MMC simulation questions:

1.Create a virtual site for your company

2.Create 2 virtual FTP directories for c:\docs with read/write perms. and c:\forms with read only perms.

3.Deny Web access to all ips except 192.168.0.96 - 192.168.2.127 (ans: Know what mask will create a 32-host subnet, and what starting address to use to restrict (or permit) a range of addresses. Network ID 128.68.0.0 and use a subnet of 255.255.255.224)

4.Create a website named WWWROOT for the c:\wwwroot dir. with the IP 172.31.255.201 and one for WEBPUB for the d:\inetpub\webpub dir. with the IP 192.168.1.253.

5.Create a virtual directy for a content provider of your company. (Page 83 of Microsoft Press)

6.I had a troubleshooting question in which a virtual directory was setup to store webpage images. Users could see images stored in the home directory, but not in the virtual directory. One of the images not viewable was of the gif type

Answer: possibly MIME mapping necessary for .gif/image gif????

7.Only allow the CFO to access a particular virtual directory and deny all others access.

8.One simulation question that I thought was very sneaky - but apparently I got it right? I believe it was a virtual directory, and the objective was to change the permissions to disable "anonymous" access. However, the setup for the question stated that the physical directory for this particular virtual directory was something like c:\docs\marketing.However, when I got to the properties sheet for the virtual directory in ISM, I found that not only did the permissions need to be changed (the stated objective), but that the "home directory" value was incorrect - it read something like C:\marketing.

9.I got one that asked me to create a virtual directory for a directory on another server \\win951\temp\documents?. When you create a directory using UNC you need to enter a username and password. They didn't give me one to use, so I browsed and used the IUSER_NT5 account and left the defaults.

10.By using the MMC they want you to decrease the number of inactive connections without decreasing the number of users (ie connection) or without decreasing the timeout value? Answer: Disallow http keep alive.

11.Create two FTP sites. One called Docs and the other called Forms. The Docs site should be homed on C:\docs and allow uploads and downloads. The Forms site should be homed on C:\Forms and only allow downloads.

12.Change the number of concurent FTP connections

13.Change the directory listing mode from DOS to Unix for a default FTP site.

14.be able to assign a different port to a FTP site you create. They give you the name of the site and the directory to attach it to.

15.(this might be a trick, the ftp site does not specify a directory for the logs, but the www service does.)

16.that's all i remember for these, but there were more.

17.Create 2 virtual FTP directories for c:\docs with read/write perms. and c:\forms with read only perms.

18.Create a FTP virtual folder on the default FTP site. Only allow 10 concurrent connections to the site.

19.Enable logging on the deafult web and FTP sites, and configure it to start new logs when the file size reaches 4MB

20.Disable access to the "Something" FTP site for a specific user. His IP address is 221.34.57.1 make logging for www and ftp create new log files after 4 MB. (this might be a trick, the ftp site .does not specify a directory for the logs, but the www service does.)

22.Track Anonymous logins on the Default FTP site, and do NOT track anonymous logins on the Default Web Site. (This one stumped me).

23.In the simulation be able to deny an single IP address access to a web site while allowing everyone else access to

connect.

24.In the simulation, be able to assign a virtual FTP directory to another machine. They gave it as \\win95\public\information\. The main web site was already set up for you.

25.At least three that had to do with synchronizing a password for the anonymous user account in MMC. In each case the questions just said synchronize the new password but they don't specify if you should assign the IUSR_NT5 user as the anonymous account nam

26.One MMC sim that really got me was how to monitor anonymous logons to the FTP site using ISM. I was not sure if I had to activate the anonymous user account (IUSR_NT5) and Enable anonymous access....or if I just had to check the logging checkbox on the FT.

27.How will the password and user name be transferred between the client and the server

- Both will be encrypted

- The user name will be encrypted, the password will not

- The password will be encrypted, the user name will not

- Neither will be encrypted * * This was the answer to mine since the site was set up to allow anonymous access to everyone.

28.One was simply changing directory security so that anon acess was not allowed.

Be able to assess what is encrypted - password/username - by looking at the security settings of a web server.

29.The anonymous ID for this particular site is IUSR_NT5, set things up so that the password will be synchronized with the IUSR_NT5 account in NT.

30.Disable HTTP Keep Alives on the Default Web Service.

31.Another simulation requiring synchronizing the passwords for the Tech Support Web Site.

32.One question involved adding an ISAPI filter.

33.One question involved setting up an HTTP header.

Virtual Sites/Directories

You have two domains. Domain A and B. You are the administrator of domain a and Wins and DNS are enabled on your domain. You want to be able to access computers on domain B by using the computer name. What do you do? (Choose three)

My answer was to set up a trust, add to the local admins group and something else?

-You configure multiple sites on a IIS 4.0 server. Both sites share the same IP address, Virtual Directory and TCP port. DNS entires have been setup that point each FQDN to the same IP address. However, when users try to go to the 2nd web site they open up t

Answers resemble:

A) Configure HOSTS files on the server

B) Configure HOSTS files on the clients

C) Configure the clients to use DNS

D) Configure Site 2 to use a Host Header

My Answer: D, but I was confused by the fact that they could be using the same default document as they share the same home directory. But as this was not mentioned in the questioned I assumed it was not important.

Host headers for IP addresses, still doesn't work. Why?

Make entries in Host file.

How to index a virtual directory in the marketing domain when the server is located in the sales domain

HTMLA question and how to configure settings for MIME

- 1 question on HTMLH. How to add this so users can access (MIME...)

You want to connect to a virtual directory using friendly computer names: Choose 2, I said use WINS server for name

resolution & Configure DNS for name resolution. Other options included using multiple DHCP servers and some other DHCP

options

DNS is not enabled and you want to connect to a virtual directory "home" on Server1 with IP address w.x.y.z what do you use

at the URL address: http://w.x.y.z, http://server1/home, ftp://???, http://www.server1.com/home

FTP

Q: You change the port number of your FTP site and try to connect to it and can't why?

A: You are trying to connect with the default port number

Q: FTP server is setup with directory annotation, UNIX cmd, and some other stuff. Some users can access while some users

can't, how do you fix it.

A: ??? Directory Annotation but I had no clue :)

Q: To enable remote administration of an ftp site do you need:

IISADMIN folder on the computer

WWW service must be running

Q: You have an IIS installation which has only FTP, how can you configure the FTP site remotely?

a) enable WWW

b) allow anonymous to FTP

c) set up Winnt Challenge login

Q: You set up an FTP site and set up a virtual directory and set the listing to UNIX. Afterwards, not all users can access it.

a) assign NTFS rights

b) Set listing styles to MS-DOS

Index Server

Q:You had 50 MB of data that index server was tracking. You add 100 more and users complain it is too slow. What do you

do?

A: force Master merge (prob right) one person: redo the master index

Q:You have 3 web sites running on one IIS server. When a user uses index server to do a query, he gets data back from all of

the web sites. What do you do?

A: Use scope in the .idq file or separate catalogs for the sites.

You have 3 web sites running on one IIS server. When a user uses index server to do a query, he gets data back from all of the

web sites. What should you do?

Create a catalog for each site? (probably right) One person said create a index for each site

Q: Want to do a search of unfiltered documents:

A :Use CiForceuseCi = True in the .idq file.

Q: You have a 500MB corpus, how much free disk space does Index server require to index?

A: 200MB (40%)

Q: You install IIS on a Win95 machine and want to use Index server, what do you need to do?

A: Upgrade to NT Server

Q: What are the minimal requirements for Index server?

A: ???

Q: Index server is installed on box with 64MB ram and 64MB swap. Index server is moving slow so you increase the Index

Server cache setting and it moves even slower why?

a) Master merge forced

b) Shadow merge forced

c) More Index server cache is residing on the Swap file -> correct one

Q: You have 64MB or RAM and 64MB of virtual memory. You want to improve Index server performance, so you increase

the cache, but performance decreases, why?

A: The cache is now using virtual memory

Q: You have a server set up with three different web sites. When users issue a query, they recieve non-relevant info or

unreachable links, fix?

a) Create indexes for the three different servers

b) limit rights???

12.How can you index other domains remotely ?

using HTML manager

3. You have one IP address and two virtual servers how do you do it?

Custom HTTP header*

4. You have two virtual servers how do you do it?

a. Custom HTTP header*

b. Two IP addresses*

Q: You need to change the port of 200 web sites, what it the quickest way to do this?

A: Use the WSH

Q: You need to configure three intranet Web sites. How to segregate?

a) Host Headers

b) Three separate IPs, modify DNS

Q: You are behind a firewall and want to administer an IIS server with HTMLA, what port does the firewall have to let through.

HTMLA uses HTTP on a prot chosen randomly at installation.

RPC listener port*

HTPPS?

SSL*

You need to use HTML manager to manage a website, which firewall port must be enabled?

You want to administer an IIS server using Internet Service Manager, but it resides on the other side of a firewall. What port

must be open to allow you to manage this server?

The two plausible answers were: 1. NBT 2. RPC listener I chose the RPC port, as that's really the type of client/server

communication is being accomplished. However, I realize that virtually ALL M$ networking is accomplished with NetBIOS

over TCP/IP (ports 137-139) so I'm not sure what's correct here. (time to break out the Sniffer!)

You access a web page and you want to use Site server to download the web page and all it's links. Do you set up site server

to download by specifying url name or the physical directory???

Q: 3 Sites require Host Headers Summaries, Use Index server or Site Server?

A: ???

Q: You want to have web pages with the extension HTMH, how do you add this so users can access.

A: ???

Q: You have 2 servers (NY and Ontario), what's the easiest way to to change the IP ports on the 200 sites contained at those

locations?

a) Use Inet Server Manager to change individual ports

b) Inet Server Manager HTML to change individual ports

c) write a VB script and run it on both sites

d) write a VB script and run it on one site

- One question on WHS. (changing 200 puters IP ports or so...)

Q: Host headers for IP address should be placed ?

a)the HOSTS file on the NT servers

b)LMHOSTS file on the NT servers and clients

c)placed in the WINS (where the dns entry would go)

Q: What's contained in the METABASE (multi answer)

Ans: Just IIS stuff, not site server or index server.

a) IIS Help file location

b) Virtual dir. Security(*)

c) website home dir. Permissions(*)?

d) MMC Snap in info

e) site server toolbar settings

f) Index Server settings

g) Site Server Express settings

You have a document called *.stm which is being read as an htm document do u change the mime mapping of:

1.. text/stm mime or

2.. text/htm mime?

Q: You've configured a virtual directory called on your server called "White horse". After doing so, some people cannot access

it.

a) Assign NTFS rights to the directory

b) Change name to Whitehorse -> correct one

Q: Raul needs to change the IIS default web site on the road from his 95 laptop, how?

a) MMC

b) MMC (HTML)

Q: You set up three intranet web sites and set them to use headers. How do users find them.

a) Install modified Hosts file to the Server

b) Install modified Hosts file to all the clients

c) Install modified LMHosts file to all the clients

d) Modify the WINS server

NNTP

Q: In NNTP you want to show address as a different domain name?

A: Use Masquerade name ???

9.Can you use queries to search for content on NNTP, or do you have to connect to Microsoft NNTP Service and request a

list of available newsgroups ?

>I think u can run direct queries on NNTP but not positive so double check

Q: You setup an expiration policy on NNTP to expire articles older then 7 days and a size of 500MB. When do articles expire?

A???: When any articles in a group are older then 7 days they expire and when the size of the file exceeds 500MB the oldest

articles expire (not sure about this, may be the total size of all groups combined). Understand what the policies can apply to (my

question explicitly stated that the expire policy applied to the entire server - not a particular newsgroup) and that both criteria

apply: If the file exceeds the particular size, the oldest messages are deleted (regardless of age). As they exceed the maximum

age, the are deleted regardless of file size.

-You administer a NNTP server. How can you enable searching capabilities

Answers resemble:

A) Install and configure Index Server

B) Something

C) Instruct users to use the search features of their client newsreader

D) Nothing, newsgroups cannot be searched

My Answer: C

What does NNTP require: 5 options choose 3, NTFS, FAT, TCP/IP etc

-You currently store NNTP files in a single virtual directory on a single RAID 5 disk array. How can you improve performance

Answers resemble:

a) Break NNTP up into many virtual folders

b) Break NNTP up into many servers/many arrays

A) Create additional virtual folders on the single disk array

B) Create additional virtual folders on multiple disk arrays

C) Move the virtual folder location onto a non RAID 5 disk

D) something, something, something.

My Answer: I choose A because there is only one RAID 5 array. One person said move off raid 5 disk.

11.What is the advantage (or disadvantage) when your home directory is located on a RAID5 disk, multiple virtual directories

are created on a single RAID5 disk, or that virtual directories are located among multiple RAID5 disks ? ? ?

>when multiple virutal directories r distributed among RAID5 this will yield faster reading access to the directories

ODBC

References:

http://support.microsoft.com/support/kb/articles/q183/0/60.asp

http://support.microsoft.com/support/odbc/faq/faq3663.asp

IIS Resource Kit on pp. 259-260

For further info check the tech net under "Troubleshooting guide for 80004005"

There are always a number (tipically three) of OLE DB/ODBC <<MS OLE ERROR 48>> <<0005 OBDC driver>> error

80004005 questions. The questions are similar except the last few words that describe the error:

" Login Failed" when user attempted to access the Web site.

This can happen when the SQL Server denies access.

"Data source name not found and no default driver specified".

The message"can not find the name space.." indicates that the data source specified points to a wrong directory/file

or possibly???

Wrong or no ODBC DSN configuration.

"General Network Error"

Due to heavy use the database has been recently moved to another server......?

or possibly

I don't know, but possibly changing SQL Server form 16 bit named pipes to 32 bit TCP connection

Each question has the same answers:

A. the user has insufficient permissions to access the database.

B. the user has insufficient permissions to access RESOURCES in the database.

C. recent revisions of the database changed the connection method from named pipes to TCP/IP.

D. the database was recently moved to another server....

E. OBDC drivers not config'd

F. Incorrectly configured Data Source Name (DSN) ....

Scripting

Q: Configuring a web site for CGI and ISAPI with execute rights in the \scripts directory (where the cgi and isapi files are

placed). But cannot read the Isapi files why?

Quite a few questions on permissions assigned to ISAPI and CGI scripts directory. Know that execute permission must be

assigned to the scripts directory. Also they wanted to know why the ISAPI scripts are not working when the CGI scripts are

working after

You have a ISAPI app that is slowly taking too many resources, how can you decrease the number of threads.

add more RAM

run each app in a separate memory*

install an ISAPI filter to validate users

Q: You've grouped together all CGI scripts and ISAPI apps into the scripts folder and assign execute rights to the folder.

Afterwards, the ISAPI works and the CGI doesn't.

a)assign read rights for the folder as well ???

Q: You have a PERL script setup on one server, you move it to another

server but it does not work, what else is required?

a) Perl interpreter installed on the other server. -> correct one.

b) run FILE to convert it into a Batch file

c) Recompile script

Q: You set up a script on the server. It works for some users but not others, the directory is set up for read access.

a) set up for execute as well

b) Set NTFS read rights for users

c) Set up NTFS execute rights for users

A: ??? The choices were something to do with read on ntfs for directory, or execute rights on ntfs, or read access on directory,

or stop and restart the service???

Change the ports setting on 2000 computers divided between 2 remote locations - run the scripts on one server, run the scripts

on both servers?

A similar question where Mary has just been made a member of Managers group and her scripts are not working but Bob's are

and Mary & Bob have the exact same group settings and permissions for the relevant directories. You have an ISAPI app that

managers use (worthless.dll). a manager and was added to the managers group but it still does not work, why?

Stop/start the WWW service*

Know how to log to file and it is faster than log to SQL server.

Security

Q: John set up 3 Anonymous logins to IIS with different passwords and suddenly nobody can access the sites. They are using

NT authenticated logins.

A: The answer is that john did not change the passwords in NT to match

Q:You have an intranet and the finance area has documents located there that only they should be able to see. John is new to

the company. You add him to the finance users group yet he still cannot log in. What do you do?

A???: Give John NT permissions also

Q: If you secure the access to a web page using SSL how must you change the URL in order to access the secured page?

- https:// -> correct one.

- httpssl://

- http://

One IIS server & 2 remote locations and want secure communications between them at all times. Do you setup SSL only on

the server or configure client certifcates on one or both clients or do you use domain accounts and permissions.

There are 2 domains Sales and Marketing (no trust specified). IIS is running on Sales1 in Sales and wants to index something

on the Marketing1 server in Marketing.

Do u:

1.. make marketing1 part of sales domain

2.. Create an account on marketing1 that can be accessed from Sales

3.. Can't remember other options, but what would you do?

4. IIS on server1 of domain SALES and want to have a virtual directory on server2 of domain MARKETING.

My ans : move server2 to the part of domain SALES

Q:There are 2 domains Sales and Marketing (no trust specified). IIS is running on Sales1 in Sales and wants to index something

on the Marketing1 server in Marketing.

1) make marketing1 part of sales domain

2) Create an account on marketing1 that can be accessed from Sales

3) Can't remember other options, but what would you do?

Q: You want to exclude a range of IP addresses, choose the correct network address and subnet mask.

Q: You enable SSL on a virtual directory. A user is complaining that they can not see any files, but you can. What do you do?

A: Install an SSL capable browser on the client.

Q: You have a separate directory for each client and they are only allowed to access their own directory. What it the best

security method?

A:Client certificates.

Q: You must setup a private web site, what can you use to authenticate to it

a)Certification Server

b)Transaction Server

c)Site Server

d)Message Que Server

Q: You have a web site you want to secure so that just managers can see it. Which service should you use?

a) Certification Server -> correct one

b) Transaction Server

c) Site Server

d) Message Queue Server

Q: Becky logs onto a sensitive web site and it is set up to use Basic

Authentication. What is Encrypted?

a) Password and Data are encrypted

b) Password is encrypted, Data isn't

c) Data is encrypted, Password isn't

d) nothing is encrypted *

You want to get the most performance out of your IIS server. What is the best way to secure sensitive directories?

a) enable SSL only when required*

b) Enable SSL all the time

c) use the client certificate

d) move SSL directories to a separate PC

Q: Which options would require multiple certificates?

a) Server hosting web sites for multiple companies

b) Server has links to servers in differnt domains

When do you need multiple digital certificates: when your IIS hosts virtual servers for multiple companies or when your virtual

server is spread among many virtual directories across various locations.

Q: How to configure IIS to require Multiple security certificates?

A: ???

Q: You are on Server2 and set up a virtual directory to \\Server1\stuff. An error message 'Directory inaccessable, unable to

login' comes up after setting up.

a) User has insuffcient rights

b) Server is in a different domain

-Something like.....You setup a web site on your intranet. Clients use different browsers. When some clients try to access pages

they receive an error message like "Error 402 (I can't remember the number), Browser does not support required encryption

meth

Answers resemble:

A) SSL certificate on server is invalid

B) Site is using NT Challenge/Response authenication method

C) Browser does not support SSL

D) Something else....

My Answer: I picked B because only I.E. supports NT authenication.

13.The SQL Logon failed. Can this be due to a user not having the appropriate SQL permissions or NTFS permissions ?

>certainly proper permissions r a must (must have both NTFS and SQL permissions, and remember that the most resrtrictive

applies)

Know that another type of authentication is to use client certificates mapped to a NT account

Site Server/logging

Downloading files to a laptop, creating a 'map' of files from an IIS server with multiple remote virtual directories. Just

understand it's capabilities and services.

Q: What's the easiest way to find how many 32K objects that have HTML extensions.

a) Site server

b) import a log file to an excel spread sheet

c) use the NT Explorer to search the web site dir.

d) use ftp

Change DNS domain to .com from .edu on all of your sites. How?

WHS

Q:You are logging WWW with text logging and you want to know where to find the number of page hits?

1) in the log file -> correct one.

2) Event Viewer

Q:You access a web page and you want to use Site server to download the web page and all it's links. Do you set up site

server to download by specifying url name or the physical directory???

A: url Name

Q: You want to save your entire website and all links off it to your laptop, what do you use?

A: Site Server Express

Q: Site Server Reports Hourly on Web site, some ips are not logged

a) because it's setup to discard open visits on the turnaround

b) setup to commit open visits

c) Can't resolve client IPs to Hosts

d) Clients have invalid IP???

15.What is the function of Site Server Express Content Analyser?

>The site server is an analysis tool to help u better momnitor/troubleshoot ur server. The content analyzer points to faulty links in

the server tree, which is visaully displayed

-You want to enable logging of your web site. What option should you choose to allow the lowest processing overhead.

A) Normal Text Log

B) Compressed Normal Text Log

C) Logging to a SQL database

D) Logging to a remote SQL database

Answer: A

How do you increase performance of Site Server Express logging?

Answer: I answered something to do with increasing the cache setting???

SMTP

Q: What's the "Local Retry Queue Length" ?

A: ???

Q: What are SMTP Smart host headers ?

A: ???

Q: How to improve SMTP performance?

decrease message sizes allowed, decrease the update/retry interval, move badmail folder to another directory

Q: You have a SMTP server in another domain which does not use DNS and you want to set up that mail being directed

through it contains the Company's main domain name.

A: ??? Use SMTP smart host header.

Q: SMTP should be configured to securely transfer mail betweens sites, how?

a)SSL

b)PPTP

Q: Your Domain name is currently set to one of you subsidiaries, How do you get SMTP mail to appear it is coming from your

real companies domain?

a) Masquerade domain

b) Smart host header

c) Domain name change??

Q: You have an IIS with SMTP server and two branch offices with IIS backboned together over the internet. What should you

implement in order to ensure secure communications.

a) SSL between sites

b) no changes, etc.

Q: Requirements for SMTP

a) NTFS *

b) FAT ?

c) TCP/IP *

d) Netbios

e) DNS ?

2. We are expriencing 6 local query retry daily. How to increase the performance.

My ans are decrease the local query retry interval and increase the incoming mail timeout.

Another possible answer is to increase the timeout setting???

Want to do a search of unfiltered documents: @unfiltered = True

Word lists are taking up too much memory, what do you do select 2 options:

A. Decrease size of word lists ?*?

B. Decrease number of word lists ??

C. Increase the number of word lists *

D. Increase the size of word lists