Nitty Gritty 51 Questions, 90minutes, 784 to pass (approx 20points per question)
* Know Trusts inside out (if you don't you fail - simple as that)
* Know domain models inside out (single, single master, multi-master, fulltrusts)
* Scenario: You want to give ONLY the sales group remote access (mandatory) and require data encryption AND password encryption. Proposed Solution: Configure only sales to have remote access thru usrmgr, allow any authentication method, require passwords to be changed every 40 days.
* Same scenario as above. Proposed Solution. Configure only sales to have access thru usmgr, require encrypted authentication, require passwords to be changed every 40 days,
implement hardware based security between the modems and the server
* Scenario. You have 2 identical printer devices pooled. Accounting is always hogging the printer with 500 page docs that require alot of processing. You want Managers to always print first and have both printers in the pool available to them. You want Sales to also print to both
printers but their jobs come after Managers. You want Accounting to print last and only to one of the printers.
*Proposed Solution: Configure a printer pool. Assign the Managers highest priority, followed by Sales, followed by Accoutants. Config Managers/Sales to print to both printers, Accountants to only 1. Allow Sales/Mangers to print after the first page is spooled, Accountants only print after last page is spooled.
* Same Scenario as above, similar solution. Only major difference was that system was setup so Accounting group would print in off-peak hours.
* You're the admin of master domain and u want to create a global group that has right to backup all DC (mandatory) and member server/Workstations (optional).
*Proposed Solution: Create a global group called PrintGlobal in master, put them into
backup ops in resource domain. (This does not fulfill the Optional)
* Same Scenario as above: Proposed Solution was different. Create a global group called BackUpGlobal in Master, create BackUpLocal in each resource domain. assign BackUpGlobal to BackUpLocal, assign BackUpLocal backup/restore rights. Also, put BackUpGlobal groups in all member server/workstations local backup groups.
* Your designing several server roles. You have 5000 users accessing a SQL server. How would you config this server?
(Here you have a graphic with four options...)
1.???
2. Balanced
3. Maximize Throughput for File sharing
4. Maximize Throughput for Network access
* You have configed a server/printer with the DLC protocol, after you reboot, you can't print why?
Something about someone connected to the printer with a continuous connection
* You have a custom apps designed for use on NT workstations. How do you create a .pol file so your users can access them?
- -cut/paste from existing registry
- -create a template
- -???
- -????
(can't remember this one too well)
* Know that trusts are not transitory. ie: A trusts B and B trusts C does NOT mean A trusts C.
* Had a couple question where it would show a graphic with multiple domains. It would list the requirements (centralized accounts, what the WAN speed is between them, where the DHCP/WINS server is, etc) then u had to choose the answer that matched the question. Pretty simple as long as you read each paragraph.
* Lots of these questions made you decide what is the greatest single imprvement u could do, ie place a BDC on either side of a slow link to eliminate Netlogon traffic over the WAN or would that cause too much synchronization traffic.
* Make sure you know the nuances of the Replication Governor, and the pulseconcurrency, pulse, pulsemaximum stuff.
* Had one where Mary was a member of the Sales group and the SalesManagers group. She wanted access to the a file in a trusted domain but when she tried to get to it she was denied. They present you with a graphic showing what groups had what permissions to the files. Basically you had to point out that her No Access permission from her membership in the Sales group was overiding her Read permission in the SalesManager group.
* Know you Share permissions and your NTFS permissions and how they interact. (Dig out that NT4.0 Core manual!)
* You create a .pol file for everyone to use, where to you put it? ---users home dir ---Netlogon share ---member server ---etc
* How do you designate a pol file as being mandatory? (gift)
* How do you simplify the creation of home directories (%username%)
* Know the duifference between dumpcheck and dumpexam. I had a question on dumpcheck.
*How do you configure the location of a memory dump file?
* Scenario where Finance wanted their staff to print cheques but only they had power of them. Not even Administrator should be able to fool around with the print jobs and only the person who created the job should have control.
Typical globalgroup/local group thing but local group had to have very specific rights. Had something to do with ownership of files.
* You run Performance Monitor to check a drive that is thrashing but when you check the log all counters are at zero. Why? Didn't turn on Diskperf -y
* You want to monitor usage on a multi-processor system, what counter should you turn on.
I think it was System: %_Total Processor
* Make sure you know the difference and when to use rdisk, the Emergency Repair Disk, and the Setup Disks. ie: Know what files they each can replace in case of a system drive crash.
* You boot up the system and the following message appears. "Could not find \Winnt\ntoskernel." How do you repair this.
Copy file from tape back up Reboot from the setup disks
Use the Emergency Repair Disks
* Absolutely nothing on the Registry!
* You are using Network Monitor to monitor network usage of a TCP/IP network on an NT Workstation. How can you filter only those packets initiated by the workstation? (or something to that effect) The answer was something about filtering by computer address.
* You are hosting web pages for 5 different companies on your IIS server. These 5 companies have 5 different DNS names register to your server. How do you configure IIS to handle it?
- bind 5 IP's to the NIC
- map 5 web folders to the IP's
- ???
- ??? Having not taken IIS I had no clue but they wanted 2 answers so I
illiminated the 2 I thought were totally wrong.
* There were a few questions on domain planning Investigate how you would plan for a large company that spanned 5+ major cities, where everyone needed
access to all domains.
* You two sites, London and Mexico City as one domain. Mexico city had the PDC, DHCP, & WINS servers. London had only workstations. London is complaining of slow logons and wickedly slow address and name resolutions (no kidding!) How do you make London as effecient as Mexico City?
* You have one domain spanning 5 cities with 56K links between them all. How do you fix it so that there is a happy medium.
* You are migrating Netware accounts to your NT domain but of course many of the Netware users have multiple user accounts. How do you deal with all these duplicate accounts?
- Migrate them all and go back and delete all the duplicates one by one. - Chose OPTIONS , OVERWRITE Duplicate accounts. - Chose which accounts to migrate one by one with User Manager - ???
* You want to migrate, Netware users, computers, files, and permissions to NT. What must be in place. - NWLink ipx/spx - TCP/IP - System must be FAT - System must be NTFS
* You have 6 hard drives. The first is your system drive. The other five are part of a fault tolerance implementation of disk stripping with parity. In a real fluke of bad luck you lose the first two drives of your disk stripe. How do you recover?
* You have mirror the system partition. More bad luck strikes and the first drive of the mirror dies. How do you recover?
*What do you do if you don't have an emergency repair disk. And of course the machine has crashed.
* What do you do if you don't have the three installation boot disks. And of course the machine has crashed.
* You want to optimize read/write performance. Which should you implement? - disk mirroring
- disk duplexing - disk striping with parity
* Study how the guest account affects users in domains and trust relationships. ( I don't think I new enough about this, came up a couple of times)
* You are installing NT as a BDC in the CORP domain, when you get the message "Could not locate Primary Domain Controller for CORP domain." What do you do?
- Continue with install then physically connect the computer to the domain
and join.
* Know that you cannot promote a member server to BDC or PDC and vise versa.
* Know that a DC cannot change domains without re-installation.
* Know AGLP - Accounts are put into Global groups. Global groups are put into Local groups. Local groups are assigned Permissions.
* Remember that Local Groups can contain Local Users, Global groups from the local and trusted domains, and Users from trusted domains.
* Where do you store a users profile if you want it to be roaming?
* How do you recover from losing the system partition?
* You have 4 servers, 60 users, you want centralized administration of accounts and resources. Which domain model are we talking about here?
-------------------------------------------------------------------------------------------------------
NT 4.0 Enterprise Brain Dump: (This is typed up directly from my notes on the test)
*Note There are no answers here, those went on the test.
Printer pool configuration
Primary: Management prints first.
primary: Accounting only uses one printer.
secondary: Optimized print time for accounting.
secondary: Management and sales print before accounting.
There is a table of options that changes with each the test.
Remote Access
Primary: Only brokers get remote access.
Primary: nobody else gets remote access.
Secondary: Password encryption is used.
Secondary: Data encryption is used.
[2 questions]
Backup all computers and workstations in a domain.
Primary: Backup all domain controllers from the sales domain.
Secondary: Backup all member servers too.
Secondary: Backup all workstations as well.
[2 questions]
Domain planning Questions.
There were a number of questions on Domains with trusts
and how users should access resources using local and global groups.
(I draw diagrams to figure these out, here they are)
Sales -> Corporate
Home Dirs sers
East Domain -> Corporate <- West Domain
Sales <- Support
User Mary Printer
Sales -> Corp (user Maria)
Marketing Fldr
Forecast file.
Sales <- Support
User Mary (GG) Printer (LG)
Domain planning and optimization
Diagram:
Carakas -> Chicago <- Paris
56k ^^ ^^ ^^ 56k
| | |
Seattle T1----- T1 -------T1 Atlanta
Dallas
Primary: Minimise logon validation traffic.
Primary: Carakas and Paris need Chicago resources.
Primary: Chicago Needs Carakas, Paris, Seattle, Dallas and Atlanta's
resources.
Secondary: Resource Administration is Decentralized.
Secondary: User administration is centralized.
Domain planning and optimization
Diagram:
London -> Mexico
Member server PDC, Wins, DHCP
Primary: Increase Londons network performance.
Secondary: Reduce wins traffic
Secondary: Reduce DHCP Traffic.
Secondary: Reduce replication traffic.
Secondary: Reduce logon Validation traffic.
Questions List:
These are brief descriptions of the questions that I encountered.
Some are represented above, most were asked once.
Printer pool Configuration.
Ras Setup and configuration.
DHCP Configuration.
System Policy.
Domain Models (quite a few).
Fault Tolerance.
Wins & DNS implementation.
Network monitor filters.
Performance Monitor & monitoring multiple processors.
PDC Load reduction.
Print Manager. Pausing & resuming service & restarting a document.
RAS & Hardware based security hosts.
Virtual servers and IP addressing with IIS. (only one but it threw me
off) System Policy.
I know this is kinda sketchy, but you can see what I'm looking at on the test. On the scenario questions I jot down the primary and secondary goals cause they get scrolled off the page when looking at the proposed solutions, and I check off the goals that are fulfilled as I go... I count
em up and then answer the questions.
On the domain model questions I plot out the domains, resources etc. This helps me visualize the question as I go so I do not have to re-read it over to get it straight.
Thanks to this list and New Riders text passed 70-68 this morning with 941/1000, so here goes the Dump!
Studied above resources exclusively , be sure to cover 70-67 topics such as Fault Tolerance, how to recover from disk failures, and how to recover from boot failures.
I was prepared for the worst on domain trust questions and was not let down. At least 15-20 convoluted questions in this area , but all followed the same pattern!!! Very Important , know the Moft model and use it repeatedly: Users in to Global Groups, Global Groups into Local Groups and permissions tied to Local Groups. I used the same technique on all non-trivial questions, i.e. Diagram Domain structure w/ proper trust relationships, look to disqualify as many answers as possible, ( Old SAT technique ), and then look for differances among remaining possibilities. This sounds time consuming, and everyone who posted about time management was right;however, after acouple of iterations the answers started to jump out and the questions
all began to fit a pattern.
4 sets of questions involving 1 scenario with 2 questions. Remember that once you map these long ones out the second is almost free.
All together this test was tough but not tricky, I didn't get the focused question on registry hacks and only 1 Netware question. A few RAS questions,and rights questions were all related to trusts.
Okay, I passed Server 4 Enterprise (sorry, I don't use test
numbers...they annoy me) with 823 (784 required to pass). Felt better
about this test than my '95 test and my Server 4 test (Net Essentials
was my best test, but then again I used to teach a similar class for
Novell wannabees) When
Impressions:
A little easier than Transcender. All questions but one with multiple
answers told you how many answers you need to give (much like Win 95,
but unlike Server 4 if I remember correctly).
Whereas Transcender will try to nail you on the specific steps for using
the Recovery Disk
(i.e. Boot from ERD, or boot from Setup disks, or boot from DOS disk)
the Microsoft test gives vague answers
(Perform recovery steps, Restore from backup, Reinstall the whole
shebang)
One question on building a BDC while not connected to the network
(You can't)
One question on building a member server while not connected (don't do
it as a PDC or BDC and downgrade it...you can't)
Two questions on reducing logon validation traffic over a WAN for a
Single Master Domain. One solution was D (doesn't satisfy any
requirements) because it didn't involve putting a BDC from the Master at
each location. The other answer satisfied all requirements.
Only one question on Network Monitor filters, and it was very general
(the answer didn't involve the SERVER<->USER or -> or == type
symbols...simple question even if you've never run Network Monitor
before)
One question on 2 drive failures in a stripe with parity (Replace both
drives, restore from backup)
One question on 1 drive failure in a stripe (Replace drive, restore from
backup)
One question on printing priorities (three groups need to pring, ACCT
prints large documents and should be last priority, SALES should be
lower priority than MANAGERS. Two printers in the pool.
Assign MANAGERS priority of 99 (remember, high number=high priority)
Sales priority of 50, ACCT priority of 1. Acct spool after last page,
others after first page. The solution was shown in chart format, and it
satisfied all requirements.
One question where installing RIP was the answer.
More stuff...my memory is fading fast.
No questions about registry keys
No questions about IIS security
No questions about Macintosh or Netware connectivity.
Things to remember:
User in DOMAINA needs access to stuff in DOMAINB
Put User in a GLOBAL group in A, put the GLOBAL group(whatever it's
called) from A into a LOCAL group in B
If you don't put a BDC from the Master Domain at each remote site, you
don't reduce login validations across the WAN.
Stripe sets with parity require 3 or more disks.
You can't boot from the Emergency Repair Disk. You boot from the Setup
disks (make them from another system with WINNT.EXE if you have to)
holy cow, my short-term memory is fried...lessee...
One question on the definition of DHCP (What will it do for you? Route
packets? Assign IPs? Convert IP names to MAC addresses?) Assign IPs
of course...
No questions dealing with ARP. Many dealing with CRAP ;)
Learn what you can/can't do with OWNER/CREATOR for printers and how
changing these rights affects others.
A ton of questions on trusts and domain models.
I would strongly recommend marking all questions that you're unsure of
and go back to them. I would also recommend reviewing ALL questions.
When I was done answering questions, I had marked 11 that I was not 100%
sure about (which, ironically, seems to be the max number you can miss
and still pass this test). I went back and double checked those, and
when I was done double checking my marked messages I had narrowed it
down to 4 that I wasn't 100% sure about. And yet I missed 9. I rushed
the test (45 minutes to answer questions, 10 minutes going over marked
questions) and didn't verify all answers. I think if you're not careful
you can get yourself into trouble.
* If you have a server that is hosting multiple domain names, how do you use WINS, IIS, and DNS to resolve the name to an
IP.
* YOU MUST KNOW TRUSTS .. you will not pass without a FIRM knowledge of trusts. But keep in mind, it takes more
than trusts to pass the test, but without 'em you haven't got a chance. The item that helped me the most was the following.
HARDWARE -------> PEOPLE
I created a diagram of two trusts, one named "HARDWARE" and one named "PEOPLE". I then pointed the arrow at the
people and wrote the following sentence below the trust. "The HARDWARE trusts the PEOPLE". I wrote this on my first
blank page once the exam began. This one picture made life so much easier. I no longer had to think about the trust interaction.
I just referenced my diagram, and applied it to my current problem.
* Remember that a local group cannot span trusts, they want you to fall for that one on most every question.
* There were a few questions on domain planning Investigate how you would plan for a large company that spanned 5+ major
cities, where everyone needed access to all domains.
* How about the problem of having one Domain span all 5 (or 6) cities. Some cities are connected via a fast connection (T1)
other cities are connected via a slow connection (56K). How would you place BDC's so that the authentication at any city was
reasonable.
* I didn't see much on subnetting .. maybe one or two questions on TCP/IP.
* a few on netware migration (not a whole bunch). Don't spend much time here.
* If you have two domains, a user in one domain and resources in the other domain. What should you do to allow the user to
connect to the resource in the other domain.
* Know how file permissions and share permissions interact to allow a user to use resources on a share.
* Know how to recover from a RAID failure.
* What do you do if you don't have an emergency repair disk. And of course the machine has crashed.
* What do you do if you don't have the three installation boot disks. And of course the machine has crashed.
* How to support multiple domain names under IIS, How to configure IIS to allow multiple names, and how do you create the
multiple root locations.
* Some performance tuning stuff.
1. How does RAID5 affect read/write performance and processor?
2. Know how to set filters to isolate IP addressing in Net Monitor
3. Study how the guest account affects users in domains and trust relationships.
4. How would you ensure that only authorized group users will be able to use RAS connections, and what kind of security
measureas are available.
5. How do multiple group memberships affect profiles based upon groups?
6. Important... To change domain membership, Windows NT has to be re-installed on DC's.
7. A - Accounts G - Go into Global Groups L - Which get assigned to Local Groups P - Which get assigned permissions
8. How would you install a member server and move it to a different domain without re-installing NT?
9. Remember that Local Groups can contain Global Groups, Trusted users and Local Users
1) One IIS question involving hosting multiple sites
2) One memory dump question
3) About 6 questions on System Policies
4) A few on recovering from various hard disk failures
5) A lot on resource access in a multiple domain environment. For example, Joe Shmo is in this group in this domain, and he
needs access to a file in this other domain.
6) One or two RAS questions
7) Like one NetWare question
8) NOTHING on the Macintosh
9) A question or twon on DHCP and WINS
- What is must be installed at Windows Nt 4.0 Server if Netware Client will access resource on it. - What are the tools for
blue screen diagnostic? Dumpexam? - Understand about the functions of Network Monitor and Performance Monitor. - How
to use filter in Network Monitor. - What objects should we suspect in File and Print Server or in Application Server. - What is
the function of Server properties, for example if we install Microsoft Access in Server we should select "Maximize Throughput
for File Server". - Member Server cannot be changed to BDC. And a PDC cannot to be a BDC for another PDC. - Two
situation questions about disk fault tolerant. - Fastest possible read and write access to the data you shoud use a stripe set with
parity - One situation questions about Printer (equal to Print Queue at Novell) and Printer Pool. - About Browser, for example
how to set MaintainServerList registry for a situation, When it is necessary to stop netlogon service. - Two or three situation
questions about how to effectively configures BDCs and replication governor registry and other registry's parameters at slow
WAN link environments. - Undertand Single Domain, Single Master Domain, and Multiple Master Domain how to choose the
Domain Models for a given situations - Understand the functions of DHCP, WINS and DNS. Do WINS and DNS resolve
the NetBIOS or host name of a remote Windows NT Server to an IP address? - Understand about System Policy. If there
are two groups given system policy how you can make sure the members of the groups should have the appropriate system
policy (not conflict!) - Understand about effective permission if you plan to use NTFS permission and share permission for a
directory. The precende of permission, No Access and other permissions. - And the important things, should have good
understanding about trusts relationships for various situations, there were many situation questions with exhibit for picture of
scheme.
* Know backup in all aspects: backing up across domains with various clients, different levels of permission, etc. I think I had
5 questions that dealt with this, and they were constructed in very confusing ways.
* Know printing: specific GUI screens for permissions & management, sharing, access across trusts
* Be very careful on every question dealing with Trusts. Some seem easy, but they are tricky. Know which way the trusts are
going before you assume you know the answer.
Registry parameter for not being seen on the browser.
Answer: Mantainlist=NO
Backing up the PDC, Member Server, and NT Workstation.
Create a Global group on the PDC and place the group on the local backup operators group
on the Member Server and Nt Workstation.
What do you need for a NetWare client to access a SQL on the NT Server?
Only IPX/SPX is necessary
Memory optimization for a computer used as a file and print sharing server used for Access.
Maximized use for file sharing
Lots of Trust relationship questions. Trusting and Trusted.
File and Share permissions. Take the least restrictive of the two and from the two least restrictive permissions
take the most restrictive.
Performance monitor question. What will you replace?
Log-- processor=80.21, Pages/per second 101.00, xxxxxx, xxxxxx
memory or processor
One huge senario on printing...Marketing, Sales, and Accounting. Marketing takes presedence and Accounting prints
large document. 2 Printers in a printer pool. How do you set priorities.
Remember that monitoring partitions use Logical Disk.
Network Monitor question on filtering TCP/IP. ==DHCP
Disk Administration question. You have five disks and The first disk has the system and boot partition. The four disks
has the stripe set with parity. 2 disks on the stripe set fails. What do you do??
Event viewer Pictures. What is causing the stop errors?? NE2000 NIC CARD
One question on policy editor, You are part of few global groups, adjust the priority.
How are profiles set?? In User Manager for domains, specify the the profiles on: PDC, on each Server, On the BDC??
Netlogon directory or User directory???