Sunteți pe pagina 1din 9

***WINDOWS***

- Boot Process of Windows. 2003 performs Power On Self-Test (POST) loads MBR from the boot device specified/selected by the BIOS reads the root directory of the system volume at loads NTLDR NTLDR: reads BOOT.INI from the system volume to determine the boot drive. then it loads NTOSKRNL.EXE, HAL.DLL, After that Ntoskrnl.exe takes over and starts winlogon.exe which starts lsass.exe this is the program that display the welcome screen 2008 The CMOS loads the BIOS and then runs POST [Power on Self-Test] It Looks for the MBR on the bootable device from MBR the boot sector is located and the BOOTMGR is loaded BOOTMGR reads the BCD file boot directory on the active partition - BCD (boot configuration database) BOOTMGR transfer control to the Windows Loader Winloader loads drivers and then transfers the control to the windows kernel. - What is the Tool required to Read the Memory DUMP. Dump Check Utility (Dumpchk.exe) Windows Debugger (WinDbg.exe) tool or the Kernel Debugger (KD.exe) tool - What are LM Host and Host File? What are the difference between them.? The Lmhosts file is a local text file that maps Internet Protocol (IP) addresses to NetBIOS names of remote servers with which you want to communicate over the TCP/IP protocol. The primary use today for an LMHosts file, is for name resolution over a VPN. If DNS is configured on the host and client machines there should be no need of static text files for resolving names, but it does work well, and many folks uses them as a dependable simple solution. The LMHOSTS (LAN Manager Hosts) file is used to enable Domain Name Resolution under Windows when other methods, such as WINS, fail. It is used in conjunction with workgroups and domains. If you are looking for a simple, general mechanism for the local specification of IP addresses for specific hostnames (server names), use the HOSTS file, not the LMHOSTS file. The file, if it exists, is read as the LMHOSTS setting file. A sample file (lmhosts.sam) is provided. It contains documentation for manually configuring the file. Hosts (DNS names): The Hosts file today seems to be more used for blocking unwanted web sites. This is done by simply entering the website address and substituting the IP address with the localhost IP address. In Windows NT, the HOSTS file is for TCP/IP utilities, and the LMHOSTS file is for LAN Manager NET utilities. If you cannot PING another computer (using a friendly name), check the HOSTS file. If you cannot NET VIEW a server using only the TCP/IP protocol, check the LMHOSTS file. The HOSTS file is used when you do something with the TCP/IP utilities, such as PING, FTP, and TELNET. Location of both the files - %SystemRoot%\System32\Drivers\Etc - what is Security auditing.? Security auditing is one of the most powerful tools to help maintain the security of an enterprise. One of the key goals of security audits is to verify regulatory compliance. For example, industry standards such as Sarbanes Oxley, HIPAA, and Payment Card Industry (PCI) require enterprises to follow a strict set of rules related to data security and privacy. Security audits help establish the presence or absence of such policies, and they prove compliance or noncompliance with these standards. Additionally, security audits help detect anomalous behavior, identify and mitigate gaps in security policy, and deter irresponsible behavior by creating a record of user activity that can be used for forensic analysis. - What is IPSEC? Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the TCP/IP model. Hence, IPsec protects any application traffic across an IP network. - What is SSL? SSLor Secure Sockets Layeris a protocol used to secure web-based communications over the Internet at the application layer. It uses encryption and authentication to keep communications private between two devices, which are typically a web server and a user machine. Like IPSec, SSL also provides flexibility in allowing enterprises to define the level of security that best meets their needs. Configuration choices include: > Encryption. 40-bit or 128-bit RC4 encryption > Authentication. Username and password (such as RADIUS), username and token + pin (such as RSA SecurID), or X.509 digital certificates (such as Entrust or VeriSign) With SSL, each application is secured one at a time, unlike IPSec, which operates independent of the application. To ensure security, each application server must support user access via a web browser and support the SSL protocol. All common browsers such as Internet Explorer and Netscape include SSL support by default, but not all applications do. This requires upgrading existing systems, which can be expensive and time-consuming. To solve this, some enterprises purchase special-purpose SSL VPN gateways that are deployed at the edge of the corporate network and serve as a proxy (or go between) to LAN applications such as e-mail, file servers and other resources. We browsers connect to the SSL VPN gateway as they would to a web server. The browser thinks it is communicating directly with the application, and the application thinks it is communicating directly with the browser or client software. The SSL VPN gateway makes this transparent to each side of the connection.

To minimize cost, complexity, and maintenance, enterprises need a single VPN gateway that supports both IPSec and SSL forms of remote access. OpenReach is the first VPN provider to combine IPSec and SSL in a single VPN gateway under a unified management architecture. - Difference between IP Sec and SSL? IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite, which is approximately Layer 3 in the OSI model. Some other Internet security systems in widespread use, such as SSL, TLS and SSH, operate in the upper layers of these models. IPsec is more flexible, operating as it does at a lower level in the stack, since it can be used for protecting more traffic (ie, all those above layer 2), because applications need not be designed to use IPsec, whereas the use of TLS/SSL or other higher-layer protocols must be incorporated into the design of applications at that level. Basically IPsec is an encryption done at the lowest levels or at the network base whereas SSL is done on the higher levels or at the actual coding par - what is Hyper-v? Hyper-V in Windows Server 2008 and Windows Server 2008 R2 enables you to create a virtualized server computing environment. You can use a virtualized computing environment to improve the efficiency of your computing resources by utilizing more of your hardware resources. This is possible because you use Hyper-V to create and manage virtual machines and their resources. Each virtual machine is a virtualized computer system that operates in an isolated execution environment. This allows you to run multiple operating systems simultaneously on one physical computer. - What does Hyper-V do? Hyper-V provides software infrastructure and basic management tools that you can use to create and manage a virtualized server computing environment. This virtualized environment can be used to address a variety of business goals aimed at improving efficiency and reducing costs. For example, a virtualized server environment can help you: Reduce the costs of operating and maintaining physical servers by increasing your hardware utilization. You can reduce the amount of hardware needed to run your server workloads. Increase development and test efficiency by reducing the amount of time it takes to set up hardware and software and reproduce test environments. Improve server availability without using as many physical computers as you would need in a failover configuration that uses only physical computers. - What are the key features of Hyper-V? The key features of Hyper-V are as follows: 64-bit native hypervisor-based virtualization. Ability to run 32-bit and 64-bit virtual machines concurrently. Uniprocessor and multiprocessor virtual machines. Virtual machine snapshots, which capture the state, data, and hardware configuration of a running virtual machine. Because snapshots record system states, you can revert the virtual machine to a previous state. Large virtual machine memory support. Virtual local area network (VLAN) support. Microsoft Management Console (MMC) management snap-in. Documented Windows Management Instrumentation (WMI) interfaces for scripting and management. Hyper-V in Windows Server 2008 R2 adds the following features: -Live migration -Dynamic virtual machine storage -Enhanced processor support -Enhanced networking support - What are the different types of trust in Windows Servers? Default trusts Parent and child - By default, when a new child domain is added to an existing domain tree, a new parent and child trust is established. Authentication requests made from subordinate domains flow upward through their parent to the trusting domain. Type - Transitive Tree-root - By default, when a new domain tree is created in an existing forest, a new tree-root trust is established. Type Transitive. Other trusts External - Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust Type Nontransitive Realm - Use realm trusts to form a trust relationship between a non-Windows Kerberos realm and a Windows Server 2003 domain Type - Transitive or nontransitive Forest - Use forest trusts to share resources between forests. If a forest trust is a two-way trust, authentication requests made in either forest can reach the other forest. Type Transitive Shortcut- Use shortcut trusts to improve user logon times between two domains within a Windows Server 2003 forest. This is useful when two domains are separated by two domain trees. Type Transitive - What are Recursive and Iterative Queries? Recursive queries- In a recursive query, the queried name server is petitioned to respond with the requested data or with an error stating that data of the requested type or the domain name specified doesn't exist. The name server cannot just refer the querier to a different name server. This type of query is typically done by a DNS client (a resolver) to a DNS server. Also, if a DNS server is configured to use a forwarder, the request from this DNS server to its forwarder will be a recursive query. Iterative queries - In an iterative query, the queried name server gives the best answer it currently has back to the querier. This type of query is typically done by a DNS server to other DNS servers after it has received a recursive query from a resolver.

- What is Server Message Block (SMB). What are the Versions of SMB.? Server Message Block (SMB), also known as Common Internet File System (CIFS} The Server Message Block Protocol (SMB protocol) provides a method for client applications in a computer to read and write to files on and to request services from server programs in a computer network. The SMB protocol can be used over the Internet on top of its TCP/IP protocol or on top of other network protocols such as Internetwork Packet Exchange and NetBEUI. Using the SMB protocol, an application (or the user of an application) can access files at a remote server as well as other resources, including printers, mailslots, and named pipes. Thus, a client application can read, create, and update files on the remote server. It can also communicate with any server program that is set up to receive an SMB client request. There are several different versions of SMB used by Windows operating systems: SMB 1.0 (or SMB1) The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2 SMB 2.0 (or SMB2) The version used in Windows Vista (SP1 or later) and Windows Server 2008 SMB 2.1 (or SMB2.1) The version used in Windows 7 and Windows Server 2008 R2 [LATEST] SMB 3.0 (or SMB3) The version used in Windows 8 and Windows Server 2012 - Whats the number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though, that its the Administrator account, not any account thats part of the Administrators group. - What Intrasite and Intersite Replication ? Intrasite is the replication with in the same site & intersite the replication between sites. - What is Garbage collection ? Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours. - What System State data contains? Contains Startup files, Registry Com + Registration Database Memory Page file System files AD information Cluster Service information SYSVOL Folder - What is server hardening? Server Hardening is the process of enhancing server security through a variety of means resulting in a much more secure server operating environment which is due to the advanced security measures that are put in place during the server hardening process. > Install all Service Packs/Hotfixes, etc. > Disable all unnecessary services/devices/accounts > Enable appropriate password settings (esp. Service Accounts!) > Enable appropriate logging/auditing > User Rights (Beware the Everyone Group!) > Enable extra security settings (e.g. Warning Banners) > Tighten NTFS/Registry permissions > Implement Time Synchronization - Tools for Server Hardening. 1. Netstat (Netstat.exe) is a command-line tool that displays TCP/IP protocol statistics and active connections to and from your computer. Netstat can also display the number of bytes sent and received, as well as network packets dropped (if any). The tool is useful if you want to quickly verify that your computer can send and receive information over the network. It can also be used to identify all ports and their state on a computer. 2. Portqry- This command-line tool reports the status of TCP and UDP ports on a target computer. You use it to troubleshoot TCP/IP connectivity issues. It provides an additional level of detail on port status not provided by other port scanning tools. You can use PortQry to query a single port, an ordered list of ports, or a sequential range of ports. - Server hardening tips & tricks: - Use Data Encryption for your Communications - Avoid using insecure protocols that send your information or passwords in plain text. - Minimize unnecessary software on your servers. - Keep your operating system up to date, especially security patches. - Using security extensions is a plus. - User Accounts should have very strong passwords - Change passwords on a regular basis and do not reuse them - Lock accounts after too many login failures. Often these login failures are illegitimate attempts to gain access to your system. - Change the port from default to a non standard one - Hide BIND DNS Sever Version and Apache version - Minimize open network ports to be only what is needed for your specific circumstances. - Consider also using a hardware firewall - Separate partitions in ways that make your system more secure. - Limit user accounts to accessing only what they need. Increased access should only be on an as-needed basis. - Maintain proper backups - Don't forget about physical server security

- Always monitor the server with Monitoring tool like, SCOM or Nagios. - Set Appropriate ACLs on All Necessary File Shares - Remove All Unnecessary File Shares - What are boot volume and system volume? Boot volume: The volume that contains the Windows operating system and its support files. The boot volume can be, but does not have to be, the same as the system volume. System volume: The volume that contains the hardware-specific files that you must have to load Windows. The system volume can be, but does not have to be, the same as the boot volume. The Boot.ini, Ntdetect.com, and Ntbootdd.sys files are examples of files that are located on the system volume. - What is the smallest size of memory dump file? 64 kb - What is paged pool and non-paged pool memory? When a machine boots up, the Memory Manager creates two dynamically sized memory pools that kernel-mode components use to allocate system memory. These two pools are known as the Paged Pool and Non Paged Pool. Each of these pools start at an initial size that is based upon the amount of physical memory present in the system. Pool memory is a subset of available memory. The first difference is that Paged Pool is exactly what its name implies - it can be paged out. The Non Paged Pool cannot be paged out. Drivers use the Non Paged Pool for many of their requirements because they can be accessed at any Interrupt Request Level (IRQL). The non-paged pool is memory which always resides in physical memory it is never paged out. It is used by the kernel and also by device drivers installed on a system to store data which might be accessed in situations when page faults are not allowed. The amount of memory allocated to the non paged pool varies, and is determined as a function of operating system, processor architecture, and physical memory size.

***DNS***
What is the difference between 2003 dns server 2008 dns server? There are four major differences between 2003 or 2008 dns server. - Background zone loading: DNS servers that host large DNS zones that are stored in Active Directory Domain Services (AD DS) are able to respond to client queries more quickly when they restart because zone data is now loaded in the background. - IP version 6 (IPv6) support: The DNS Server service now fully supports the longer addresses of the IPv6 specification. - Support for read-only domain controllers (RODCs): The DNS Server role in Windows Server 2008 provides primary read-only zones on RODCs. - Global single names: The GlobalNames zone provides single-label name resolution for large enterprise networks that do not deploy Windows Internet Name Service (WINS). - The GlobalNames zone is useful when using DNS name suffixes to provide single-label name resolution is not practical. - Conditional Forwarding - In standard DNS forwarding, you configure the DNS server so that if someone queries it about something it can't answer, the server won't search the Internet for the answer. Instead, the DNS server asks another DNS server to find the answer. This notion of one DNS server asking another to do its searching is called forwarding. With conditional forwarding, you configure the DNS server so that if someone queries it about a particular domain and it doesn't have the answer, it asks another DNS server (its forwarder) to find the answer. Where standard forwarding is a broad-spectrum instruction to pose unanswered questions about any domain to a particular DNS server, conditional forwarding says to refer to the forwarder only questions about a particular domain. This eliminates the single point of failure of having a domain forward to a single DNS server for resolution and can help distribute name resolution in your organization. - Location of cache.dns file? The content of DNS console root hints (tab) does not match the content of C:\Windows\System32\DNS\CACHE.DNS - What happens when Cache.dns file is missing or corrupted?/what happenns when root hints specified in Active Directory have been deleted, modified, incorrectly entered, or damaged.? The DNS server is unable to resolve names for which it is not authoritative. There are no servers listed on the DNS server Root Hints tab.The servers listed on the Root Hints tab do not match the Cache.dns file in the %systemroot%\system32\dns folder. When you replace the Cache.dns file in the %systemroot%\system32\dns folder, it does not update the root hints listed in the DNS Manager. - How to resolve this issue? 1. Stop the DNS service from command prompt - net stop dns 2. Then type copy %systemroot%\system32\dns\samples\cache.dns %systemroot%\system32\dns, and then press ENTER. and then y for yes. 3. Start the Active Directory Users and Computers MMC snap-in. Click Advanced Features on the View menu. Expand the System folder, expand MicrosoftDNS, right-click RootDNSServers, and then click Delete. Press Yes. 4. Start the DNS service. 5. Start the DNS MMC snap-in, and then verify that the root servers appear on the Root Hints tab in the server properties. 6. Start the Active Directory Users and Computers MMC snap-in, and then verify that the RootDNSServers container has been recreated and contains the root servers that were listed in the DNS Manager. If multiple domain controllers exist that are running DNS, the new root hints are automatically be replicated. - Open Systems Interconnection (OSI) model - Please do not touch steve pet agligator Layer 1: physical layer Layer 2: data link layer Layer 3: network layer Layer 4: transport layer Layer 5: session layer Layer 6: presentation layer Layer 7: application layer - What is Netlogon.dns - After running DCPROMO, A text file containing the appropriate DNS resource records for the domain controller is created. The file called

Netlogon.dns is created in the %systemroot%\System32\config folder and contains all the records needed to register the resource records of the domain controller. - What does APIPA? APIPA allocates IP addresses in the private range 169.254.0.1 to 169.254.255.254. You can use if intranet/internet not in use also. Its a Private IP provided by APIPA - What are the types of SRV records? MSDCS:Contains DCs information. TCP:Contains Global Catalog, Kerberos & LDAP information. UDP:Contains Sites information. Sites:Contains Sites information. Domain DNS Zone:Conations domain?s DNS specific information. Forest DNS zone:Contains Forest?s Specific Information. - What is a STUB zone? A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces. A stub zone consists of: The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. - Standard Secondary Zone? A secondary name server gets the data for its zones from another name server (either a primary name server or another secondary name server) for that zone across the network. The data in a Secondary zone is Read only, and updated information must come from additional zone transfers. The process of obtaining this zone information (i.e., the database file) across the network is referred to as a zone transfer. Secondary servers can provide a means to offload DNS query traffic in areas of the network where a zone is heavily queried and used. Additionally, if a primary server is down, a secondary server can provide some name resolution in the zone until the primary server is available. - SOA (Start of Authority Records) - The first resource record in any Domain Name System (DNS) Zone file should be a SOA resource record. SOA record is required first entry for all forward and reverse lookup zones. SOA Records specifying the Domain for which a DNS server is responsible. Its a host master of DNS. - NS (Name Server Records) - A Name Server records identifies a Name Server for a particular DNS Domain. - A Records (Host Records) - An address record that maps a host name to an IP. A records use the 32 bit IP version 4 format. - AAAA Records - Also an address records, AAAA records use the 128 bit format of the next generation of the IP protocol IPv6 - CName Records- A Canonical name record establishes an alias. - PTR Records - Pointer Record. Also called a reverse record. A Pointer Records associates an IP address with a host in DNS reverse-naming zone. PTR records should point to a name that can be resolved back to the IP address. A PTR record is the reverse of an A record. That is, it maps an IP address to a hostname, rather than vice versa. - SRV Records - In order for Active Directory to function properly, DNS servers must provide support for Service Location (SRV) Resource Records. SRV Resource Records map the name of a service to the name of a server offering that service. Active Directory clients and domain controllers use SRV records to determine the IP addresses of domain controllers. SRV records allows you to specify what services a server provide and what server its responsibilities. - Subnet MASK - An IP address has two components, the network address and the host address. A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>). It is called a subnet mask because it is used to identify network address of an IP address by perfoming bitwise AND operation on the netmask. A Subnet mask is a 32-bit number that masks an IP address, and divides the IP address into network address and host address. Subnet Mask is made by setting network bits to all "1"s and setting host bits to all "0"s. Within a given network, two host addresses are reserved for special purpose. The "0" address is assigned a network address and "255" is assigned to a broadcast address, and they cannot be assigned to a host. - TCP/IP - Transmission Control Protocol/Internet Protocol, is a suite of communications protocols used to interconnect network devices on the Internet. TCP/IP implements layers of protocol stacks, and each layer provides a well-defined network services to the upper layer protocol. TCP and IP are the two protocols used by TCP/IP, as well as the (higher) application, (lower) data link and (lower) physical layer protocols. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP. TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they'll be reassembled at the destination. - Tools for troubleshooting DNS? DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, Logs. - CIDR - Classless Inter Domain Routing - It was invented to keep the Internet from running out of IP Addresses. The IPv4, a 32-bit, addresses have a limit of 4,294,967,296 (232) unique IP addresses. The classful address scheme (Class A, B and C) of allocating IP addresses in 8-bit increments can be very wasteful. With classful addressing scheme, a minimum number of IP addresses allocated to an organization is 256 (Class C) With CIDR, a network of IP addresses is allocated in 1-bit increments as opposed to 8-bits in classful network. The use of a CIDR notated address can easily represent classful addresses (Class A = /8, Class B = /16, and Class C = /24). - DDNS - Dynamic DNS a method of keeping a domain name linked to a changing IP address as not all computers use static IP addresses. Typically, when a user connects to the Internet, the user's ISP assigns an unused IP address from a pool of IP addresses, and this address is used only for the duration of that specific connection. This method of

dynamically assigning addresses extends the usable pool of available IP addresses. A dynamic DNS service provider uses a special program that runs on the user's computer, contacting the DNS service each time the IP address provided by the ISP changes and subsequently updating the DNS database to reflect the change in IP address. - Internet Control Message Protocol (ICMP) - is one of the core protocols of the Internet Protocol Suite. It is used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is assigned protocol number 1 - Whats the difference between stub zone and a conditional forwarder? Stub zones provide a way for DNS servers hosting a parent zone to maintain a current list of the authoritative DNS servers for the child zones. As authoritative DNS servers are added and removed, the list is automatically updated. Conditional forwarding, on the other hand, is used to control where a DNS server forwards queries for a specific domain. A DNS server on one network can be configured to forward queries to a DNS server on another network without having to query DNS servers on the Internet. Stub zones provide an advantage over conditional forwarding because the information in a stub zone is dynamic, whereas the list of conditional forwards must be updated by a DNS administrator.

***DHCP***
What is dhcp ? Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. - What is the DHCP process for client machine? 1. A user turns on a computer with a DHCP client. 2. The client computer sends a broadcast request (called a DISCOVER or DHCPDISCOVER), looking for a DHCP server to answer. 3. The router directs the DISCOVER packet to the correct DHCP server. 4. The server receives the DISCOVER packet. Based on availability and usage policies set on the server, the server determines an appropriate address (if any) to give to the client. The server then temporarily reserves that address for the client and sends back to the client an OFFER (or DHCPOFFER) packet, with that address information. The server also configures the client's DNS servers, WINS servers, NTP servers, and sometimes other services as well. 5. The client sends a REQUEST (or DHCPREQUEST) packet, letting the server know that it intends to use the address. 6. The server sends an ACK (or DHCPACK) packet, confirming that the client has a been given a lease on the address for a server-specified period of time. - What is DORA? DHCP Discovery: The client broadcasts on the local physical subnet to find available servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server on a different subnet. This client-implementation creates a UDP packet with the broadcast destination of 255.255.255.255 or subnet broadcast address and also requests its last-known IP address (in the example below, 192.168.1.100) although the server may ignore this optional parameter. DHCP Offers: When a DHCP server receives an IP lease request from a client, it extends an IP lease offer. This is done by reserving an IP address for the client and broadcasting a DHCPOFFER message across the network. This message contains the client's MAC address, followed by the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer. The server determines the configuration, based on the client's hardware address as specified in the CHADDR field. Here the server, 192.168.1.1, specifies the IP address in the YIADDR field. DHCP Requests: Whenever a computer comes on line, it checks to see if it currently has an IP address leased. If it does not, it requests a lease from a DHCP server. Because the client computer does not know the address of a DHCP server, it uses 0.0.0.0 as its own IP address and 255.255.255.255 as the destination address. Doing so allows the client to broadcast a DHCPDISCOVER message across the network. Such a message consists of the client computer's Media Access Control (MAC) address (the hardware address built into the network card) and its NetBIOS name. The client selects a configuration out of the DHCP "Offer" packets it has received and broadcasts it on the local subnet. Again, this client requests the 192.168.1.100 address that the server specified. In case the client has received multiple offers it specifies the server from which it has accepted the offer. DHCP Acknowledgement: When the DHCP server receives the DHCPREQUEST message from the client, it initiates the final phase of the configuration process. This acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the TCP/IP configuration process is complete. The server acknowledges the request and sends the acknowledgement to the client. The system as a whole expects the client to configure its network interface with the supplied options. - What is the difference between BOOTP and DHCP? DHCP is based on BOOTP and maintains some backward compatibility. The main difference is that BOOTP was designed for manual pre-configuration of the host information in a server database, while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts. Additionally, DHCP allows for recovery and reallocation of network addresses through a leasing mechanism. - Can DHCP support statically defined addresses? Yes. At least there is nothing in the protocol to preclude this and one expects it to be a feature of any DHCP server. This is really a server matter and the client should work either way. The RFC refers to this as manual allocation. - What is dhcp scope ? DHCP scopes are used to define ranges of addresses from which a DHCP server can assign IP addresses to clients. - Types of scopes in windows dhcp ? Normal Scope - Allows A, B and C Class IP address ranges to be specified including subnet masks, exclusions and reservations. Each normal scope defined must exist within its own subnet. Multicast Scope - Used to assign IP address ranges for Class D networks. Multicast scopes do not have subnet masks, reservation or other TCP/IP options. Multicast scope address ranges require that a Time To Live (TTL) value be specified (essentially the number of routers a packet can pass through on the way to its destination). Superscope - Essentially a collection of scopes grouped together such that they can be enabled and disabled as a single entity. - What is Authorizing DHCP Servers in Active Directory ? If a DHCP server is to operate within an Active Directory domain (and is not running on a domain controller) it must first be authorized. This can be achieved either as part of the DHCP Server role installation, or subsequently using either DHCP console or at the command prompt using the netsh tool.

If the DHCP server was not authorized during installation, invoke the DHCP console (Start -> All Programs -> Administrative Tools -> DHCP), right click on the DHCP to be authorized and select Authorize. To achieve the same result from the command prompt, enter the following command: netsh dhcp server serverID initiate auth In the above command syntax, serverID is replaced by the IP address or full UNC name of system on which the DHCP server is installed. What ports are used by DHCP and the DHCP clients ? Requests are on UDP port 68, Server replies on UDP 67 . - What is DHCP spoofing? DHCP spoofing is a type of attack on DHCP server to obtain IP addresses using spoofed DHCP messages. In the cases where the DHCP server is on a remote network, and an IP address is required to access the network, but since the DHCP server supplies the IP address, the requester is at an impasse. To supply access to the network, when the Pipeline receives a DHCP Discover packet (a request for an IP address from a PC on the network), it responds with a DHCP Offer packet containing the configured (spoofed) IP address and a renewal time, which is set to a few seconds. The requester then has access to the DHCP server and gets a real IP address. (Other variations exist in environments where the APP server utility is running.) Overview of DHCP Snooping - DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities: Validates DHCP messages received from untrusted sources and filters out invalid messages. Rate-limits DHCP traffic from trusted and untrusted sources. Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses. Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts. Other security features, such as dynamic ARP inspection (DAI), also use information stored in the DHCP snooping binding database. DHCP snooping is enabled on a per-VLAN basis. By default, the feature is inactive on all VLANs. You can enable the feature on a single VLAN or a range of VLANs. - Describe the process of installing a DHCP server in an AD infrastructure ? Open Windows Components Wizard. Under Components , scroll to and click Networking Services. Click Details . Under Subcomponents of Networking Services , click Dynamic Host Configuration Protocol (DHCP) and then click > OK . Click Next . If prompted, type the full path to the Windows Server 2003 distribution files, and then click Next. Required files are copied to your hard disk. - How to authorize a DHCP server in Active Directory? Open DHCP In the console tree, click DHCP . On the Action menu, click Manage authorized servers. . The Manage Authorized Servers dialog box appears. Click Authorize. . When prompted, type the name or IP address of the DHCP server to be authorized, and then click OK. - What is exclusion? Omitting assigning from the range selected IPs. - What is a SUPER SCOPE? Group of scopes is called as super scope. - Purpose of DHCP Relay agent? DHCP server is available on another N/W and you want another N/W to obtain IPs from the DHCP server. Then the DHCP RA can forward the request from the clients to the DHCP server to obtain IPs for the clients it acts like a mediator between clients and DHCP. - What is a DHCP lease? A DHCP lease is the amount of time that the DHCP server grants to the DHCP Client permission to use a particular IP address. A typical server allows its administrator to set the lease time. - How long should a lease be? A very relevant factor is that the client starts trying to renew the lease when it is halfway through: thus, for example, with a 4 day lease, the client which has lost access to its DHCP server has 2 days from when it first tries to renew the lease until the lease expires and the client must stop using the network. During a 2-day outage, new users cannot get new leases, but no lease will expire for any computer turned on at the time that the outage commences. Another factor is that the longer the lease the longer time it takes for client configuration changes controlled by DHCP to propogate. - How can I control which clients get leases from my server? There is no ideal answer: you have to give something up or do some extra work. You can put all your clients on a subnet of your own along with your own DHCP server. You can use manual allocation. Perhaps you can find DHCP server software that allows you to list which MAC addresses the server will accept. DHCP servers that support roaming machines may be adapted to such use. You can use the user class option assuming your clients and server support it: it will require you to configure each of your clients with a user class name. You still depend upon the other clients to respect your wishes. - Benefits of using DHCP ? DHCP provides the following benefits for administering your TCP/IP-based network: Safe and reliable configuration. DHCP avoids configuration errors caused by the need to manually type in values at each computer. Also, DHCP helps prevent address conflicts caused by a previously assigned IP address being reused to configure a new computer on the network. Reduces configuration management. Using DHCP servers can greatly decrease time spent to configuring and reconfiguring computers on your network. Servers can be configured to supply a full range of additional configuration values when assigning address leases. These values are assigned using DHCP options. Also, the DHCP lease renewal process helps assure that where client configurations need to be updated often (such as users with mobile or portable computers who change locations frequently), these changes can be made efficiently and automatically by clients communicating directly with DHCP servers.

- Describe the integration between DHCP and DNS? Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly, changing authorization rights for a particular user on a group of devices has meant visiting each one and making configuration changes. DHCP integration with DNS allows the aggregation of these tasks across devices, enabling a company's network services to scale in step with the growth of network users, devices, and policies, while reducing administrative operations and costs. This integration provides practical operational efficiencies that lower total cost of ownership. Creating a DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks required of network administrators. And integration of DNS and DHCP in the same database instance provides unmatched consistency between service and management views of IP address- centric network services data. - Can a DHCP server back up another DHCP server? You can have two or more servers handing out leases for different addresses. If each has a dynamic pool accessible to the same clients, then even if one server is down, one of those clients can lease an address from the other server. However, without communication between the two servers to share their information on current leases, when one server is down, any client with a lease from it will not be able to renew their lease with the other server. Such communication is the purpose of the "server to server protocol" It is possible that some server vendors have addressed this issue with their own proprietary server-to-server communication. Port Nos LDAP - 389/636 IMAP4 - 143/993 POP3 - 110/995 NNTP - 119 HTTP - 80 SMTP - 25/465 DNS - 53 DHCP- 67/68 GC- 3268 RDP/Terminal Server 3389 FTP - 21 Kerberos - 88 Simple Network Management Protocol [SNMP]- 161 RFC 135

MISC QUESTIONS
- When pushing software updates to all the clients on the network from a designated server, which of the following settings on the GPO needs to configured? - Specify intranet Microsoft update service location A. Audit Object Access settings B. Specify intranet Microsoft updates service location C. Specify internet Microsoft updates service location D. Automatic Update settings -Which of the following groups can always login to a server via Directory Services Restore Mode? - Administrators only A. Administrators only B. Administrators and Power Users C. Administrators, Power Users, and Backup Operators D. Power Users and Backup Operators E. Administrators and Backup Operators -Current Version of LDAP - LDAP V3 - Which of the following utilities would you use to remotely perform Windows installation via network? -Remote Installation Preparation [Riprep] A. Netprep B. Riprep C. Config D. Netconfig - Which of the following is not a hidden share on a Windows Server 2003 installation? - SYSVOL A. Admin$ B. IPC$ C. Printstor$ D. Print$ E. SYSVOL -Which of the following allows for limited cross-platform compatibility between the Windows Server 2003 and UNIX infrastructure? - Kerberos A. GPEDIT B. SAMBA C. IPCHAINS D. KEREBOS E. BASH - You wish to keep your DNS server database up-to-date and free of unnecessary records. Which of the following options will help you to maintain the DNS database as desired? - Aging and scavenging A. Tombstone B. Aging and scavenging C. DDNS D. Secure updates - You are on the SOA (Start Of Authority) tab of the DNS server DNS1 on which you wish to configure the zone transfer with another DNS server DNS2 every once in 8 hours.

Which of the following options will help you configure the DNS zone transfer between the two servers? - Refresh Interval A. Refresh Interval B. Retry Attempts C. Retry Interval D. Expiration - You have just created some DNS zones in your network. So far you just had one Primary DNS and one Secondary DNS. The replication was very smooth and trouble free. You now wish that zone transfer and updates on the network happen equally smooth after the zones have been created. What should you do? - Ensure that the zones are all Active Directory integrated A. Ensure that the zones are all Active Directory integrated B. Ensure all the DNS servers are running on the Domain controllers C. Ensure all DNS servers are running on member servers D. Avoid using zones You are required to change some setting that has been set by the previous administrator for the IPSec policies. Which of the following would you use to manage this? - IP Security Monitor Console A. IP Security Monitor Console B. Microsoft Management Console C. Network Monitor utility D. IPSec utility You are required to apply certain security update changes based on the already existing ones in your network. Which of the following would you use to analyze what exists and what needs to be applied? - Microsoft Baseline Security Analyzer A. Microsoft Baseline Security Analyzer B. IP Security Monitor Console C. Network Monitor D. Baseline setting of the relevant GPO - Your network consists of a single domain with one DNS Windows Server 2003. The DNS server hosts a standard primary zone. Users report that the response time for the network seems slow. Using Network Monitor to examine the network traffic, you find that an abnormal amount of traffic is passing between the DNS server and DNS clients. Which tool would best help you ascertain the cause of excess traffic? - System Monitor A. System Monitor B. Event Viewer C. Tracert D. Security Monitor