Welcome to Certifiable, your exam prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams. Following the questions, you'll find the correct answers and explanatory text. We change the questions biweekly.

I have to concede that I was overly optimistic about what I could do in a holiday-shortened week. I didn't have time to write the questions that every network administration job applicant ought to be able to answer, so those questions will have to wait until the next issue. As an alternative, the questions in this issue cover some of the topics for Exam 70-216: Implementing and Administering Microsoft Windows 2000 Network Infrastructure that I haven't covered in the past few months.

One thing I noticed about Exam 70-216 is that many of the topics it covers aren't areas in which most administrators have a lot of experience. For example, you'll probably never use all the RRAS features, yet the exam measures whether you know how to set it up to do routing, dial-up remote access, VPNs, secure data streams, and IP multicasting, just to name a few. This thoroughness means that you need to find a way to gain experience with the features you don't use daily.

For this issue, I tried to find questions that go "off the beaten path." Exam 70-216 covers a broad range of topics, and you'll find it worth your while to spend some time studying every topic. Good luck!

Questions (December 1, 2000)
Answers (December 1, 2000)

Questions (December 1, 2000)

Question 1
Data encryption is available in Windows 2000 remote access only if the authentication protocol in use is one of two of the listed protocols. Which protocols support data encryption? (Choose 2.)

  1. Remote Authentication Dial-In User Service (RADIUS)
  2. Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
  3. BAP
  4. EAP Transparent LAN Service (TLS)
  5. MD5-CHAP

Question 2
Which settings must be the same on an IPX/SPX network for devices to communicate? (Choose 2.)

  1. Frame type
  2. Network number
  3. Internal network number
  4. IPX retry count

Question 3
As the administrator for XYZ, Inc., you are configuring WINS replication between your main office and nine branch offices (20 clients each). The connectivity between the main office and the branches is only 56Kbps. How will you configure replication to minimize traffic across the WAN links?

  1. Configure the WINS server at the main office as a push partner and configure all the branch WINS servers as pull partners, setting the number of changes before replication to 10 on the main branch WINS server.
  2. Configure the WINS servers at the main office and the branch offices as push/pull partners, setting the number of changes before replication on each to 10.
  3. Configure the WINS server at the main office as a pull partner and configure all the branch WINS servers as push partners, setting the number of changes before replication to 0 on the branch office WINS servers.
  4. Configure only the main office WINS server as a push partner, leaving the branch office WINS servers not set as partners, and set the number of changes before replication to 100.

Answers (December 1, 2000)

Answer to Question 1
The correct answers are B—MS-CHAP and D—EAP TLS. Data encryption for remote Win2K users is accomplished through the use of two protocols: Microsoft Point-to-Point Encryption (MPPE) and IP Security (IPSec). MPPE encrypts data between a PPTP connection and a VPN server, providing for both standard (40-bit) and strong (128-bit) schemes. IPSec is a new standard for securing IP networks, and in Win2K includes an IPSec driver and IPSec policies that define the characteristics of the remote connection. Data encryption is available only for users connecting with MS-CHAP or EAP TLS as the authentication protocol.

Answer to Question 2
The correct answers are A—Frame type and B--Network number. NWLink, which implements the IPX/SPX protocol in Windows, automatically binds to the network adapter with a default frame type of 802.2. If the NetWare server requires a frame type of 802.3, you must manually create the frame type setting. Addressing in IPX/SPX consists of three components: node number, which uses the 12-digit MAC address of the network card; network number, a logical 8-digit hexadecimal number that all devices must have in common and that the administrator assigns (similar to an IP subnet number); and internal network number, an 8-digit hexadecimal number assigned to the NetWare host to uniquely identify it on the network. For IPX devices to connect, they must be on the same IPX network (IPX network number), and they must be bound to the same frame type.

Answer to Question 3
The correct answer is A—Configure the WINS server at the main office as a push partner and configure all the branch WINS servers as pull partners, setting the number of changes before replication to 10 on the main branch WINS server.

Answer A offers the best opportunity to minimize the impact of replication on the WAN links. Configuring the main WINS server as a push partner and specifying 10 changes in its database ensures that it won't attempt to replicate until 10 changes have occurred. Also, the branch WINS servers will be configured as pull partners and their settings will specify that they request updates only during off hours. The pull partners will request updates at specific, configurable intervals, which is recommended for WINS servers connected with slow WAN links. Push partners send their updates based upon a number of changes (also configurable), which ensures a higher level of consistency, but uses more bandwidth. Push/pull partner is the default configuration for WINS, and allows for using both scheduling and number of updates as settings for updates. In a push/pull configuration, updates are sent whenever either setting is reached. Finally, WINS replication only occurs between two WINS servers when both are configured for replication, and one is a push while the other is a pull partner.