You can’t become a Windows 2000 MCSE without passing Microsoft’s 70-216 exam, “Implementing and Administering a Windows 2000 Network Infrastructure.” The 70-216 exam is a core MCSE requirement. Candidates are given 140 minutes to complete the test. As of this writing, the network infrastructure administration exam is a form-based test consisting of 55 questions.
Core strategy: Win2K vs. Windows .NET
Later this year, Microsoft will release a Windows .NET Server version of this exam (70-276). However, it’s likely that the Windows 2000 version will enjoy more popularity until .NET adoption picks up steam in 2003.
Don’t confuse the network infrastructure administration test with Microsoft exam 70-221, “Designing a Microsoft Windows 2000 Network Infrastructure,” which uses a case study question format and focuses on network design.
Upon reviewing the network infrastructure administration exam’s objectives, you’ll immediately notice its real-world focus. You shouldn’t attempt this test until you’ve had time to deploy, administer, and troubleshoot on a test system the following 12 Windows 2000 features and services:
- Internet Connection Sharing (ICS)
- Network Address Translation (NAT)
- Remote Access Service (RAS)
- IP routing
- Certificate services
Protocols and routing
TCP/IP, NWLink, and IPSec are all covered. You must master the installation and configuration of these items to pass. Start by brushing up on your TCP/IP subnetting and supernetting skills. You’ll need to be able to determine proper TCP/IP addressing in an enterprise environment. Make sure that you know the difference between Classless Inter-Domain Routing (CIDR) and Variable Length Subnet Mask (VLSM) addressing, too.
Know how to install and configure NWLink. Study NWLink’s internal network number and frame type requirements so that these items don’t trip you up on the test. Familiarize yourself with Gateway Services for NetWare (GSNW). Remember that GSNW is configured from the Control Panel in Windows 2000 Server.
IPSec is an important new feature in Windows 2000, and you’re sure to be tested on it. Know how to create IPSec policies and how they’re administered using the IP Security Policy Management MMC snap-in. Don’t forget that IPSec policies must be created in order to use IPSec.
Know that IPSec functions in transport mode when used with Microsoft’s Routing and Remote Access service, L2TP implementation, and default settings. Tunnel mode should be used when IPSec works with routers and gateways that do not support the IETF’s pure implementation of IPSec/L2TP or routers and gateways that can’t pass PPTP VPN traffic. Know how to monitor IPSec activity using the IP Security Monitor.
DHCP plays a critical role distributing IP addresses to clients. When studying DHCP, pay particular attention to the four phases of DHCP client configuration. Know how to install DHCP using the Windows Components Wizard, found under Add/Remove Programs in the Control Panel. You can also install DHCP using the Configure Your Server utility.
Don’t forget the following DHCP facts:
- A DHCP server cannot be a DHCP client; a DHCP server must possess a static IP address, subnet mask, and default gateway.
- DHCP is configured using the DHCP MMC snap-in.
- DHCP is administered using scopes.
DHCP relay agents are required to pass DHCP packets and BOOTP messages between subnets. Study how DHCP servers are authorized and how to prevent unauthorized DHCP servers from operating on a network. Learn how DHCP scopes are used and configured. Know how to use DHCP with Dynamic DNS to automate updates on the DHCP server.
Study how DHCP integrates with Active Directory and finish your DHCP preparation by knowing how to troubleshoot the following common problems:
- DHCP relay agents don’t work properly.
- DCHP reports lease expirations incorrectly.
- New scope address leases aren’t issued.
Routing and Remote Access Service (RRAS)
Be sure you can set up VPN and RRAS connections in your sleep, both inbound and outbound. Know the differences between Serial Line Interface Protocol (SLIP) and Point-to-Point Protocol (PPP). Remember that PPP supports error correction and the use of authentication protocols, while SLIP does not.
Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), and IP Security Protocol (IPSec) are the protocols that Windows 2000 RRAS servers use to create secure VPN connections. L2TP and IPSec work together, as L2TP doesn’t encrypt data. Keep an eye out for questions on the exam that might list one but not the other.
Remember that RRAS, of which VPN is a feature, is installed by default but not automatically enabled. You must activate it by using the Routing And Remote Access console (found under Administrative Tools), where you should right-click the server you want to use and then select Configure And Enable Routing And Remote Access.
Study how multilink connections are created, how remote access policies are configured and applied, and the role remote access profiles play. Keep them straight in your head by remembering that policies dictate whether a connection is authenticated, while profiles determine how a connection is managed once a connection is created.
Don’t forget that without a remote access policy, no remote users can connect.
ICS and NAT are important features of RRAS, too. ICS should only be used in smaller networks. Its purpose is to allow a single Internet connection to be shared by multiple systems. NAT jumps in by translating addresses on the private network and ensuring that requests for information from the WAN link (or Internet) are returned to the appropriate machine on the private network.
Know how to install and configure ICS and NAT. Keep in mind that you may be looking at an ICS issue if the IP addresses in question are in the 192.168.0.1 to 192.168.0.255 range—that’s the default for ICS.
Routing is another important function fulfilled by RRAS. Windows 2000’s RRAS supports three routing methods:
- Demand dial
Know the traits of all three. Also be sure that you understand the proper use and application of the following:
- Address Resolution Protocol (ARP)
- Internet Control Message Protocol (ICMP)
- Routing Information Protocol (RIP)
- Open Shortest Path First (OSPF) Protocol
Experiment with demand-dial routing on a test network before sitting for this exam. Microsoft is sure to test your ability to assign ports, configure static routes, apply security settings, and monitor demand-dial routing traffic.
Name resolution services
DNS and WINS are critical name resolution services that all IT professionals must master. It should come as no surprise that you’ll be tested heavily on these two items on the network infrastructure administration test. Master the installation, configuration, and troubleshooting processes for both.
When studying DNS and WINS, keep these facts in mind:
- WINS is designed to replace static LMHOSTS files.
- DNS is designed to replace static HOSTS files.
- NETBIOS names are registered on a temporary basis with WINS.
- DNS is administered using zones.
- DNS and WINS are configured using their own MMC snap-ins.
Know how to monitor DNS server performance. Two critical items to watch are the number of queries and the number of responses the server processes. Others include memory usage and zone transfer counters.
Security’s only going to become more important. On this exam and in the real world, you’ll definitely need to understand certificate services and Encrypting File System (EFS).
Don’t think of certificates as documents or even keys. Instead, think of certificates as folders that hold important security information enabling the user to secure e-mail communications and Web sessions.
The items kept in a certificate use two keys to create secure transmissions and verify that the user is indeed who he or she claims to be. One of these keys is public, the other is private. The public key is issued by a Certificate Authority. The private key lives with the user.
Know how to install a Certificate Authority using the Certificate Services feature in Control Panel’s Add/Remove Programs applet, as well as how to administer, issue, and revoke certificates.
Another feature that adds security in Windows 2000 is the EFS, which allows data to be encrypted on a hard disk. You should know how to remove the EFS recovery key from a system, as well as how to import EFS recovery keys. Remember that the recovery agent should be used only when a user is unable to decrypt a file they want to access and have permission to access.
In my opinion, the Windows 2000 network infrastructure administration exam is one of the best that network administrators can have on their resume. The exam tests real-world knowledge of critical networking fundamentals that any net admins worth their salt should master. While these tips alone won’t get you through the network infrastructure administration exam, they should help you hone in on those topics you need to master to successfully pass it.