1.

Whats MQPing used for? Testing Microsoft Message Queue services between the nodes on a network.

2. What is a firewall? 3. Describe, genrally, how to manage a firewall 4. What is a Denial of Service attack? 5. What is a spoofed packet? 6. What is a SYN Flood? 7. What do you do if you are a victim of a DoS? 8. What is GPG/PGP? 9. What is SSH? 10. What is SSL? How do you create certificates? 11. What would you do if you discovered a UNIX or Network device on your network has been compromised? 12. What would you do if you discovered a Windows system on your network has been comrpromised? 13. What is DNS Hijacking? 14. What is a log host? 15. What is IDS or IDP, and can you give me an example of one? 16. Why are proxy servers useful? 17. What is web-caching?

1. What is the difference between layer 2 and layer 3 in the OSI model? 2. What is the difference between a hub, switch, and router? 3. What is a VLAN? 4. What is the difference between TCP and UDP? 5. How do you distinguish a DNS problem from a network problem? 6. What is a runt, Giant, and collision? 7. What is a broadcast storm?

8. What is the purpose of VRRP? 9. What is a VPN? 10. What information about a peer would I need to establish a VPN? 11. What is a full-class C in CIDR notation? 12. What is a default route? 13. What is a metric? 14. What is a MAC address? 15. What is ARP/RARP? 16. Describe a TCP connection sequence 17. What is MTU? 18. What other TCP setting can you modify besides MTU to shorten packets?

What new features are available in IIS 6.0? A: There are many security features in IIS 6.0. The default installation of IIS 6.0 is "locked." Other new features include selectable cryptographic services, advanced digest authentication, and configurable access control of processes. To increase reliability IIS 6.0 has a kernel mode HTTP service, dedicated application processes, and a self-healing mechanism. It also supports Unicode support, metabase configuration in XML rather than binary files and additional features set to reduce the number of reboots required What features are specifically missing for Windows Web Server 2003? A: Enterprise UDDI Services, Cluster Service, Internet Authentication Service (IAS), Network Bridge, Internet Connection Sharing (ICS), Metadirectory Services Support (MSS), Remote Service, Services for Macintosh, Removable and Remote Storage, Remote Installation Services (RIS), Internet Connection Firewall, All Major Scalability Features (only included in Datacenter), Terminal Server and Terminal Server Session Directory. Partially supported features are Public Key Infrastructure, Certificate Services, and Smart Cards, Active Directory and Virtual Private Network (VPN).

1.

How do you install recovery console? C:\i386\win32 /cmdcons, assuming that your Win server installation is on drive C.

Whats new in Terminal Services for Windows 2003 Server? Supports audio transmissions as well, although prepare for heavy network load FSMO: FSMO (Flexible Single Master Operations) There are times when you may need to change the Domain Controller which holds one of the 5 FSMO roles. Either you could be facing a disaster recovery where you have lost the first Windows 2003 Domain Controller, or you are organized and want to get the most out of your Active Directory Forest. Although you rarely need to deal with FSMO, there is the feeling that knowledge of these Operation Masters is power over your Windows 2003 Servers Background of Operations Masters For most Active Directory operations, Windows 2003 uses the multiple master model. The benefit is you can add a computer, or change a user's password on any domain controller. For example, if you have three domain controllers, you can physically create a new computer account in the NTDS.dit database on any of the three. Within five minutes (15 seconds in Windows 2003), the new computer object will be replicated to the other two domain controllers. Technically, the Microsoft multiple master model uses a change notification mechanism. Occasionally problems arise if two administrators perform duplicate operations before the next replication cycle. For example, you created an OU called Accounts last week, today at the same instant you create new users in that OU, another administrator on another DC, deletes that OU. Active Directory does it's best to obey both administrators. It deletes the OU and creates the Users, but as it cannot create the Users in the OU because it was deleted, the result is the users are added to the orphaned objects in the 'LostAndFound' folder. You can troubleshoot what has happed by locating the 'LostAndFound' folder in Active Directory Users and Computers. From the View Menu in Active Directory Users and Computer, click: Advanced Features

The Five FSMO Roles There are just five operations where the usual multiple master model breaks down, and the Active Directory task must only be carried out on one Domain Controller. PDC Emulator - Most famous for backwards compatibility with NT 4.0 BDC's. However, there are two other roles which operate even in Windows 2003 Native Domains, synchronizing the W32Time service and creating group policies. I admit that it is confusing that these two jobs have little to do with PDCs and BDCs.
1.

RID Master - Each object must have a globally unique number (GUID). The RID master makes sure each domain controller issues unique numbers when you create objects such as users or computers. For example DC one is given Rids 1-4999 and DC two is given Rids 5000 - 9999.
2.

Infrastructure Master - Responsible for checking objects in other other domains. Universal group membership is the most important example. To me, it seems as though the operating system is paranoid that, a) You are a member of a Universal Group in another domain and b) that group has been assigned Deny permissions. So if the Infrastructure master could not check your Universal Groups there could be a security breach.
3.

Domain Naming Master - Ensures that each child domain has a unique name. How often do child domains get added to the forest? Not very often I suggest, so the fact that this is a FSMO does not impact on normal domain activity. My point is it's worth the price to confine joining and leaving the domain operations to one machine, and save the tiny risk of getting duplicate names or orphaned domains.
4.

Schema Master - Operations that involve expanding user properties e.g. Exchange 2003 / forest prep which adds mailbox properties to users. Rather like the Domain naming master, changing the schema is a rare event. However if you have a team of Schema Administrators all experimenting with object properties, you would not want there to be a mistake which crippled your forest. So its a case of Microsoft know best, the Schema Master should be a Single Master Operation.
5.

Difference between Scope and Super Scope:

Unless they have change the GUI) you cannot create a scope "under a superscope" -- you create and add it to the superscope. If you understand the purpose of a superscope explicitly it will make it clear when to use Superscopes. First, a mental trick: Every time you hear the word superscope, mentally (out loud at first) add the word "GROUP" so it becomes "superscopeGROUP" - scopeGroup would have been a much better name for this but that's not what the RFCs chose. A superscope(group) is used when you have a MULTINET-more than one 'logical subnet' on the same 'physical subnet or segment of wire'. You want the DHCP server to service both subnets -- a scope is related to ONE Subnet. So create each scope (per logical subnet) and create a superscopeGROUP because you have a multinet -- add the scopes to the superscope...to group them.

What are the differences between Windows 2000 Professional, Server, Advanced Server, and DataCenter? Windows 2000 comes in several versions. Windows 2000 Professional is a desktop operating system for workstations designed to replace Windows NT Workstation and Windows 95/98 in corporate environments. It can support 2 processors, as well as multiple monitors. Windows 2000 Server supports 4 processors and is designed to fill the role of typical domain controller, file and print server, application server, and other common tasks. Windows 2000 Advanced Server is designed for high end mission critical platforms, supports 8 processors, and includes support for 2 way server clustering. Windows 2000 DataCenter Server goes even further than Advanced Server in that it can support up to 32 processors, cascading failover among 4 nodes, and 32 node network load balancing.

How much difference is there between Windows 2000 and Windows NT 4.0? Even though Windows 2000 is built on the Windows NT architecture, Microsoft has added many new features (Plug and Play, USB support, Recovery Console, IntelliMirror, Group Policy, Active Directory, integration of IIS and Terminal Services) and redesigned many of the management tools (MMC, Disk Administration, ADSI). If you are already familiar with Windows NT, you'll have an easier time getting used to Windows 2000 but there is still a lot to learn. What is the difference between Windows 95/98/Me and Windows 2000? Windows 98 and Windows Me are based on the popular Microsoft Windows 95 Operating System, and are designed for the consumer market. Windows 95/98 were designed for backward compatibility with older DOS and 16bit programs, as well as providing a platform for the newer (back in 1995) 32 bit programs. Although many companies use both Windows 95 and Windows 98, these Operating Systems lack the security and stability of Windows NT/2000. However, Windows 95/98/Me is compatible with more software (including games) and hardware. It is important to remember that Windows 2000 is designed for the corporate environment, and not the average home user. What is the difference between UNIX and Windows 2000? UNIX is a much older Operating System that was designed in the 1960's. It began as an open source project that became widely used in Universities, scientific labs, and by the U.S. government. Over the years, hundreds of talented programmers contributed their own improvements to Unix making it extremely robust, stable, and fast. However, UNIX can be difficult to learn and isn't as widely supported as Microsoft Windows. For information regarding UNIX vs. Windows NT/2000 in corporate and academic environments, Kerberos: Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well. The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to "sniff" passwords off of the network are in common use by systems crackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be "honest" about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server. Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that "the bad guys" are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are

carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure then a computer which is not connected to the network --- and powered off!) In many places, these restrictions are simply unrealistic and unacceptable. Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business. Kerberos is freely available from MIT, under a copyright permission notice very similar to the one used for the BSD operating and X11 Windowing system. MIT provides Kerberos in source form, so that anyone who wishes to use it may look over the code for themselves and assure themselves that the code is trustworthy. In addition, for those who prefer to rely on a professional supported product, Kerberos is available as a product from many different vendors. In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise. We hope you find Kerberos as useful as it has been to us. At MIT, Kerberos has been invaluable to our Information/Technology architecture. ------------------------------------------------------------

Exchange server
Distribution list: A distribution list is a group of e-mail addresses, usually grouped under a single e-mail address. When you send to a distribution list, you're really sending to everyone whose address is included in the list. It's much easier than picking 30 different addresses from the Address Book.

Routing Groups: Exchange 2003 can easily route both internal and external email. For routing email within your Exchange Organization, the best choice is a Routing Group Connector; while

internet email is best served by an SMTP connector. X.400 Connectors are used to transfer email between Exchange and older types of email systems

Exchange Database (.edb) Exchange Streaming Database (.stm)

ESEUTIL utility
You can use the Eseutil utility to defragment the information store and directory in Microsoft Exchange Server 5.5 and to defragment the information store in Microsoft Exchange 2000 Server and in Microsoft Exchange Server 2003. Eseutil examines the structure of the database tables and records (which can include reading, scanning, repairing, and defragmenting) the low level of the database (Ese.dll). Eseutil is located in the Winnt\System32 folder in Exchange Server 5.5 and in the Exchsrvr/Bin folder in Exchange 2000 and in Exchange 2003. The utility can run on one database at a time from the command line.

Isinteg (Microsoft Exchange Information Store Integrity Checker)

You can use the Isinteg.exe tool to check and to fix the integrity of the information store databases including the private information store, Priv.edb, and the public information store, Pub.edb.

MIME (Multipurpose Internet Mail Extensions) Short for Multipurpose Internet Mail Extensions, a specification for formatting nonASCII messages so that they can be sent over the Internet. Many e-mail clients now support MIME, which enables them to send and receive graphics, audio, and video files via the Internet mail system. In addition, MIME supports messages in character sets other than ASCII. MAPI (Messaging Application Programming Interface) MAPI = Messaging Application Programming Interface, the heart of Microsoft's messaging programs. Extended MAPI serves three main purposes:

It's the programming interface used to write components that connect to different mail servers, provide access to custom address books and provide rich storage facilities -- in other words, the components that you can add through see on the Tools | Services dialog in Outlook.
You can use MAPI to develop new types of custom forms, not based on the built-in Outlook forms.

You can create addins for Outlook, Exchange and Windows Messaging that extend the functionality of those clients.

Security accounts Manager (SAM)

Windows NT stores user information in the Security accounts Manager (SAM) database. Specifically, encrypted passwords are stored in the SAM._ file of the NT Registry, in the systemroot directory (The NT Resgistry is a database of information replacing the .ini files used in the Windows 3.X environment). Passwords are encrypted by a two part process when stored in the NT registry. First, passwords are hashed using the RSA MD4 scheme, then they are further obfuscated using DES encryption. Typically, access to the NT Registry is limited to the Administrator account. However, a back-up copy of the SAM._ file is normally created whenever the Emergency Repair Disk is updated and is stored in %systemroot %\repair\SAM._. The group "Everyone" has Read permission by default on this back-up copy of SAM._. As a result, "Everyone" has the potential to obtain or copy the encrypted password file. DHCP Relay Agent If you have routers separating some of your DHCP clients from the DHCP server you may have problems if they are not RFC compliant. This can be solved by placing a DHCP relay agent on the local network area which is not actually a DHCP server which communicates on behalf of the DHCP Server. The DHCP Relay Agent must be a Windows NT Server computer. 1. On the NT Server log on as an Administrator 2. Start the Network control panel applet (Start - Settings - Control Panel Network)

3. Click the Services tab and click Add 4. Select "DHCP Relay Agent" and click OK 5. Type the path of the files (e.g. d:\i386) and click OK 6. You will be asked if you wish to add IP address to the DHCP servers list, click Yes 7. Click the DHCP relay tab and click Add 8. In the DHCP Server field enter the IP address of the DHCP Server and click Add 9. Click OK 10. Restart the computer

DHCP Lease Process:

A DHCP-enabled client obtains a lease for an IP address from a DHCP server. Before the lease expires, the DHCP server must renew the lease for the client or the client must obtain a new lease. Leases are retained in the DHCP server database approximately one day after expiration. This grace period protects a client's lease in case the client and server are in different time zones, their internal clocks are not synchronized, or the client is off the network when the lease expires