50 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 90 minutes -- just like the real certification exam. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 58 Appendix A: Approximate Time for the Course The total time for the LabSim for Microsoft’s Planning a 2003 Network Infrastructure Exam 70-293 course is approximately 26 hours and 35 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements: Video/demo times Approximate time to read the text lesson (the length of each text lesson is taken into consideration) Simulations (5 minutes assigned per simulation) Questions (1 minute per question) Module Sections Time Minute HR:MM 0.0 Introduction 0.1 Introduction 15 15 :15 30 20 20 70 1:10 65 15 45 55 30 30 240 4:00 35 55 10 100 1:40 50 20 50 30 150 2:30 1.0 Server Management 1.1 Remote Management 1.2 Network Monitor 1.3 Performance 2.0 DNS Name Resolution 2.1 DNS Concepts 2.2 Namespace Design 2.3 Controlling Name Resolution 2.4 DNS Performance 2.5 DNS Security 2.6 Troubleshooting DNS 3.0 NetBIOS Name Resolution 3.1 Configuring WINS 3.2 Managing WINS 3.3 Integrating WINS and DNS 4.0 Network Addressing and Protocols 4.1 Troubleshooting TCP/IP 4.2 Network Components 4.3 Optimizing DHCP 4.4 Troubleshooting TCP/IP ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 59 5.0 Routing and Remote Access 5.1 Routing 5.2 Remote Access 5.3 Wireless Networking 40 70 15 125 2:05 15 40 25 80 1:20 15 20 50 25 100 25 235 3:55 20 50 75 15 160 2:40 35 40 55 45 175 2:55 15 76 21 40 26 23 44 245 4:05 1595 26:35 6.0 Internet Connectivity 6.1 Internet Connectivity 6.2 Network Address Translation (NAT) 6.3 Firewalls 7.0 Security 7.1 Security Planning and Monitoring 7.2 Group Policy 7.3 Templates and Baselines 7.4 Encryption 7.5 Authentication and Communication 7.6 Software Security 8.0 Public Key Infrastructure (PKI) 8.1 PKI Concepts 8.2 Configuring Certificate Services 8.3 Managing Certificates 8.4 Smart Cards 9.0 Availability 9.1 Load Balancing 9.2 Clustering 9.3 Backup and Recovery 9.4 Distributed File System Practice Exams 100. Server Roles (15 questions) 200. Network Infrastructure (76 questions) 300. Routing and Remote Access (21 questions) 400. Server Availability (40 questions) 500. Network Security (26 questions) 600. Security Infrastructure (23 questions) Certification Practice Exam (50 questions) Total Time ©2002 TestOut Corporation (Rev 05/12) Planning a 2003 Network Infrastructure (70-293) 60