+ Reply to Thread
Results 1 to 25 of 25
  1. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #1

    Default 291 Study Bullet Points

    Okay I'm reading some material and will post some of their bullet points they list that to help me study and maybe help you in your studies as well.


    * If you want a computer to talk to the subnet it is currently in but not talk to any other subnets, don't give it a default gateway

    * If you are using RRAS, make sure that the NIC connected to the subnet that does not have the DHCP server is configured as the DHCP Relay Agent

    * Don't forget you can use "pathping IP address or DNS address" to trace packets and get reports at each destination.

    * MBSA is the Microsoft Baseline Security Analyzer and will scan your computer for security defects.

    * Automatic Updates is not installed on a 2003 server by default. You must install the right service packs or the AU client.

    * To uninstall a windows update, you need to run spuninst in the windows\$ntuninstall\spuninst
    directory.

    * You should normally try to use the RunAs command instead of logging into the machine as an administrator. 2 ways you can use runas, hold down shift and right click a program. RunAs should appear. Or you can open a command prompt and type "runas".

    * Run the status of computer report in WSUS to see if computers in the domain have all approved updates

    * Use the "Automatically download the updates, and install them on the schedule that I specify" option in automatic updates if you have laptop users who shut their laptops off during times.

    * If you have a proxy server for internet access, make sure you configure the proxy settings on the WSUS admin page with the correct proxy.

    * Run wuauclt /detectnow options to get new updates from a WSUS client

    * Use IPSec Monitor to verify users are connecting to your servers with encryption

    * Only use the specific languages that you need when synchronizing updates.

    * You can't change a subnet mask on a DHCP scope without deleting it. It has to be re-created if you are trying to change the subnet mask.

    * Routers have "dhcp helper addresses" which store the IP address or DNS name of your DHCP server and will allow DHCP resolution over broadcast domains. Remember, DHCP talks over broadcasts and a broadcast domain (usually a router) blocks broadcasts from talking between subnets.

    * A DHCP reservation is when you want to map an IP address directly to a computer by matching the MAC address of the client computer to the setting you put in the DHCP server. An exclusion only disables the IP address(es) listed from being used by the DHCP server. This is usually used when you have a computer configured with a static IP in the middle of a DHCP range.

    * You do not have to include the dashes in the MAC address when assigning a reservation. 0009d5a6b1b6

    * To restore a DHCP server at its most simple description, restore the database to your server. Use the DHCP console to restore the backup from the folder which the database resides. Then at the command prompt type "net start dhcpserver" and then authorize the DHCP server. You can also stop your first DHCP server, copy the database over to your second DHCP server, then start the service, authorize and activate the DHCP scopes.

    * FSMO - there needs to be only 1 PDC emulator per domain and it must be on a domain controller

    * ICF - If you have an FTP server that needs to be protected from the internet, make sure you turn on ICF and select FTP Server check box on the services tab

    * IIS - you can view log files to collect information about which users are accessing the web server via HTTPS and which users are experiencing failed HTTPS requests

    * ISA - make sure that on the Public interface that you clear the "Register this connection's address in DNS"

    * You can use network monitor to identify whether Server-A is receiving requests for resources through NETBIOS broadcast

    * Network monitor does not capture packets for the whole network, it only captures packets for the server it is installed on.

    * Use network monitor to figure out a DoS attack

    * To ensure the impact of monitoring on a server is reduced and that all packets are captured, then use run Network Monitor in dedicated capture mode

    * If a large number of packets are captured, make sure you increase the buffer and decrease the frame to reduce the size of captured data

    * Configure a Trigger in Network Monitor to send notifications

    * You can capture a users communication to a domain controller by monitoring all traffic between the DC and CP1 with a capture filter

    * If you are running system monitor with Network Interface, bytes per second at a sample rate of 15 seconds and the log size is getting too large, then set the sample rate to 60 seconds

    * If you are monitoring events that are associated with invalid logins, then use Errors Logon, Errors Access Permissions, Errors Granted Access

    * Use system monitor to create a log of the DNS counter Dynamic updates/sec and Total queries/sec for DNS client traffic causing problems

    * To monitor the successful incremental zone transfers, use XFR Success Received counter

    * Remember creating an ADI zone and configuring the zone for Secure Dynamic Updates Only is ~Important~ and best practice!

    * ADI DNS domain controllers can minimize WAN traffic

    * Use the replmon tool to find out why DNS data is out of date

    * One way to do a zone transfer is this:
    1. New-DNS-Server setup a secondary zone for domain X
    2. Add a NS records to New-DNS-Server for the X zone
    3. on New-DNS-Server change the secondary zone to a primary zone for domain X
    4. On Old-DNS-Server delete X zone
    5. On Old-DNs-Server setup a secondary zone for domain X

    *If you are configuring a complete DNS infrastructure which includes root zones, make sure to include all of the root DNS servers on each of your zoning DNS servers in your root hints configuration page.

    *Round Robin enables DNS records that have multiple IP addresses mapped to one host to be able to evenly distribute the IP addresses in load balancing fashion.

    * The following protocols encrypt data transmissions and authentication: EAP-TLS, MS-CHAPv2, MS-CHAP. Only encrypts authentication: CHAP.

    * EAP-TLS = smart cards and certificates, MS-CHAPv2 = supports newer OS's and is mutual auth, MS-CHAPv1 = supports older OS's and is one way auth, CHAP = supports non-windows OS's, SPAP = shiva products, PAP = plaintext authentication

    * You can use the MBSA to scan for WSUS/windows updates on a client machine
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #2
    *start > run (windows key + r) control netconnections

    It probably won't be on the exam, but it's really slick. I've been surprised at how much I've used it.
    Reply With Quote Quote  

  4. Senior Member Revenue's Avatar
    Join Date
    Jul 2007
    Location
    New Zealand
    Posts
    130

    Certifications
    B.IT, MCSA:M,MCSE 03, MCTS:Vista, Win7, AD, Network, Applications
    #3
    Hey thanks, Have my exam in a couple of hours :P Cheers for the quick revision.. gl
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Nov 2007
    Location
    Colbert Nation
    Posts
    1,220

    Certifications
    life+
    #4
    thanks!
    Reply With Quote Quote  

  6. ROFL-Copter pilot snadam's Avatar
    Join Date
    Dec 2006
    Location
    AZ
    Posts
    2,235

    Certifications
    JNCIP-SEC, JNCIS-SEC, JNCIA-JunOS, CCNA, CCENT, MCSE 2003, MCSA 2003, MCP, Network+, Security+
    #5
    thanks mishra, any extra info is well appreciated for this exam!
    Reply With Quote Quote  

  7. aoe
    aoe is offline
    Member
    Join Date
    Jan 2008
    Posts
    32

    Certifications
    A+, MCP
    #6

    Default Re: 291 Study Bullet Points

    Quote Originally Posted by Mishra

    * Make sure and include the dashes in the MAC address when assigning a reservation. 00-00-00-00-00-00
    My understanding is you do not need the dashes when assigning a MAC address a reservation.
    Correct me if i'm wrong.

    Thanks for all the other tips, i enjoy reading them.
    Thanks.
    Reply With Quote Quote  

  8. ROFL-Copter pilot snadam's Avatar
    Join Date
    Dec 2006
    Location
    AZ
    Posts
    2,235

    Certifications
    JNCIP-SEC, JNCIS-SEC, JNCIA-JunOS, CCNA, CCENT, MCSE 2003, MCSA 2003, MCP, Network+, Security+
    #7
    Quote Originally Posted by dynamik
    *start > run (windows key + r) control netconnections

    It probably won't be on the exam, but it's really slick. I've been surprised at how much I've used it.
    To further strengthen Dynamik's point with the runas command, here is a list of all control panel commands. I keep this very handy, as users are locked out of the control panel in my environment.



    Code:
         Control panel tool             Command
       -----------------------------------------------------------------
       Accessibility Options          control access.cpl
       Add New Hardware               control sysdm.cpl add new hardware
       Add/Remove Programs            control appwiz.cpl
       Date/Time Properties           control timedate.cpl
       Display Properties             control desk.cpl
       FindFast                       control findfast.cpl
       Fonts Folder                   control fonts
       Internet Properties            control inetcpl.cpl
       Joystick Properties            control joy.cpl
       Keyboard Properties            control main.cpl keyboard
       Microsoft Exchange             control mlcfg32.cpl
          (or Windows Messaging)
       Microsoft Mail Post Office     control wgpocpl.cpl
       Modem Properties               control modem.cpl
       Mouse Properties               control main.cpl
       Multimedia Properties          control mmsys.cpl
       Network Properties             control netcpl.cpl
                                      NOTE: In Windows NT 4.0, Network
                                      properties is Ncpa.cpl, not Netcpl.cpl
       Password Properties            control password.cpl
       PC Card                        control main.cpl pc card (PCMCIA)
       Power Management (Windows 95)  control main.cpl power
       Power Management (Windows 98)  control powercfg.cpl
       Printers Folder                control printers
       Regional Settings              control intl.cpl
       Scanners and Cameras           control sticpl.cpl
       Sound Properties               control mmsys.cpl sounds
       System Properties              control sysdm.cpl
    Reply With Quote Quote  

  9. Senior Member Tyrant1919's Avatar
    Join Date
    Jan 2008
    Location
    Marysville, CA
    Posts
    516

    Certifications
    A+, Net+, Svr+, Sec+, CCNA, MCSE:S, MCITP:EA, 236
    #8

    Default Re: 291 Study Bullet Points

    Quote Originally Posted by aoe
    My understanding is you do not need the dashes when assigning a MAC address a reservation.
    You are correct sir, you do not need them.
    Reply With Quote Quote  

  10. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #9

    Default Re: 291 Study Bullet Points

    Quote Originally Posted by aoe
    Quote Originally Posted by Mishra

    * Make sure and include the dashes in the MAC address when assigning a reservation. 00-00-00-00-00-00
    My understanding is you do not need the dashes when assigning a MAC address a reservation.
    Correct me if i'm wrong.

    Thanks for all the other tips, i enjoy reading them.
    Thanks.
    Sorry, wrote it down wrong. Thanks for the correction.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Apr 2003
    Posts
    157

    Certifications
    M.S. MIS (in progress), B.S. CIS, MCSE 2003, MCSA :M 2003, CCNA
    #10
    Windows Key + "Pause" = Go To System Properties saved enormous amount of time for me
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Sep 2007
    Location
    Upstate NY
    Posts
    110

    Certifications
    A+, Network+, MCSA 2k3, CCNA, CCNP
    #11
    Just a note on RRAS since I just got done toying with it. As far as the DHCP relay agent goes, it doesn't necessarily have to be on the RRAS's interface facing the subnet that doesn't have a DHCP server. You can place an DHCP relay agent on any member server in the subnet that doesn' t have a DHCP server and point it to the correct server.
    Reply With Quote Quote  

  13. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #12
    Added more... More DNS bullets to come.
    Reply With Quote Quote  

  14. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #13
    Here are some generalized study material I jotted down.

    net session - view computer names and user names of users on a server to see open files and user sessions
    netstat - used to display tcp/ip and port information
    netsh - wide range of tasks, can configure tcp/ip, display configs, and stats.
    netcap - captures network traffic (291 study bullet)

    Resource Location Server

    This option specifies a list of IP addresses for resource location servers, as defined in RFC 887, available to the client. When more than one server is assigned, the client interprets and uses the addresses in the specified order.


    WINS lookup is used to look up names that cannot be resolved by DNS through the specific zone the lookup is configured on.WINS lookup has 2 specific types of resource records, the WINS resoucre record and the WINS-R resource record. Instead of putting static WINS entries on desktops, you can instead use the resource records to channel through your DNS infrastructure instead.

    reference: http://technet2.microsoft.com/window....mspx?mfr=true
    Reply With Quote Quote  

  15. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #14
    Added a bit more
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Oct 2007
    Posts
    277

    Certifications
    Check the Sig
    #15
    Who knew the Beast would be so much fun!!! Yeah!!!
    Reply With Quote Quote  

  17. Member
    Join Date
    Nov 2007
    Posts
    90

    Certifications
    MCDST, MCTS: (620, 630, 631, 351), MCSA: M/S, MCSE, MCITP: EA
    #16
    This is my last source of information before the beast...

    I sit for it in 10 minutes!!!
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Sep 2007
    Posts
    397
    #17
    Good luck, or how did you do? Depending on when you read this!
    Reply With Quote Quote  

  19. ROFL-Copter pilot snadam's Avatar
    Join Date
    Dec 2006
    Location
    AZ
    Posts
    2,235

    Certifications
    JNCIP-SEC, JNCIS-SEC, JNCIA-JunOS, CCNA, CCENT, MCSE 2003, MCSA 2003, MCP, Network+, Security+
    #18
    Quote Originally Posted by Krank
    This is my last source of information before the beast...

    I sit for it in 10 minutes!!!
    kill that mofo
    Reply With Quote Quote  

  20. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #19
    Quote Originally Posted by Krank
    This is my last source of information before the beast...

    I sit for it in 10 minutes!!!
    Good job. Did my post help at all?
    Reply With Quote Quote  

  21. Member
    Join Date
    Nov 2007
    Posts
    90

    Certifications
    MCDST, MCTS: (620, 630, 631, 351), MCSA: M/S, MCSE, MCITP: EA
    #20
    Oh yes, thanks a lot, Mishra. It was useful.
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Jul 2006
    Location
    Montgomery, AL
    Posts
    168

    Certifications
    MCSA: 2012, MCSA: 2008, MCITP:EA/SA, MCSE/A 2003:Security, MCTS: Vista, CCNA, Security+, Net+, A+, DCSE
    #21
    Quote Originally Posted by midiman
    Windows Key + "Pause" = Go To System Properties saved enormous amount of time for me
    Windows Key + E = opens my computer(explorer)
    Windows Key + D = minimizes all windows and shows desktop
    Windows Key + L = locks computer, very handy when you walk away from your desk often
    Studying for MCSE: Server Infrastructure (70-414 left)
    Reply With Quote Quote  

  23. Junior Member
    Join Date
    Mar 2008
    Posts
    1

    Certifications
    CCNA (expired), 70-290, A+, Network+
    #22
    Quote Originally Posted by techster79
    Windows Key + D = minimizes all windows and shows desktop
    Hi Y'all,

    Just found this site...I am ol UNIX admin that switch to windows 4 years ago and am finally Sitting down to do my certs...especially now that I am going back in IT after a few year hiatus in the "non-sales account manager" role I had.

    anywhoo

    the Windows Key + M = minimizes all windows and shows desktop
    works too.
    Reply With Quote Quote  

  24. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #23
    SuperKey + D and SuperKey + E are my two most favourite and most used windows shortcuts. With SuperKey + L a close step behind. SuperKey + R for run (works on Vista!) and SuperKey + F to do a search are fairly useful as well. A tip about the SuperKey + D -- when you use it to bring up the desktop if you hit it again it will restore all of the windows that it minimized to bring up the desktop. Not 100% I've seen it fail a few times but it is still a really handy trick. Especially if you want to quickly hide your techexams.net browsing when the boss walks by.

    Oh and almost forgot, Ctrl - Shift - Esc for the Task Manager.
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #24
    Quote Originally Posted by undomiel
    Especially if you want to quickly hide your techexams.net browsing when the boss walks by.
    www.workfriendly.net




    Windows + break/pause is useful too
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Nov 2007
    Location
    NYC
    Posts
    441

    Certifications
    BS in IT:NDM, VCPv5, VCPv4, MCITP: SA, MCSE 2003:S, MCSA 2003:M, MCTS 70-351, 70-652, CCENT, CCNA, CCNA: Security; Network+, A+, WIP: RHCSA
    #25
    Here are some study notes I have taken while studding with the MS Press book and Transcender.

    Could you guys please review them for accuracy and add the ones that are not in the original document.



    *DNS Servers that are authoritative for a zone should be listed on the Name Server tab of the properties sheet for the zone.

    *Win2k3 supports the Automatic Recovery of these services:
    -DNS Clients
    -DHCP Servers
    -Error Reporting Services

    *User specific policies(GPO’s) do not apply to the entire computer only the users profile.

    *netdiag is a command line diagnostic tool that can be used to test network connectivity.

    *netdiag /test:kerberos – CMD line for testing Kerberos functionality.

    *Routers are configured at the Scope level.

    *1542 Compliant Router is a BootP forwarder.

    *Steps to migrate DHCP
    -Back up DHCP server database manually
    -Stop DHCP service
    -Disable DHCP Service
    -Copy backup to DHCP2
    -Restore DHCP Database
    -Start DHCP service

    *DHCP reservations require MAC address. If the hardware changes the MAC address in the reservation needs to change as well.

    *While W2k and W2k3 AD networks can shut down rogue DHCP servers on W2k and W2k3 machines, they cannot shut down DHCP running on NT4 or earlier. Must be done manually.

    *252 WPAD Reservation (Web Proxy Auto Detect) – Enables computer to discover the address of the local ISA server through auto discovery.

    *MAC address contains 12 alphanumeric 0 – F Characters.

    *An authoritative DNS server for a zone is a server that hosts a primary or secondary copy of that DNS zone.

    *You should only delete a DHCP reservation if you plan on changing the IP Addy.

    *DHCP Options:
    -Server- option that should apply or be inherited by all scopes and clients of the DHCP server as defaults.
    -Scope- option that should apply only to an applicable scope selected in DHCP console tree.
    -Class- option if you have a mixture of DHCP clients with diverse needs
    -Reservation- apply only to specific DHCP client.
    +Can only be created in their own subnet scope.

    *Reservation options override Class options
    Class options override Scope options
    Scope options override Server options.

    *Automatic Metric Checkbox- allows TCP/IP to determine the routing metric based on the speed of the network adaptors. Interface w/ highest speed = lowest metric.

    *Remote access policies are applied in order until a policy is found where all conditions are met. Once that policy is found the remaining policies are not checked.

    *secedit.exe- is the command line version of Security Configuration and Analysis tool.

    *gpresult.exe- command line version of the Resultant Set of Policy.

    *Kerberos can only be used in and AD or Kerberos realm environment and cannot be used by a stand alone server.

    *mbsacli.exe- command line version of Microsoft Baseline Security Analyzer.

    *inconfig /setclassid – enables you to configure the user class.



    I may have more to add later.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks