14239-02378_ch08_solutions
TRANSCRIPT
Chapter 8 Solutions
Review Questions
1. What step can you take when you install a DCHP server to ensure that IP addresses are only assigned by a DHCP server managed by a server administrator in your company?
Answer: c. Authorize the server.
2. What is DHCPv6?Answer: Dynamic Host Configuration Protocol for IPv6 (DHCPv6) is for networks that use IPv6.
3. Your company has Microsoft Windows Server 2008 servers functioning as DCs. The IT department is debating whether to use Microsoft DNS or a free open source version of DNS that one of the system programmers likes. What are some reasons for using Microsoft DNS? (Choose all that apply.)
Answer: c. Microsoft DNS is fully compatible with Active Directory. and d. Microsoft DNS can be replicated through Active Directory.
4. Your colleague at another company has installed DNS, but it is not mapping computer names to IP addresses. Which of the following might be the problem? (Choose all that apply.)
Answer: a. DNS lookup zone records are not set up to update automatically and your colleague has not manually created any records.
5. Your school has a Web site with links for each department, such as for English, math, biology, and
so on. Each department wants to maintain its own portion of the site. Which of the following can you set up for each department to maintain its own Web files?
Answer: d. a virtual directory for each department.
6. On a DNS server the _____ record maps a computer name to an IPv4 address.Answer: host address (A) resource record
7. You work for an environmental consulting company in which most employees work in the field and then come back to the office for a day at a time. Consequently, the company only purchases laptop computers for its employees to accommodate their travel. When you set up the lease duration in DHCP, which of the following should you use?
Answer: a. 24 hours
8. A Web server that handles e-mail coming in through the Internet must be compatible with the _____ Protocol.
Answer: Simple Mail Transfer or SMTP
9. You work for a nonprofit organization that still uses many Windows 98 workstations because it doesn’t have the budget to upgrade computer equipment. However, the organization did receive a donation to sponsor the purchase of a new Windows Server 2008 server. What naming service should you configure to register computer names and IP addresses on the network?
Answer: b. WINS
10. What tool is used to configure a DHCP scope?Answer: c. DHCP tool
11. You are setting up a scope of addresses on a DHCP server between 138.90.10.2 through 138.90.10.99. However, you don’t want to have addresses 138.90.10.7 and 138.90.10.10 in the
1
range of addresses to assign because these addresses are currently used for Web servers. Which of the following is the best solution?
Answer: c. Use the ability to exclude specific IP addresses when you set up the scope.
12. Which of the following are DNS resource records? (Choose all that apply.)Answer: a. mail exchanger (MX), b. name server (NS), and d. service locator (SRV)
13. Name three reasons to have a secondary DNS server.Answer: 1. To have a copy of DNS data in case the primary DNS server fails, 2. To enable load balancing, in case the primary DNS server is busy, and 3. To reduce network congestion.
14. Your assistant reports that users cannot access the DHCP server to lease addresses. What troubleshooting measures do you take? (Choose all that apply.)Answer: a. Ensure that the DHCP Client and DHCP Server services are started. and b. Make sure the DHCP server is connected to the network.
15. Your Web site contains pages of special events. You don’t always remember to deactivate these Web pages and some remain available after the event has occurred. How can you prevent the display of Web pages that are no longer current?
Answer: b. Configure the HTTP response headers function to expire specific documents.
16. Which of the following can you accomplish with IIS Manager? (Choose all that apply.)Answer: b. manage ASP .NET, c. manage logging of Web server activities, and d. manage server certificates
17. What are the names of DNS host records for IPv4 and IPv6?Answer: An IPv4 host record is called a host address (A) resource record and an IPv6 host record is called an IPv6 host address (AAAA) resource record.
18. You work for a university that has about 7,800 students, faculty, and staff. In an IT managers meeting discussing the implementation of new Windows Server 2008 servers, one of the managers questions if this number of computer users is beyond the maximum that a single Windows Server 2008 DHCP server can handle. What is your response?
Answer: c. This is within the capacity of a single DHCP server.
19. You have installed a DNS server and now you want to check log information to make sure it is running properly before you release the server into live production. What tool or tools can you use to access log entries? (Choose all that apply.)
Answer: b. Server Manager and c. Event Viewer
20. Users complain that when an error occurs on your Web site confusing messages are displayed. What IIS feature enables you to address this problem?
Answer: Use IIS Manager to configure error pages to display more informative messages.
Hands-On Projects Tips and Solutions for Chapter 8
Activity 8-1
In this activity, students install DNS. Note that if DNS was installed earlier, such as to install Active Directory in Chapter 4, instructions are provided in a note to remove DNS so that students can install it from scratch.
Activity 8-2
2
This activity enables students to create a reverse lookup zone. Consider using this opportunity to explain why it is wise to create a reverse lookup zone before adding records to the forward lookup zone.
In Step 7, two other zone data replication options are available: To all DNS servers in this forest: domainname To all domain controllers in this domain (for Windows 2000 compatibility); domainname
In Step 11, the other options for dynamic updates are: Allow both nonsecure and secure dynamic updates Do not allow dynamic updates
Of these options Allow both nonsecure and secure dynamic updates is least secure, because updates can be accepted even from sources that are not trusted.
In Step 13, students should verify that the new reverse lookup zone is created by looking for it in the right pane.
Activity 8-3
In this activity, students learn how to manually create a new host address (A) resource record.
In Step 4, the options on the shortcut menu include: Reload New Host (A or AAAA) New Alias (CNAME) New Mail Exchanger (MX) New Domain New Delegation Other New Records All Tasks Delete Refresh Export List Properties Help
Activity 8-4
In this activity, students verify the dynamic update setup for the DNS server.
In Step 3, students should find that the default Dynamic updates: setting is Secure only. The other options are:
None Nonsecure and secure
Activity 8-5
This activity enables students to practice troubleshooting a problem with a DNS server by stopping and restarting the DNS Server and DNS Client services via Server Manager.
Activity 8-6
3
In this activity, students use Server Manager to view log information relating to DNS Server services. They also learn to use this tool to verify that the DNS Server service is running and to learn where to find more resources about DNS.
Activity 8-7
Students install WINS as a feature in this activity and they learn how to use the WINS management tool.
In Step 9, to create a replication partner you would click New Replication Partner in the shortcut menu. Also, to replicate the database to the replication partner you would click Replicate Now.
Activity 8-8
For this activity, students use Server Manager to install the DHCP role.
Activity 8-9
In this activity, students configure the DHCP services that they installed in the previous activity. For this activity, you will need to provide students with the name or address of the DNS server, a scope, and an address to exclude from the scope. They will also need the subnet mask.
In Step 7, the length value changes to the appropriate length after the Length box is accessed.
In Step 9, after students click Add, the IP address that they entered is displayed in the Excluded address range box. It is not necessary to enter an ending address.
In Step 11, the default lease time is 8 days. This lease time is appropriate for situations such as a medium or large network consisting of desktop computers and which has a relatively large number of IP addresses to lease.
In Step 15, to enter more than one DNS server, keep entering server names and clicking Resolve or enter IP addresses, and clicking Add.
In Step 19, students should determine that the scope they just entered now is displayed in the right pane of the DHCP window.
Activity 8-10
This activity enables students configure automatic DNS registration. Consider discussing with students how automatic DNS registration can save time for a DNS server administrator.
Activity 8-11
This project enables students to install the Web Server (IIS) role via Server Manager.
In Step 6, the modules installed by default are as follows:
Under Common HTTP Features: Static Content Default Document Directory Browsing
4
HTTP Errors
Under Health and Diagnostics: HTTP Logging Request Monitor
Under Security: Request Filtering
Under Performance: Static Content Compression
Under Management Tools IIS Management Console
Activity 8-12
This activity enables students to create a virtual directory.
In Step 8, to share the directory, click the Share button to configure it for sharing.
Activity 8-13
In this activity students perform some basic configuration steps for their web site.
In Step 3, to rename the Web site, click Rename from the shortcut menu; and to restart the Web site, click Manage Web Site from the shortcut menu and click Restart.
Case Projects
D’Amico Guitars manufactures acoustic and electric guitars along with guitar equipment such as cases, strings, and tuners. They are currently moving to new facilities that offer more space for production. The added space means they will be hiring new people, installing a new network, and purchasing new Windows Server 2008 servers. The company is anticipating growth to 428 employees and there will be over 300 client computers on the new network. They also will have 12 Windows Server 2008 servers by the time the move is completed.
The company has previously sold many guitars through third-party Internet distributors and has not had its own Web site. Online sales have been phenomenal, which has led them to decide to implement their own Web site to sell guitars and guitar equipment. As they transition to the new facilities, they regard their network and particularly the proposed Web site as essential to their business strategy.
D’Amico recently lost two server administrators who were hired by other companies. The loss of these administrators means they are short handed on people who know server and network administration, which is why they have contacted Aspen Consulting for your help. Your assignment is to assist with the setup of crucial network services
Case Project 8-1: Planning Network ServicesThe Information Services Department director asks you to develop a report explaining how to plan the implementation of Web, DNS, and DHCP services. In your report, address the following issues:
In what order should the Web, DHCP, and DNS services be implemented? Should all of these services be implemented on one server or on different servers?
5
What setup elements should be planned in advance, such as DHCP scopes and other elements?
What security issues should be addressed in the setup of these services?
Answer:
With 12 Windows Server 2008 servers planned, the D’Amico Guitars will want to install Active Directory at the beginning of the implementation. This means that they will need to install DNS on at least one server before or during the installation of Active Directory. Next they will want to install DCHP to enable automatic assignment of IP addresses for clients. The Web server will likely be installed last. It is conceivable that they might install DNS and DHCP on the same server (or on different servers) and have another server dedicated for the IIS Web server. Also, they should consider creating a secondary DNS server on one of the other servers.
For DNS they should plan setup elements such as namespace, computer naming, server naming, forward lookup zone structure, and the reverse lookup zone structure. (Advanced students might note there will need to be planning about creating pointer records if there are to be multiple business locations.) For DHCP, they will need to take into account how to set up scopes for different types of clients, such as desktop computers and laptop computers. The DHCP server will need to be authorized and all exclusions to the scopes should be considered. For example, permanent static IP addresses should be manually configured on all of the servers and excluded from the appropriate scopes. Also, DHCP should be set up to automatically update the DNS server. For the Web server they will need to look at elements such as encryption and authorization, whether to restrict IP addressing, where to locate Web files, whether to create virtual directories, and how to set permissions. Other factors that might go into the planning include the placement of servers, the need for backup servers, how to plan for growth, how to monitor servers, and other factors.
The security issues include, for example, who should manage the servers and what security should the server managers be given. All clients will need Read access to the DNS and DHCP servers. Further, a determination should be made about who will access the Web server, which will impact the permissions placed on Web folders, permissions on virtual directories, and what IP restrictions to implement.
Case Project 8-2: Configuring a DNS ServerAs you are demonstrating how to configure a DNS server to the new server administrators one of them asks the following questions:
What is the purpose of the reverse lookup zone and how is it configured? Can more than one DNS server be configured using Active Directory on the network, and if
so, what is the advantage? What is the most efficient way to update DNS records?
Answer:
The purpose of the reverse lookup zone is to hold the pointer (PTR) resource records, which contain the IP address to host name lookup information. Students might comment that the reverse lookup zone is not as commonly used as the forward lookup zone. However, it is important for network communications, such as Internet communications, in which it is necessary to resolve an IP address to a computer name. A reverse lookup zone is created using the following steps:
1. Click Start, point to Administrative Tools, and click DNS.
2. Click the plus sign in front of your server’s name to expand the elements under it.
3. Right-click the Reverse Lookup Zones folder in the tree under the DNS server and click New Zone.
4. Click Next after the New Zone Wizard starts.
6
5. Click Primary zone. Also, click the box for Store the zone in Active Directory.
6. Click Next.
7. In the Active Directory Zone Replication Scope window, make sure that To all DNS servers in this domain: domainname is selected.
8. Click Next.
9. In the next window you can select to create the reverse lookup zone for IPv4. Click Next.
10. Enter the network ID of the reverse lookup zone and click Next.
11. Select Allow only secure dynamic updates (recommended for Active Directory).
12. Click Next.
13. Review the information you have entered and click Finish. More than one DNS server can be configured. This is generally a wise practice so that there is a
backup DNS server in case the primary server goes down. The most efficient way to update DNS records is to configure DHCP to automatically register with
a DNS server the IP addresses that it leases. This is configured using the DHCP tool or MMC snap-in.
Case Project 8-3: Troubleshooting Network Services Problems
After the network has been set up and an initial 250 users are on the network, you discover a unique problem. Each Monday morning when the users come to work at 8:00 am there are delays in logging into the network. Your analysis shows that the server housing DHCP is experiencing intense traffic at that time. What steps do you take to solve this problem?
Also, as you are considering the problem, one of the Information Services Department employees calls to let you know that the DHCP server no longer seems to be issuing IP addresses, causing error messages. What do you do to solve this problem?
Answer:
The Monday morning slowdown problem is likely due the way scopes are set up on the DHCP server. If there is only one scope and leases are set to expire on a weekly basis, this means that much of the traffic is likely related to many computers contacting the DHCP server at the same time when people come to work. Possible solutions to this problem include:
Create multiple scopes with different leasing periods, between several days and a couple of weeks.
Ensure there is a primary and a secondary DNS server to spread the DNS server load. This is important so that when DHCP registers leases with DNS, it does not at the same time overload a single DNS server; and it creates a backup in case the primary DNS server goes down.
To troubleshoot the problem with DHCP no longer working: Ensure that the Windows Server 2008 housing DHCP is running and has a good connection to
the network (physical connection and that it is transmitting packets). Use the Computer Management tool or Server Manager to restart or stop and restart the
DHCP Client and DHCP Server services; and that both services are configured to start automatically.
Case Project 8-4: Setting Up a Web Server
The D’Amico Guitar management team is considering options for the Web server. They have asked you to write a report or create a slide show covering the following:
7
What IIS features can benefit the company’s plan to sell guitars and guitar equipment online? This there an effective tool to manage the Web server after it is installed? If so, what are its
advantages? Does IIS provide security to protect the Web-based assets, such as Web documents, after they
are set up?
Answer:
Students can take several directions with this answer, but here are some ideas:
IIS has many features. One important feature is that it can be installed in modules so that only those portions of IIS that are necessary are installed. This is also a good security measure because it reduces the attack surface of the Web server. Students might also mention some or all of the following example features:
Authentication: enables use of different authentication methods. Compression: enables Web files to be compressed to save disk space. Default document: for specifying default Web pages. Directory browsing: for listing folder contents. Error pages: to customize error messages that users see. Handler mappings: to configure .dll and code files. HTTP response headers: to set expiration dates, code files, and other files for use by
clients. Logging: for logging Web server activities. MIME types: for configuring file extensions. Modules: for configuring code modules. Output caching: for caching output to help make the server respond faster. SSL settings: for encrypted communications to ensure protection for the company
and its customers.Still another advantage is the ability use of FTP to download and upload files. Further, you can use virtual pages for storing Web documents and application pools for coordinating Web applications.
The IIS Manager is the tool to use for managing the Web site and IIS. This tool has the following advantages:
Enables you to connect to a Web server on your computer or remotely connect to a Web server, an application, or site.
Have connections to multiple Web servers, applications, and sites. Manage a Web server. Manage ASP .NET. Manage authorization for users and for specific Web server roles. Manage Web server logging. Compress Web server files. Manage code modules and worker processes. Manage server certificates. Troubleshoot a Web server.
IIS provides security through several means that include: SSL encryption Authentication techniques Lower attack surface when you install only the IIS modules you need NTFS permissions that can be applied, such as to virtual directories Share permissions that can be used
8