Windows Server 2003 interview and certification questions 1.How do you double-boot a Win 2003 server box?

The Boot.ini file is set as read -only, system, and hidden to prevent unwanted editing. To change the Boot.ini ti meout and default settings, use the System option in Control Panel from the Adva nced tab and select Startup. 2.What do you do if earlier application doesn t run on Windows Server 2003? When a n application that ran on an earlier legacy version of Windows cannot be loaded during the setup function or if it later malfunctions, you must run the compatib ility mode function. This is accomplished by right-clicking the application or s etup program and selecting Properties > Compatibility > selecting the previously s upported operating system. 3. If you uninstall Windows Server 2003, which operating systems can you revert to? Win ME, Win 98, 2000, XP. Note, however, that you cannot upgrade from ME and 98 to Windows Server 2003. 4.How do you get to Internet Firewall settings? Start > Control Panel > Network an d Internet Connections > Network Connections. 5.What are the Windows Server 2003 keyboard shortcuts? Winkey opens or closes th e Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next application in the taskbar. Winkey + SHIFT + TA B moves the focus to the previous application in the taskbar. Winkey + B moves t he focus to the notification area. Winkey + D shows the desktop. Winkey + E open s Windows Explorer showing My Computer. Winkey + F opens the Search panel. Winke y + CTRL + F opens the Search panel with Search for Computers module selected. W inkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimi zation. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winke y + L locks the computer. 6.What is Active Directory? Active Directory is a network-based object store and service that locates and manages resources, and makes these resources available to authorized users and groups. An underlying principle of the Active Directory is that everything is considered an object people, servers, workstations, printer s, documents, and devices. Each object has certain attributes and its own securi ty access control list (ACL). 7.Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003? The Active Directory replaces them. Now all do main controllers share a multimaster peer-to-peer read and write relationship th at hosts copies of the Active Directory. 8.How long does it take for security changes to be replicated among the domain c ontrollers? Security-related modifications are replicated within a site immediat ely. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA). 9.What s new in Windows Server 2003 regarding the DNS management? When DC promotio n occurs with an existing forest, the Active Directory Installation Wizard conta cts an existing DC to update the directory and replicate from the DC the require d portions of the directory. If the wizard fails to locate a DC, it performs deb ugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records . The Active Directory Installation Wizard verifies a proper configuration of th e DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard. 10.When should you create a forest? Organizations that operate on radically diff erent bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships a nd joint ventures. While access to common resources is desired, a separately def ined tree can enforce more direct administrative and security restrictions. 11.How can you authenticate between forests? Four types of authentication are us ed across forests: (1) Kerberos and NTLM network logon for remote access to a se

rver in another forest; (2) Kerberos and NTLM interactive logon for physical log on outside the user s home forest; (3) Kerberos delegation to N-tier application i n another forest; and (4) user principal name (UPN) credentials. 12.What snap-in administrative tools are available for Active Directory? Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manage r, Active Directory Users and Group Manager, Active Directory Replication (optio nal, available from the Resource Kit), Active Directory Schema Manager (optional , available from adminpak) 13.What types of classes exist in Windows Server 2003 Active Directory? Structural class. The structural class is important to the system administrator i n that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing str uctural type or the use of one or more abstract classes. Abstract class. Abstract classes are so named because they take the form of templ ates that actually create other templates (abstracts) and structural and auxilia ry classes. Think of abstract classes as frameworks for the defining objects. Auxiliary class. The auxiliary class is a list of attributes. Rather than apply n umerous attributes when creating a structural class, it provides a streamlined a lternative by applying a combination of attributes with a single include action. 88 class. The 88 class includes object classes defined prior to 1993, when the 19 88 X.500 specification was adopted. This type does not use the structural, abstr act, and auxiliary definitions, nor is it in common use for the development of o bjects in Windows Server 2003 environments. 14.How do you delete a lingering object? Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Act ive Directory. 15.What is Global Catalog? The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was t ypically one GC on every site in order to prevent user logon failures across the network. 16.How is user account security established in Windows Server 2003? When an acco unt is created, it is given a unique access number known as a security identifie r (SID). Every group to which the user belongs has an associated SID. The user a nd related group SIDs together form the user account s security token, which deter mines access levels to objects throughout the system and network. SIDs from the security token are mapped to the access control list (ACL) of any object the use r attempts to access. 17.If I delete a user and then create a new account with the same username and p assword, would the SID and permissions stay the same? No. If you delete a user a ccount and attempt to recreate it with the same user name and password, the SID will be different. 18.What do you do with secure sign-ons in an organization with many roaming user s? Credential Management feature of Windows Server 2003 provides a consistent si ngle sign-on experience for users. This can be useful for roaming users who move between computer systems. The Credential Management feature provides a secure s tore of user credentials that includes passwords and X.509 certificates. 19.Anything special you should do when adding a user that has a Mac? "Save passw ord as encrypted clear text" must be selected on User Properties Account Tab Opt ions, since the Macs only store their passwords that way. 20.What remote access options does Windows Server 2003 support? Dial-in, VPN, di al-in with callback. 21.Where are the documents and settings for the roaming profile stored? All the documents and environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all changes to the locally stored profi le are copied to the shared server folder. Therefore, the first time a roaming u ser logs on to a new system the logon process may take some time, depending on h ow large his profile folder is. 22.Where are the settings for all the users stored on a given machine? \Document and Settings\All Users

23.What languages can you use for log-on scripts? JavaScipt, VBScript, DOS batch files (.com, .bat, or even .exe) Windows Server 2003 Active Directory and Security questions By admin December 7, 2003 1.What s the difference between local, global and universal groups? Domain local g roups assign access permissions to global domain groups for local domain resourc es. Global groups provide access to resources in other trusted domains. Universa l groups grant access to resources in all trusted domains. 2.I am trying to create a new universal user group. Why can t I? Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode re quires that all domain controllers be promoted to Windows Server 2003 Active Dir ectory. 3.What is LSDOU? It s group policy inheritance model, where the policies are appli ed to Local machines, Sites, Domains and Organizational Units. 4.Why doesn t LSDOU work under Windows NT? If the NTConfig.pol file exist, it has the highest priority among the numerous policies. 5.Where are group policies stored? %SystemRoot%System32\GroupPolicy 6.What is GPT and GPC? Group policy template and group policy container. 7.Where is GPT stored? %SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID 8.You change the group policies, and now the computer and user settings are in c onflict. Which one has the highest priority? The computer settings take priority . 9.You want to set up remote installation procedure, but do not want the user to gain access over it. What do you do? gponame > User Configuration > Windows Settings > Remote Installation Services > Choice Options is your friend. 10.What s contained in administrative template conf.adm? Microsoft NetMeeting poli cies 11.How can you restrict running certain applications on a machine? Via group pol icy, security settings for the group, then Software Restriction Policies. 12.You need to automatically install an app, but MSI file is not available. What do you do? A .zap text file can be used to add applications using the Software Installer, rather than the Windows Installer. 13.What s the difference between Software Installer and Windows Installer? The for mer has fewer privileges and will probably require user intervention. Plus, it u ses .zap files. 14.What can be restricted on Windows Server 2003 that wasn t there in previous pro ducts? Group Policy in Windows Server 2003 determines a users right to modify ne twork and dial-up TCP/IP properties. Users may be selectively restricted from mo difying their IP address and other network configuration parameters. 15.How frequently is the client policy refreshed? 90 minutes give or take. 16.Where is secedit? It s now gpupdate. 17.You want to create a new group policy but do not wish to inherit. Make sure y ou check Block inheritance among the options when creating the policy. 18.What is "tattooing" the Registry? The user can view and modify user preferenc es that are not stored in maintained portions of the Registry. If the group poli cy is removed or changed, the user preference will persist in the Registry. 19.How do you fight tattooing in NT/2000 installations? You can t. 20.How do you fight tattooing in 2003 installations? User Configuration - Admini strative Templates - System - Group Policy - enable - Enforce Show Policies Only . 21.What does IntelliMirror do? It helps to reconcile desktop settings, applicati ons, and stored files for users, particularly those who move between workstation s or those who must periodically work offline. 22.What s the major difference between FAT and NTFS on a local machine? FAT and FA T32 provide no security over locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files. 23.How do FAT and NTFS differ in approach to user shares? They don t, both have su pport for sharing.

24.Explan the List Folder Contents permission on the folder in NTFS. Same as Rea d & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission. 25.I have a file to which the user has access, but he has no folder permission t o read it. Can he access it? It is possible for a user to navigate to a file for which he does not have folder permission. This involves simply knowing the path of the file object. Even if the user can t drill down the file/folder tree using My Computer, he can still gain access to the file using the Universal Naming Con vention (UNC). The best way to start would be to type the full path of a file in to Run window. 26.For a user in several groups, are Allow permissions restrictive or permissive ? Permissive, if at least one group has Allow permission for the file/folder, us er will have the same permission. 27.For a user in several groups, are Deny permissions restrictive or permissive? Restrictive, if at least one group has Deny permission for the file/folder, use r will be denied access, regardless of other group permissions. 28.What hidden shares exist on Windows Server 2003 installation? Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL. 29.What s the difference between standalone and fault-tolerant DFS (Distributed Fi le System) installations? The standalone server stores the Dfs directory tree st ructure or topology locally. Thus, if a shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may includ e multiple connections to the same data residing in different shared folders. 30.We re using the DFS fault-tolerant installation, but cannot access it from a Wi n98 box. Use the UNC path, not client, only 2000 and 2003 clients can access Ser ver 2003 fault-tolerant shares. 31.Where exactly do fault-tolerant DFS shares store information in Active Direct ory? In Partition Knowledge Table, which is then replicated to other domain cont rollers. 32.Can you use Start->Search with DFS shares? Yes. 33.What problems can you have with DFS installed? Two users opening the redundan t copies of the file at the same time, with no file-locking involved in DFS, cha nging the contents and then saving. Only one file will be propagated through DFS . 34.I run Microsoft Cluster Server and cannot install fault-tolerant DFS. Yeah, y ou can t. Install a standalone one. 35.Is Kerberos encryption symmetric or asymmetric? Symmetric. 36.How does Windows 2003 Server try to prevent a middle-man attack on encrypted line? Time stamp is attached to the initial client request, encrypted with the s hared key. 37.What hashing algorithms are used in Windows 2003 Server? RSA Data Security s Me ssage Digest 5 (MD5), produces a 128-bit hash, and the Secure Hash Algorithm 1 ( SHA-1), produces a 160-bit hash. 38.What third-party certificate exchange protocols are used by Windows 2003 Serv er? Windows Server 2003 uses the industry standard PKCS-10 certificate request a nd PKCS-7 certificate response to exchange CA certificates with third-party cert ificate authorities. 39.What s the number of permitted unsuccessful logons on Administrator account? Un limited. Remember, though, that it s the Administrator account, not any account th at s part of the Administrators group. 40.If hashing is one-way function and Windows Server uses hashing for storing pa sswords, how is it possible to attack the password lists, specifically the ones using NTLMv1? A cracker would launch a dictionary attack by hashing every imagin able term used for password and then compare the hashes. 41.What s the difference between guest accounts in Server 2003 and other editions? More restrictive in Windows Server 2003. 42.How many passwords by default are remembered when you check "Enforce Password History Remembered"? User s last 6 passwords.

Windows Server 2003 IIS and Scripting interview questions By admin December 7, 2003 1.What is presentation layer responsible for in the OSI model? The presentation layer establishes the data format prior to passing it along to the network appli cation s interface. TCP/IP networks perform this task at the application layer. 2.Does Windows Server 2003 support IPv6? Yes, run ipv6.exe from command line to disable it. 3.Can Windows Server 2003 function as a bridge? Yes, and it s a new feature for th e 2003 product. You can combine several networks and devices connected via sever al adapters by enabling IP routing. 4.What s the difference between the basic disk and dynamic disk? The basic type co ntains partitions, extended partitions, logical drivers, and an assortment of st atic volumes; the dynamic type does not use partitions but dynamically manages v olumes and provides advanced storage options 5.What s a media pool? It is any compilation of disks or tapes with the same admin istrative properties. 6.How do you install recovery console? C:\i386\win32 /cmdcons, assuming that you r Win server installation is on drive C. 7.What s new in Terminal Services for Windows 2003 Server? Supports audio transmis sions as well, although prepare for heavy network load. 8.What scripts ship with IIS 6.0? iisweb.vsb to create, delete, start, stop, and list Web sites, iisftp.vsb to create, delete, start, stop, and list FTP sites, iisdir.vsb to create, delete, start, stop, and display virtual directories, iisf tpdr.vsb to create, delete, start, stop, and display virtual directories under a n FTP root, iiscnfg.vbs to export and import IIS configuration to an XML file. 9.What s the name of the user who connects to the Web site anonymously? IUSR_compu tername 10.What secure authentication and encryption mechanisms are supported by IIS 6.0 ? Basic authentication, Digest authentication, Advanced digest authentication, C ertificate-based Web transactions that use PKCS #7/PKCS #10, Fortezza, SSL, Serv er-Gated Cryptography, Transport Layer Security 11.What s the relation between SSL and TLS? Transport Layer Security (TLS) extends SSL by providing cryptographic authentication. 12.What s the role of http.sys in IIS? It is the point of contact for all incoming HTTP requests. It listens for requests and queues them until they are all proce ssed, no more queues are available, or the Web server is shut down. 13.Where s ASP cache located on IIS 6.0? On disk, as opposed to memory, as it used to be in IIS 5. 14.What is socket pooling? Non-blocking socket usage, introduced in IIS 6.0. Mor e than one application can use a given socket. 15.Describe the process of clustering with Windows 2003 Server when a new node i s added. As a node goes online, it searches for other nodes to join by polling t he designated internal network. In this way, all nodes are notified of the new n ode s existence. If other nodes cannot be found on a preexisting cluster, the new node takes control of the quorum resources residing on the shared disk that cont ains state and configuration data. 16.What applications are not capable of performing in Windows 2003 Server cluste rs? The ones written exclusively for NetBEUI and IPX. 17.What s a heartbeat? Communication processes between the nodes designed to ensur e node s health. 18.What s a threshold in clustered environment? The number of times a restart is a ttempted, when the node fails. 19.You need to change and admin password on a clustered Windows box, but that re quires rebooting the cluster, doesn t it? No, it doesn t. In 2003 environment you ca n do that via cluster.exe utility which does not require rebooting the entire cl uster. 20.For the document of size 1 MB, what size would you expect the index to be wit h Indexing Service? 150-300 KB, 15-30% is a reasonable expectation.

21.Doesn t the Indexing Service introduce a security flaw when allowing access to the index? No, because users can only view the indices of documents and folders that they have permissions for. 22.What s the typical size of the index? Less then 100K documents - up to 128 MB. More than that - 256+ MB. 23.Which characters should be enclosed in quotes when searching the index? &, @, $, #, ^, ( ), and . 24.How would you search for C++? Just enter C++, since + is not a special charac ter (and neither is C). 25.What about Barnes&Noble? Should be searched for as Barnes & Noble. 26.Are the searches case-sensitive? No. 27.What s the order of precedence of Boolean operators in Microsoft Windows 2003 S erver Indexing Service? NOT, AND, NEAR, OR. 28.What s a vector space query? A multiple-word query where the weight can be assi gned to each of the search words. For example, if you want to fight information on black hole , but would prefer to give more weight to the word hole, you can ente r black[1] hole[20] into the search window. 29.What s a response queue? It s the message queue that holds response messages sent from the receiving application to the sender. 30.What s MQPing used for? Testing Microsoft Message Queue services between the no des on a network. 31.Which add-on package for Windows 2003 Server would you use to monitor the ins talled software and license compliance? SMS (System Management Server). 32.Which service do you use to set up various alerts? MOM (Microsoft Operations Manager). 33.What languages does Windows Scripting Host support? VB, VBScript, JScript CCNA More than 200 CCNA questions By admin January 2, 2007 1.As system administrator, you type debug ipx sap and receive the following lines as part of the IOS response: type 04, HELLO2?, 199.0002.0003.0006 (451), 2 hops ty pe 04, HELLO1?, 199.0002.0003.0008 (451), 2 hops What does 04? signify? * That is a Get Nearest Server response. * That it is a General query. * That it is a General response. * That it is a Get Nearest Server request. Correct answer: A 2.To monitor IP igrp traffic, you can use debug IP igrp transaction or debug IP igr p events . How do you display information about IPX routing update packets? * debug routing * debug ipx transaction * debug ipx routing activity * debug ipx events Correct answer: C 3.To monitor ipx traffic on a network, what command would you use? * debug ipx transaction * show ipx traffic * show ipx events * display ipx traffic Correct answer: B 4.What command would you use to find out the names of Novell servers on a networ k? * show ipx servers * show ipx hosts * show ipx sap * show ipx nodes. Correct answer: A 5.The ipx delay number command will allow an administrator to change the default s

ettings. What are the default settings? * For LAN interfaces, one tick; for WAN interfaces, six ticks * For LAN interfaces, six ticks; for WAN interfaces, one tick * For LAN interfaces, zero ticks; for WAN interfaces, five ticks * For LAN interfaces, five ticks; for WAN interfaces, zero Ticks Correct answer: A The default is for LAN interfaces, one tick; for WAN interfaces, six ticks 6.As a system administrator, you need to set up one Ethernet interface on the Ci sco router to allow for both sap and Novell-ether encapsulations. Which set of c ommands will accomplish this? * interface ethernet 0.1 ipx encapsulation Novell-ether ipx network 9e interface ethernet 0.2 ipx network 6c * interface ethernet 0 ipx encapsulation Novell-ether ipx network 9e interface e thernet 0 ipx encapsulation sap ipx network 6c * interface ethernet 0.1 ipx encapsulation Novell-ether interface ethernet 0.2 i px encapsulation sap * interface ethernet 0.1ipx encapsulation Novell-ether ipx network 9e interface ethernet 0.2 ipx encapsulation sap ipx network 6c Correct answer: D The following commands setup the subinterfaces to allow for two types of encapsu lation: interface ethernet 0.1 ipx encapsulation Novell-ether ipx network 9e int erface ethernet 0.2 ipx encapsulation sap ipx network 6c 7.What does the IPX maximum-paths 2? command accomplish? * It enables load sharing on 2 paths if the paths are equal metric paths. * It sets up routing to go to network 2. * It is the default for Cisco IPX load sharing. * It enables load sharing on 2 paths if the paths are unequal metric paths. Correct answer: A It enables load sharing on 2 paths if the paths are equal metric paths. The defa ult is 1 path and the maximum is 512 paths. 8.You want to enable both arpa and snap encapsulation on one router interface. H ow do you do this? * The interface can handle multiple encapsulation types with no extra configurat ion. * Assign two network numbers, one for each encapsulation type. * Enable Novell-ether to run multiple encapsulation types. * Both arpa and snap are enabled by default so you don t have to configure anythin g. Correct answer: B To assign multiple network numbers, you usually use subinterfaces. A sample conf iguration follows: ipx ethernet 0.1 ipx encapsulation novell-ether ipx network 9 e interface ethernet 0.2 ipx encapsulation sap ipx network 6c By default, Cisco routers forward GNS SAPs to remote networks. * False * True Correct answer: A GNS is Novell s protocol to Get Nearest Server. If there is a server on the local network, that server will respond. If there isn t, the Cisco router has to be conf igured to forward the GNS SAP. 9.To prevent Service Advertisements (SAPs) from flooding a network, Cisco router s do not forward them. How are services advertised to other networks? * Each router builds its own SAP table and forwards that every 60 seconds. * Each router assigns a service number and broadcasts that. * SAPs aren t necessary with Cisco routers. * Cisco routers filter out all SAPs. Correct answer: A Cisco routers build SAP tables and forward the table every 60 seconds. All SAPs can t be filtered even with 4.x since NDS and time synchronization uses SAPs. 10.Novell s implementation of RIP updates routing tables every ____ seconds. * 60

* 90 * 10 * 30 Correct answer: A Novell s RIP updates routing tables every 60 seconds, Apple s RTMP is every 10 secon ds, routers ARP every 60 seconds, IGRP signal every 90 seconds, and Banyan VINES signals every 90 seconds. 11.In Novell s use of RIP, there are two metrics used to make routing decisions. S elect the two metrics. * Ticks. * Hops * Loops * Counts Correct answer: A &B It first uses ticks (which is about 1/18 sec.); if there is a tie, it uses hops; if hops are equal, then it uses an administratively assigned tiebreaker. 12.What is the Cisco name for the encapsulation type used on a serial interface? * HDLC * SDLC * SAP * SNAP Correct answer: A 13. arpa is used by the Cisco IOS for which encapsulation types? * Ethernet_II * Ethernet_802.3 * Ethernet_802.2 * Ethernet_SNAP Correct answer: A 14.Novell s IPX and Cisco s IOS name their protocols differently. Cisco uses sap for Ethernet_802.2, Token-Ring, and Novell s FDDI_802.2. Cisco uses snap for Ethernet _SNAP, Token-Ring_SNAP, and FDDI_SNAP. Cisco uses arpa for Ethernet_II and, fina lly the default is Novell-ether for Novell s Ethernet_802.3. snap is used by the Cis co IOS for which encapsulation types? * Ethernet_SNAP * Token-Ring_SNAP * FDDI_SNAP * Novell-SNAP * Novell-FDDI. Correct answer: A,B &C 15.Novell s IPX and Cisco s IOS name their protocols differently. Cisco uses sap for Ethernet_802.2, Token-Ring, and Novell s FDDI_802.2. Cisco uses snap for Ethernet _SNAP, Token-Ring_SNAP, and FDDI_SNAP. Cisco uses arpa for Ethernet_II and, fina lly the default is Novell-ether for Novell s Ethernet_802.3.15 sap is used by the Ci sco IOS for which encapsulation types? * Ethernet_802.2 * Token-Ring * FDDI_SNAP * Ethernet_802.3 * FDDI_802.2 Correct answer: A,B &E 16.Novell s IPX and Cisco s IOS name their protocols differently. Cisco uses sap for Ethernet_802.2, Token-Ring, and Novell s FDDI_802.2. Cisco uses snap for Ethernet _SNAP, Token-Ring_SNAP, and FDDI_SNAP. Cisco uses arpa for Ethernet_II and, fina lly the default is Novell-ether for Novell s Ethernet_802.3. Which type of Etherne t framing is used for TCP/IP and AppleTalk? * Ethernet 802.3 * Ethernet 802.2 * Ethernet II * Ethernet SNAP Correct answer: D

Ethernet 802.3 is used with NetWare versions 2 through 3.11, Ethernet 802.2 is u sed with NetWare 3.12 and later plus OSI routing, Ethernet II is used with TCP/I P and DECnet, and Ethernet SNAP is used with TCP/IP and AppleTalk. 17.Which type of Ethernet framing is used for TCP/IP and DECnet? * Ethernet 802.3 * Ethernet 802.2 * Ethernet II * Ethernet SNAP Correct answer: C Ethernet 802.3 is used with NetWare versions 2 through 3.11, Ethernet 802.2 is u sed with NetWare 3.12 and later plus OSI routing, Ethernet II is used with TCP/I P and DECnet, and Ethernet SNAP is used with TCP/IP and AppleTalk. 18.You are a system administrator on a NetWare network, you are running NetWare 4.11 and you cannot communicate with your router. What is the likely problem? * NetWare 4.11 defaults to 802.2 encapsulation. * NetWare 4.11 defaults to 802.3 encapsulation * Cisco routers only work with NetWare 3.11. * NetWare 3.11 defaults to 802.2 encapsulation. Correct answer: A The default encapsulation on Cisco routers is Novell Ethernet_802.3 and NetWare 3.12 and later defaults to 802.2 encapsulation, 3.11 and earlier defaults to 802 .3. 19.NetWare IPX addressing uses a network number and a node number. Which stateme nts are true? * The network address is administratively assigned and can be up to 16 hexadecim al digits long. * The node address is always administratively assigned. * The node address is usually the MAC address. * If the MAC address is used as the node address, then IPX eliminates the use of ARP. Correct answer: A, C &D The network address can be up to 16 hexadecimal digits in length. The node numbe r is 12 hexadecimal digits. The node address is usually the MAC address. An exam ple IPX address is 4a1d.0000.0c56.de33. The network part is 4a1d. The node part is 0000.0c56.de33. The network number is assigned by the system administrator of the Novell network. 20.Which NetWare protocol works on layer 3 network layer of the OSI model? * IPX * NCP * SPX * NetBIOS Correct answer: A IPX (Internetwork Packet Exchange) is a NetWare network layer 3 protocol used fo r transferring information on LANs. 21.Which NetWare protocol provides link-state routing? * NLSP * RIP * SAP * NCP Correct answer: A NetWare Link Services Protocol (NLSP) provides link-state routing. SAP (Service Advertisement Protocol) advertises network services. NCP (NetWare Core Protocol) provides client-to-server connections and applications. RIP is a distance vecto r routing protocol. 22.As a system administrator, you want to debug igrp but are worried that the deb ug IP igrp transaction command will flood the console. What is the command that y ou should use? * debug IP igrp event * debug IP igrp-events * debug IP igrp summary

* debug IP igrp events Correct answer: D The debug IP igrp events is used to only display a summary of IGRP routing informa tion. You can append an IP address onto either command to see only the IGRP upda tes from a neighbor. 23.What does the following series of commands accomplish? router igrp 71 network 10.0.0.0 router igrp 109 network 172.68.7.0 * It isolates networks 10.0.0.0 and 172.68.7.0. * It loads igrp for networks 109 and 71. * It disables RIP. * It disables all routing protocols. Correct answer: A It isolates network 10.0.0.0 and 172.68.7.0 and associates autonomous systems 10 9 and 71 with IGRP. IGRP does not disable RIP, both can be used at the same time . 24.In the command router igrp 109? what does 109 signify? * an autonomous system * any network number which the router is attached to * the allowable length of the routing table * the network socket number Correct answer: A The Cisco IOS global configuration command router igrp xxx is used to configure th e Interior Gateway Routing Protocol. In this case, the 109 is called the process -id , which can also be used for an autonomous system number. 25.IGRP supports a feature that allows traffic to be distributed among up to 6 ( 4 default) paths to provide greater overall throughput and reliability. What is this called? * unequal-cost load balancing * equal-cost load balancing * proportionate load balancing * low cost load balancing Correct answer: A An unequal-cost load balancing is used to provide alternate paths for data distr ibution on an internetwork. Cisco developed this method to use unused or under u tilized links to increase bandwidth and network availability. 26.IGRP uses flash updates, poison reverse updates, holddown times, and split ho rizon. How often does it broadcast its routing table updates? * 90 seconds * 10 seconds * 30 seconds * 45 seconds Correct answer: A 27.The command show IP protocol displays which information? * routing timers * network information * contents of the IP routing table * information about all known network and subnetworks Correct answer: A & B show IP protocol displays routing timers and network information. show IP route disp lays the routing table with information about all known networks and subnetworks . 28.When using RIP, routing updates are broadcast every ____ seconds. * 30 * 10 * 60 * 90 Correct answer: A Novell s RIP updates routing tables every 60 seconds, Apple s RTMP is every 10 secon ds, routers ARP every 60 seconds, DECnet hosts and IGRP signal every 15 seconds, and Banyan VINES signals every 90 seconds.

29.An autonomous system can only exist if all routers in that system meet which criteria? * interconnected * run the same routing protocol * assigned same autonomous system number * run IGRP only * run RIP only Correct answer: A,B &C An autonomous system is a set of routers and networks under the same administrat ion. Each router must be interconnected, run the same routing protocol, and assi gned the same autonomous system number. The network Information Center (NIC) ass igns a unique autonomous system number to enterprises. 30.A default route is analogous to a _________. * default gateway * static route * dynamic route * one-way route Correct answer: A A default route is analogous to a default gateway. It is used to reduce the leng th of routing tables and to provide complete routing capabilities when a router might not know the routes to all other networks. 31.Routers can learn about destinations through static routes, default, or dynam ic routing. By default, a router will use information derived from __________. * IGRP * RIP * IP * TCP Correct answer: A The quality of information is rated: Connected interface 0 Static route 1 IGRP 100 RIP 120 Unknown 255 The lower the value, the more reliable the source with 255 signifying informatio n that the router will ignore. So, the router will use IGRP, rated at 100, befor e RIP, rated at 120. 32.You are logged into a router, what command would show you the IP addresses of routers connected to you? * show cdp neighbors detail * show run * show neighbors * show cdp Correct answer: A 33.As a system administrator, you perform an extended ping at the privileged EXE C prompt. As part of the display, you see Set DF bit in IP header? [yes] : What wo uld happen if you answered no at the prompt. * This lets the router fragment the packet. * It tells the router not to fragment the packet. * This lets the router direct the packet to the destination it finds in its rout ing table. * It tell the router to send the packet to the next hop router Correct answer: A Set DF bit in IP header? is a response to an extended ping at the router. If you a nswer yes (the default) the router will not fragment the packet. If you answer n o, the router will fragment the packet. 34.You have typed ping 172.16.101.1 and get the following display: Type escape seq uence to abort. Sending 5, 100-byte ICMP Echoes to 172.16.101.1, timeout is 2 se conds: .!!!!

What does the . signify? * That one message timed out. * That all messages were successful. * That one message was successful. * That one message completed in under the allotted timeframe. Correct answer: A The possible responses from the ping command are: ! Successful receipt of an ech o reply. Timed out waiting for a reply U Destination unreachable C Congestion-ex perienced packet I Ping interrupted ? Packet type unknown & Packet TTL exceeded 35.Which command, that is used to test address configuration, uses Time-To-Live (TTL) values to generate messages from each router. * trace * ping * telnet * bootp Correct answer: A The Cisco IOS EXEC command trace [protocol] [destination] is used to discover rout es that packets will travel to their destination hosts. Trace uses TTL (Time to Live) values to report destination route information. 36.What does the command IP name-server 255.255.255.255? accomplish? * It sets the domain name lookup to be a local broadcast. * This is an illegal command. * It disables domain name lookup. * The command is now defunct and has been replaced by IP server-name ip any Correct answer: A By default DNS is enabled on a router with a server address of 255.255.255.255, which provides for a local broadcast. 37.As a system administrator, you need to provide your routers with a Domain Nam e System (DNS) server. How many DNS servers can you specify with one command? * 6 * 1 * 2 * 4 Correct answer: A You can only specify six name servers in one command. The syntax is IP name-serve r server-address1 [[ server-address2 ] server-address6]. You must also enable DNS. 38.How would you configure one host name that points to two IP addresses? * IP host jacob 1.0.0.5 2.0.0.8 * IP jacob 1.0.0.5 2.0.0.8 * IP host jacob 1.0.0.5 * IP host duplicate all Correct answer: A The correct syntax is IP host name [ TCP-port-number ] address [ address ] .. So, I P host P1R1 1.0.0.5 2.0.0.8? is the correct choice. IP host jacob 1.0.0.5? only p oints the host name jacob to one IP address 1.0.0.5. 39.The following selections show the command prompt and the configuration of the IP network mask. Which two are correct? * Router#term IP netmask-format { bitcount decimal hexadecimal } * Router(config-if)#IP netmask-format { bitcount decimal hexadecimal } * Router(config-if)#netmask-format { bitcount decimal hexadecimal } * Router#ip netmask-format { bitcount decimal hexadecimal } Correct answer: A & B Router#term IP netmask-format { bitcount decimal hexadecimal } and Router(co nfig-if)#IP netmask-format { bitcount decimal hexadecimal } are correct. You can configure the mask for the current session and you can configure it for a s pecific line. 40.When configuring the subnet mask for an IP address, which formats can be used ?

* dotted-decimal. * Hexadecimal * Bit-count * Octal * Binary Correct answer: A, B &C 41.You are given the following address: 153.50.6.27/25. Determine the subnet mas k, address class, subnet address, and broadcast address. * 255.255.255.128, B,153.50.6.0, 153.50.6.127 * 255.255.255.128, C,153.50.6.0, 153.50.6.127 * 255.255.255.128, C,153.50.6.127, 153.50.6.0 * 255.255.255.224, C,153.50.6.0, 153.50.6.127 Correct answer: A 42.You are given the following address: 128.16.32.13/30. Determine the subnet ma sk, address class, subnet address, and broadcast address. * 255.255.255.252, B,128.16.32.12, 128.16.32.15 * 255.255.255.252, C,128.16.32.12, 128.16.32.15 * 255.255.255.252, B,128.16.32.15, 128.16.32.12 * 255.255.255.248, B,128.16.32.12, 128.16.32.15 Correct answer: A 43.You are given the following address: 15.16.193.6/21. Determine the subnet mas k, address class, subnet address, and broadcast address. * 255.255.248.0, A, 15.16.192.0, 15.16.199.255 * 255.255.248.0, B, 15.16.192.0, 15.16.199.255 * 255.255.248.0, A, 15.16.199.255, 14.15.192.0 * 255.255.242.0, A, 15.16.192.0, 15.16.199.255 Correct answer: A 44.You have an IP host address of 201.222.5.121 and a subnet mask of 255.255.255 .248. What is the broadcast address? * 201.222.5.127 * 201.222.5.120 * 201.222.5.121 * 201.222.5.122 Correct answer: A The easiest way to calculate this is to subtract 255.255.255.248 (subnet mask) f rom 255.255.255.255, this equals 7. Convert the address 201.222.5.121 to binary 11001001 11011110 00000101 0 1111001. Convert the mask 255.255.255.248 to binary 11111111 11111111 11111111 11111000. AND them toget her to get: 11001001 11011110 45.01111000 or 201.222.5.120. 201.222.5.120 is the subnet address, add 7 to this address for 201.222.5.127 or the broadcast address. 201.222.5.121 through 201.222.5.126 are the valid host ad dresses. 46.Given the address 172.16.2.120 and the subnet mask of 255.255.255.0. How many hosts are available? * 254 * 510 * 126 * 16,372 Correct answer: A 172.16.2 120 is a standard Class B address with a subnet mask that allows 254 ho sts. You are a network administrator and have been assigned the IP address of 20 1.222.5.0. You need to have 20 subnets with 5 hosts per subnet. The subnet mask is 255.255.255.248. 47.Which addresses are valid host addresses? * 201.222.5.17

* 201.222.5.18 * 201.222.5.16 * 201.222.5.19 * 201.222.5.31 Correct answer: A,B & D Subnet addresses in this situation are all in multiples of 8. In this example, 2 01.222.5.16 is the subnet, 201.22.5.31 is the broadcast address. The rest are va lid host IDs on subnet 201.222.5.16. 48.You are a network administrator and have been assigned the IP address of 201. 222.5.0. You need to have 20 subnets with 49.hosts per subnet. What subnet mask will you use? * 255.255.255.248 * 255.255.255.128 * 255.255.255.192 * 255.255.255.240 Correct answer: A By borrowing 5 bits from the last octet, you can. have 30 subnets. If you borrow ed only 4 bits you could only have 14 subnets. The formula is (2 to the power of n)-2. By borrowing 4 bits, you have (22x22)-2=14. By borrowing 5 bits, you have ( 22x22x2)-2=30. To get 20 subnets, you would need to borrow 5 bits so the subnet ma sk would be 255.255.255.248. 50.You are given the IP address of 172.16.2.160 with a subnet mask of 255.255.0. 0. What is the network address in binary? * 10101100 00010000 * 00000010 10100000 * 10101100 00000000 * 11100000 11110000 Correct answer: A To find the network address, convert the IP address to binary 10101100 000100000 0 0000010 10100000 then ANDed it with the subnet mask 11111111 11111111 00000000 00000 000. The rest is 10101100 00010000 00000000 00000000, which is 172.16.0.0 in dec imal. The first octet rule states that the class of an address can be determined by th e numerical value of the first octet. 51.Which addresses are INCORRECTLY paired with their class? * 128 to 191, Class B * 192 to 223 Class B * 128 to 191, Class C * 192 to 223, Class C Correct answer: B & C Address classes are: 1 to 126, Class A; 128 to 191, Class B, 192 to 223, Class C ; 224 to 239, Class D; and 52.to 255, Class E. The first octet rule states that the class of an address can be determined by the numerical value of the first octet. 53.Which addresses are INCORRECTLY paired with their class? * 1 to 126, Class A * 128 to 191, Class A * 1 to 126, Class B * 128 to 191, Class B Correct answer: B & C. Address classes are: 1 to 126, Class A; 128 to 191, Class B, 192 to 223, Class C ; 224 to 239, Class D; and 54.to 255, Class E. The first octet rule states that the class of an address can be determined by the numerical value of the first octet. 55.Which addresses are INCORRECTLY paired with their class? * 240 - 255, Class D * 240 - 255, Class E * 224 - 239, Class D * 224 - 239, Class E Correct answer: A & D

Address classes are: 1 to 126, Class A; 128 to 191, Class B, 192 to 223, Class C ; 224 to 239, Class D; and 240 to 255, Class E. 56.Which IP Address Class is INCORRECTLY paired with its range of network number s? * Class A addresses include 192.0.0.0 through 223.255.255.0 * Class A addresses include 1.0.0.0 through 126.0.0.0 * Class B addresses include 128.0.0.0 through 191.255.0.0 * Class C addresses include 192.0.0.0 through 223.255.255.0 * Class D addresses include 224.0.0.0 through 239.255.255.0 Correct answer: A Class A addresses include 1.0.0.0 through 126.0.0.0 Class B addresses include 128.0.0.0 through 191.255.0.0 Class C addresses include 192.0.0.0 through 223.255.255.0 Class D addresses include 224.0.0.0 through 239.255.255.0 57.Which IP Address Class can have 16 million subnets but support 254 hosts? * Class C * Class A * Class B * Class D Correct answer: A Possible Subnets IP Address Class Possible Hosts 58.A 16M. 64K B 64K 16M C 254 59.Which IP Address Class can have 64,000 subnets with 64,000 hosts per subnet? * Class B * Class A * Class C * Class D Correct answer: A IP Address Class Possible Subnets Possible Hosts 60.A 16M 64K B 64K 16M C 254 61.There are two processes to pair MAC address with IP addresses. Which process finds an IP address from a MAC address? * RARP * ARP * RIP * IGRP Correct answer: A ARP (Address Resolution Protocol) maps an IP address to the MAC address, RARP (R everse Address Resolution Protocol) maps the MAC address to the IP address. ARP and RARP work at the internet layer of the Internet Model or the network layer o f the OSI model. 62.When the router runs out of buffer space, this is called ________. * Source Quench * Redirect * Information Request * Low Memory Correct answer: A Source quench is the process where the destination router, or end internetworkin g device will quench the date from the source , or the source router. This usually ha ppens when the destination router runs out of buffer space to process packets. 63.Which protocol carries messages such as destination Unreachable, Time Exceede d, Parameter Problem, Source Quench, Redirect, Echo, Echo Reply, Timestamp, Info rmation Request, Information Reply, Address Request, and Address Reply? * ICMP * UDP * TCP

* TFTP * FTP Correct answer: A ICMP (Internet Control Message Protocol) is a network layer internet protocol de scribed in RFC # 792. ICMP reports IP packet information such as destination Unr eachable, Time Exceeded, Parameter Problem, Source Quench, Redirect, Echo, Echo Reply, Timestamp, Information Request, Information Reply, Address Request, and A ddress Reply. 64.Two of the protocols that can be carried in the Protocol field of an IP packe t are? * TCP * UDP * FTP * TFTP Correct answer: A & B The following are the fields in an IP segment, their length, and their definitions: VERS (Version number - 16 bits) HLEN (Number of 32-bit words in the header - 4 bits) Type of Server (How the datagram should be handled - 32 bits) Total Length (Total length of header and data - 32 bits) Identification (Provide fragmentation of datagrams to allow different MTUs in th e internet - 4 bits) Flags (Provide fragmentation of datagrams to allow different MTUs in the interne t - 4 bits) Frag Offset (Provide fragmentation of datagrams to allow different MTUs in the i nternet - 6 bits) TTL (Time-To-Live - 6 bits) Protocol (Upperlayer protocol sending the datagram - 16 bits) Header Checksum )Integrity check on the header - 16 bits) Source IP Address (32 bits) Destination IP Address (32 bits) IP Options (network testing, debugging, security and others - 4 bits) Data (4 bits). 65.Where would network testing be included in an IP packet? * IP Options field * Identification field * Type of Service field * Reservation field Correct answer: A The following are the fields in an IP segment, their length, and their definitio ns: VERS (Version number - 16 bits) HLEN (Number of 32-bit words in the header - 4 bits) Type of Server (How the datagram should be handled - 32 bits) Total Length (Total length of header and data - 32 bits) Identification (Provide fragmentation of datagrams to allow different MTUs in th e internet - 4 bits) Flags (Provide fragmentation of datagrams to allow different MTUs in the interne t - 4 bits) Frag Offset (Provide fragmentation of datagrams to allow different MTUs in the i nternet - 6 bits) TTL (Time-To-Live - 6 bits) Protocol (Upperlayer protocol sending the datagram - 16 bits) Header Checksum )Integrity check on the header - 16 bits) Source IP Address (32 bits) Destination IP Address (32 bits) IP Options (network testing, debugging, security and others - 4 bits) Data (4 bits). 66.What field tells the Internet layer how to handle an IP packet?

* Type of Service * Identification * Flags * Frag Offset Correct answer: A The following are the fields in an IP segment, their length, and their definitio ns: VERS (Version number - 16 bits) HLEN (Number of 32-bit words in the header - 4 bits) Type of Server (How the datagram should be handled - 32 bits) Total Length (Total length of header and data - 32 bits) Identification (Provide fragmentation of datagrams to allow different MTUs in th e internet - 4 bits) Flags (Provide fragmentation of datagrams to allow different MTUs in the interne t - 4 bits) Frag Offset (Provide fragmentation of datagrams to allow different MTUs in the i nternet - 6 bits) TTL (Time-To-Live - 6 bits) Protocol (Upperlayer protocol sending the datagram - 16 bits) Header Checksum )Integrity check on the header - 16 bits) Source IP Address (32 bits) Destination IP Address (32 bits) IP Options (network testing, debugging, security and others - 4 bits) Data (4 bi ts). 67.Which fields of an IP packet provide for fragmentation of datagrams to allow differing MTUs in the internet? * Identification * Flags * Frag Offset * Type of Service * Total Length Correct answer: A, B & C The following are the fields in an IP segment, their length, and their definitio ns: VERS (Version number - 16 bits) HLEN (Number of 32-bit words in the header - 4 bits) Type of Server (How the datagram should be handled - 32 bits) Total Length (Total length of header and data - 32 bits) Identification (Provide fragmentation of datagrams to allow different MTUs in th e internet - 4 bits) Flags (Provide fragmentation of datagrams to allow different MTUs in the interne t - 4 bits) Frag Offset (Provide fragmentation of datagrams to allow different MTUs in the i nternet - 6 bits) TTL (Time-To-Live - 6 bits) Protocol (Upperlayer protocol sending the datagram - 16 bits) Header Checksum )Integrity check on the header - 16 bits) Source IP Address (32 bits) Destination IP Address (32 bits) IP Options (network testing, debugging, security and others - 4 bits) Data (4 bits). 68.Which processes does TCP, but not UDP, use? * Windowing * Acknowledgements * Source Port * Destination Port Correct answer: A & B UDP (User Datagram Protocol) does not use sequence or acknowledgement fields in transmission. UDP is a connectionless and unreliable protocol, since there is no delivery chec

king mechanism in the UDP data format. 69.What is the UDP datagram format? * Source Port - 16 bits, Destination Port - 16 bits, Length - 16 Bits, Checksum - 16 bits, Data * Destination Port - 16 bits, Source Port - 16 bits, Length - 16 Bits, Checksum - 16 bits, Data * Source Port - 16 bits, Destination Port - 16 bits, Checksum - 16 Bits, Length - 16 bits, Data * Source Port - 8 bits, Destination Port - 8 bits, Length -8 Bits, Checksum - 8 bits, Data Correct answer: A The UDP format for a segment is as follows: Source Port 16 bits Destination Port 16 bits Length 16 bits Checksum 16 bits Data xx bits 70.What is the function of DDR on Cisco routers? * DDR is dial on-demand routing. It provides a continuous LAN only connection. * DDR is dial-on-demand routing. It provides routing for high volume traffic. * DDR is dial on-demand routing. It provides a continuous WAN connection. * DDR is dial-on-demand routing. It provides routing for low volume and periodic traffic. Correct answer: D DDR is dial-on-demand routing. It provides routing for low volume and periodic t raffic. It initiates a call to a remote site when there is traffic to transmit. 71.What are the two types of access lists that can be configured on a Cisco rout er? * Standard * Extended * Filtering * Packet Correct answer: A & B The access lists are standard and extended. Standard access lists for IP check t he source address of packets that could be routed. Extended access lists can che ck the source and destination packet plus check for specific protocols, port num bers, etc. 72.When using access lists, what does a Cisco router check first? * To see if the packet is routable or bridgeable * The destination address * The source address * The packet contents Correct answer: A The first thing checked is to see if the packet is routable or bridgeable. If it is not, the packet will be dropped. 73.How many access lists are allowed per interface? * One per port, per protocol * Two per port, per protocol * Unlimited * Router interface +1 per port. Correct answer: A Only one access list is allowed per interface. An access list must have conditio ns that test true for all packets that use the access list. 74.What do the following commands accomplish? access-list 1 deny 172.16.4.0 0.0.0.255 access-list 1 permit any interface ethernet 0 IP access-group 1 out * This will block traffic from subnet 172.16.4.0 and allow all other traffic. * This will allow traffic from subnet 172.16.4.0 and block all other traffic. * All traffic is allowed.

* All traffic is blocked. Correct answer: A This will block traffic from subnet 172.16.4.0 and allow all other traffic. The first statement access-list 1 deny 172.16.4.0 0.0.0.255? will deny access to the subnet 172.16.4.0. 75.What do the following statements in an extended access list accomplish? access-list 101 deny TCP 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny TCP 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit TCP 172.16.4.0 0.0.0.255 0.0.0.0 255.255.255.255 * This will block ftp traffic. * This will block http traffic. * This will permit ftp traffic. * This will permit tftp traffic. Correct answer: A This will block ftp traffic since ftp uses ports 20 and 21. 76.Access lists are numbered. Which of the following ranges could be used for an IP access list? * 600 - 699 * 100 - 199 * 1 - 99 * 800 - 899 * 1000 - 1099 Correct answer: wer: B & C AppleTalk access lists use numbers in the 600 - 699 range. IP uses 1 - 99 for st andard access lists or 100-199 for extended access lists. IPX uses 800 - 899 or 900 - 999 for extended access lists. IPX SAP filters use 1000 - 1099. 77.Cisco routers use wildcard masking to identify how to check or ignore corresp onding IP address bits. What does setting a wildcard mask bit to 0 cause the rou ter to do? * It tells the router to check the corresponding bit value. * It tells the router to ignore the corresponding bit value. * It tells the router to check its alternate routing list. * It tells the router to use its primary routing list. Correct answer: A It tells the router to check the corresponding bit value. 78.You are a system administrator and you want to deny access to a group of comp uters with addresses 172.30.16.0 to 172.30.31.0. Which wildcard mask would you u se? * 0.0.15.255 * 0.0.255.255 * 0.0.31.255 * 0.0.127.255 * 0.0.255.255 Correct answer: A 0.0.15.255 will check the last 13 bits of an address so that computers 172.30.16 .0 to 172.30.31.0 will be denied access. 0.0.31.255 would check the last 6 binar y digits and deny access to addresses 172.30.32.0 to 172.30.63.0. 0.0.127.255 wo uld check the last 7 binary digits and deny access to addresses 172.30.64.0 to 1 72.30.127.0. 0.0.255.255 would deny 172.30.0.0 to 172.30.254.0. If you write dec imal 15 in binary, you have 0001111, the 1 s tell the router to ignore address wit h these bits set; 0 s tell the router to check the bits. The third octet for 172.3 0.16.0 is 00010000. The third octet for 172.30.31.0 would be 00011111. So, traff ic from these addresses would be denied. 79.In order to limit the quantity of numbers that a system administrator has to enter, Cisco can use which abbreviation to indicate 0.0.0.0? * host * any * all * include Correct answer: A

Cisco uses host to specify 0.0.0.0. This tells the router to check all. Cisco us es any to specify 255.255.255.255. This tells the router to ignore all and permi t any address to use an access list test. 80.What do the following commands accomplish? access-list 1 permit 172.16.0.0 0.0.255.255 interface ethernet 0 IP access-group 1 out interface ethernet 1 IP access-group 1 out * Only traffic from the source network 172.16.0.0 will be blocked. * Only traffic from the source network 172.16.0.0 will be forwarded. Non-172.16. 0.0 network traffic is blocked. * Non-172.16.0.0 traffic will be forwarded. * All traffic will be forwarded. Correct answer: B Only traffic from the source network 172.16.0.0 will be forwarded. Non-172.16.0. 0 network traffic is blocked. The wildcard mask 0.0.255.255 tells the router to check the first 2 octets and to ignore the last 2 octets. 81.When using access lists, it is important where those access lists are placed. Which statement best describes access list placement? * Put standard access lists as near the destination as possible. Put extended ac cess lists as close to the source as possible. * Put extended access lists as near the destination as possible. Put standard ac cess lists as close to the source as possible. * It isn t import where access lists are placed since the router will read and cac he the whole list. * Put access lists as close to corporate headquarters as possible. Correct answer: A Put standard access lists as near the destination as possible. Put extended acce ss lists as close to the source as possible. Standard access lists don t specify t he destination address. 82.As the system administrator, you enter the following commands at the command prompt: ipx routing access-list 800 permit 2b 4d int e0 ipx network 4d ipx access-group 800 out int e1 ipx network 2b int e2 ipx network 3c What did these command accomplish? * Traffic from network 4c destined for network 4d will be forwarded out Ethernet 0. * Traffic from network 3c destined for network 4d will be forwarded out Ethernet 0. * Traffic from network 2b destined for network 4d will be forwarded out Ethernet 0. * Traffic from network 4d destined for network 2d will be forwarded out Ethernet 0. Correct answer: C Traffic from network 2b destined for network 4d will be forwarded out Ethernet0. The other interfaces E1 and E2 are not subject to the access list since they la ck the access group statement to link them to access list 800. 83.The following commands were entered at the command prompt of a Cisco router. What do they accomplish? access-list 1000 deny 9e.1234.5678.1212 4 access-list 1000 permit -1 interface ethernet 0

ipx network 9e interface ethernet 1 ipx network 4a interface serial 0 ipx network 1 ipx output-sap-filter 1000 * File server advertisements from server 9e.1234.5678.1212 will not be forwarded on interface S0. * All other SAP services, other than file server, from any source will be forwar ded on S0. * All other SAP services, other than print server, from any source will be forwa rded on S0. * Print server advertisements from server 9e.1234.5678.1212 will not be forwarde d on interface S0. Correct answer: A & B File server advertisements from server 9e.1234.5678.1212 will not be forwarded o n interface S0. All other SAP services, other than file server, from any source will be forwarded on S0. 84.You receive input filter list is 800 and output filter list is 801? as part of the output from a show interfaces command. What kind of traffic are you filteri ng? * IPX/SPX * TCP/IP * LocalTalk * DDR Correct answer: A Because the access list is numbered in the 800 range, you are filtering IPX/SPX traffic. 85.Which service uses telephone control messages and signals between the transfe r points along the way to the called destination? * Signaling System 7 (SS7) * Time-division Multiplexing (TDM) * X.25 * Frame relay Correct answer: A Signaling System 7 (SS7) uses telephone control messages and signals between the transfer points along the way to the called destination. Time-division Multiple xing (TDM) has information from multiple sources and allocates bandwidth on a si ngle media. Circuit switching uses signaling to determine the call route, which is a dedicated path between the sender and the receiver. Basic telephone service and Integrated Services Digital Network (ISDN) use TDM circuits. X.25 and Frame Relay services have information contained in packets or frames to share non-ded icated bandwidth. X.25 avoids delays for call setup. Frame Relay uses permanent virtual circuits (PVCs). 86.Which service takes information from multiple sources and allocates bandwidth on a single media? * Time-division Multiplexing (TDM) * Signaling System 7 (SS7) * X.25 * Frame relay Correct answer: A 87.Which three devices can be used to convert the user data from the DTE into a form acceptable to the WAN service s facility? * Modem * CSU/DSU * TA/NT1 * CO * SS7 Correct answer: A, B & C A modem, CSU/DSU (Channel Service Unit/Data Service Unit), or TA/NT1 (Terminal A

dapter/Network Termination 1) can be used to convert the user data from the DTE into a form acceptable to the WAN service s facility. 88.What is the juncture at which the CPE ends and the local loop portion of the service begins? * Demarc * CO * Local loop * Last-mile Correct answer: A The demarcation or demarc is the juncture at which the CPE ends and the local lo op portion of the service begins. The CO (Central Office) is the nearest point o f presence for the provider s WAN service. The local loop or last-mile is the cablin g that extends from the demarc into the WAN service provider s central office. 89.You can access three forms of WAN services with Cisco routers. Select the thr ee forms: * Switched or relayed services * Interface front end to IBM enterprise data center computers * Using protocols that connect peer-to-peer devices like HDLC or PPP encapsulati on. * IPX/SPX * NetBEUI Correct answer: A, B & C You can access three forms of WAN services with Cisco routers. Switched or relay ed services include X.25, Frame Relay, and ISDN. An interface front end to IBM e nterprise data center computers includes SDLC. And, you can access the services of WAN providers using protocols that connect peer devices such as HDLC and PPP encapsulation. IPX/SPX and NetBEUI are LAN protocols. 90.Select the fields for the Cisco HDLC protocol: * Flag, Address, Control * Flag, Address, Control, Protocol, LCP (Code, Identifier, Length, Data), FCS, F lag * Flag, Address, Control, Data, FCS, Flag * Flag, Address, Control, Proprietary, Data, FCS, Flag Correct answer: D The Cisco HDLC frame format is Flag, Address, Control Proprietary, Data, FCS, Fl ag. The PPP frame format is Flag, Address, Control, Protocol, LCP (Code, Identif ier, Length, Data), FCS, Flag. The SDLC and LAPB format is Flag, Address, Contro l, Data, FCS, Flag. 85: Select the physical interfaces that PPP can be configured on a Cisco router: * Asynchronous serial * HSSI * ISDN * Synchronous serial Correct answer: A, B, C & D All four of them can carry PPP traffic. HSSI is High Speed Serial Interface. 91.Select the correct statements about PPP and SLIP for WAN communications? * PPP uses its Network Control Programs (NCPs) component to encapsulate multiple protocols. * PPP can only transport TCP/IP * SLIP can only transport TCP/IP. * SLIP uses its Network Control Programs (NCPs) component to encapsulate multipl e protocols. Correct answer: A & C 87a Which protocol for PPP LCP (Link Control Protocol) performs a challenge hand shake? * CHAP * PAP * UDP * IPX Correct answer: A

87b Which form of PPP error detection on Cisco routers monitors data dropped on a link? * Quality * Magic Number * Error Monitor * Droplink Correct answer: A The Quality protocol monitors data dropped on a link. Magic Number avoids frame looping. 92.Which protocol for PPP provides load balancing across multiple links? * Multilink Protocol (MP) * Quality * Magic Number * Stacker * Predictor Correct answer: A 93.As the system administrator, you type ppp authentication chap pap secret . Which authentication method is used first in setting up a session? * secret * PAP * CHAP * PPP/SLIP Correct answer: C 94.Select the compression protocols for PPP? * Stac * Predictor * Quality * Magic Number Correct answer: A & B 95.What are the three phases of PPP session establishment? * Link establishment phase * Authentication phase * Network layer protocol phase * Handshake phase * Dial-in phase Correct answer: A, B & C 96.What is the default IPX Ethernet encapsulation? * SNAP * Arpa * 802.2 * Novell-Ether * SAP Correct answer: D 97.What must be true for two Routers running IGRP to communicate their routes? * Same autonomous system number * Connected using Ethernet only * Use composite metric D)Configured for PPP Correct answer: A 98.The following is partial output from a routing table, identify the 2 numbers in the square brackets; 192.168.10.0 [100/1300] via 10.1.0.1, 00:00:23, Ethernet1 ' * 100 = metric, 1300 = administrative distance * 100 = administrative distance, 1300 = hop count * 100 = administrative distance, 1300 = metric * 100 = hop count, 1300 = metric Correct answer: C 99.Identify 3 methods used to prevent routing loops? * Split horizon * Holddown timers

* Poison reverse * SPF algorithm * LSP s Correct answer: A B C 100.Which statement is true regarding full duplex? * Allows for transmission and receiving of data simultaneously * Only works in a multipoint configuration * Does not affect the bandwidth * Allows for transmission and receiving of data but not a the same time Correct answer: A Full duplex is just the opposite of half duplex. It handles traffic in both dire ctions simultaneously. 101.Identify the switching method that receives the entire frame then dispatches it? * Cut-through * Receive and forward * Store and forward * Fast forward Correct answer: C Store and forward switching receives the entire frame before dispatching it. 98Identify the purpose of ICMP? * Avoiding routing loops * Send error and control messages * Transporting routing updates * Collision detection Correct answer: B ICMP is used to send error and control messages. Ping uses ICMP to carry the ech o-request and echo-reply. 99Which statement is true regarding the user exec and privileged exec mode? * The ? only works in Privileged exec * They are identical * They both require the enable password * User exec is a subset of the privileged exec Correct answer: D The user exec mode is a subset of the privileged exec mode. Only a certain numbe r of commands are available at the user exec mode. 102.Which OSI layer end to end communication, segmentation and re-assembly? * Network * Transport * Physical * Application * Data-Link * Presentation Correct answer: B Layer 4 the Transport layer performs this function. 103.What IP command would you use to test the entire IP stack? * Stack-test * Arp * Telnet * Ping * Trace Correct answer: C Because Telnet is an application and it resides at the top of the stack it trave rses down the stack and up the stack at the receiving end. 104.Identify the 2 hardware components used to manage and/or configure a router? * Auxiliary port * ROM port * Management port * Console port Correct answer: A D

The 2 hardware ports used to configure the router are the console and auxiliary ports. 105.What is the default bandwidth of a serial connection? * 1200 baud * 1.544 Mbps (T1) * 10 Mbps * 96Kpbs Correct answer: B The default bandwidth is T1. 106.Identify 2 functions of IPX access-lists? * Control SAP traffic * Limit number of Novell servers on a network * Limit number of workstations on a network * Block IPX traffic Correct answer: A D IPX access lists are used to restrict IPX traffic and SAP broadcasts. 107.Identify 2 HDLC characteristics? * Default serial encapsulation * Open standard * Supports Stacker compression * Supports point-to-point and multipoint Correct answer: A D HDLC is the default serial encapsulation and supports point-to-point and multipo int. It is not an open standard and does not support compression. 108.Identify 3 IP applications? * AURP * ARP * Telnet * SMTP * DNS * RARP Correct answer: C D E ARP and AURP are not part the application layer of the TCP/IP stack. SMTP - Simp le Mail Transfer Protocol, Telnet, DNS - Domain Name Services (name to IP resolu tion). 109.Identify 3 LAN technologies? * FDDI * HDLC * HSSI * X.25 * 802.3 * 802.5 Correct answer: A E F The question is asking for 3 LAN technologies, HDLC, HSSI and X.25 are all WAN t echnologies. 110.Identify the 4 that are not LAN technologies? * HDLC * FDDI * 802.5 * HSSI * SDLC * Frame Relay Correct answer: A D E F 802.5 and FDDI are LAN technologies 111.Which OSI layer supports the communication component of an application? * Data-Link * Physical * Session * Presentation

* Application * Transport Correct answer: E Layer 7 the Application layer performs this function. 112.Identify the length of an IPX address and it s components? * 80 bits, 48 bits network and 32 bits node * 32 bits, 16 bits network and 16 bits node * None of the above * 80 bits, 32 bits network and 48 bits node Correct answer: D IPX address has 2 components; network and node. The network address is 32 bits a nd the node is 48 bits, total of 80 bits. 113.Identify the administrative distance and appropriate routing protocol? * RIP = 255, IGRP = 100 * RIP = 100, IGRP = 120 * RIP = 1, IGRP = 0 * RIP = 120, IGRP = 100 Correct answer: D The administrative distance for RIP is 120 and IGRP is 100. The lower the AD the better the routing information. 114.Which OSI layer incorporates the MAC address and the LLC? * Data link * Network * Physcial * Transport Correct answer: ): A Layer 2 the Data-Link layer incorporates the MAC and LLC sublayers 115.If configuring a Cisco router to connect to a non-Cisco router across a Fram e Relay network, which encapsulation type would you select? * Q933a * ISDN * IETF * CISCO * ANSI Correct answer: C There are two types of Frame Relay encapsulations; Cisco and IETF. IETF is requi red when connecting a Cisco to a non-Cisco router. 116.Identify the 2 items that TCP and UDP share in common? * Both use port numbers to identify upper level applications * Operate at the Network layer * Both are Transport protocols * Both are reliable communications Correct answer: A C TCP and UPD are both layer 4 Transport protocols and both use port number to ide ntify upper level applications. 117.Identify 3 characteristics of IP RIP? * Distance vector * Administrative distance is 120 * Periodic updates every 60 seconds * Uses a composite metric * Can load balance Correct answer: A B E IP RIP is a distance vector protocol, it can load balance up to 4 equal cost pat hs and it s rating of trustworthiness is 120. 118.Which of the following is a layer 2 device? * Switch * Router * Repeater * Hub Correct answer: A

A Hub and Repeater are layer 1 devices. A Router is a layer 3 device. 119.Identify the definition of demarcation? * Date in which the WAN service contract expires * Cabling which extends from the WAN service provider to the customer * Division of responsibility, where the CPE ends and the local loop begins * Equipment which is located at the customer premises Correct answer: C Demarcation is the point in which responsibility changes hands. 120.Identify the 3 key features of the Cisco Discovery Protocol? * Off by default * Will allow for the discovery of layer 3 addresses on neighbor routers * Verify connectivity * Open standard * Does not require any layer 3 protocols to be configured Correct answer: B C E CDP is used for 2 basic reasons; neighbor connectivity and layer 3 discovery if configured. It is proprietary and is on by default. 121.Identify the 3 characteristics of IPX RIP? * Distance vector * Does not support multiple paths * 60 second updates * Default encapsulation is SAP * Uses ticks and hop count as a metric Correct answer: A C E IPX RIP is a distance vector routing protocol, it does support multiple paths, t he default encapsulation is novell-ether , it uses tick count as a primary metric a nd hop count as a tie breaker and it sends it s updates every 60 seconds. 122.Identify the access-list range for an extended IP access-list? * 800 - 899 * 1 - 99 * 1000 - 1099 * 100 - 199 Correct answer: D IP extended access-lists use the number range of 100-199. 123.Identify the X.25 addressing standard? * X.121 * X.25a * ITU-1 * Q933a Correct answer: A The X.25 layer 3 addressing standards is X.121. 124.Identify 3 features of IGRP? * Composite metric * New horizon * Flash updates * 60 periodic updates * Poison reverse Correct answer: A C E IGRP uses a composite metric made up of bandwidth and delay by default, it updat es every 60 seconds and will trigger an update if the topology changes. 125.Where is the backup configuration file stored? * RAM * ROM * Console * NVRAM Correct answer: D One location to store the backup configuration is NVRAM. 126.Identify the correct pair of Novell Ethernet encapsulation and Cisco termino logy? * Ethernet II, Snap

* Ethernet 802.3, Novell-Ether * Ethernet SNAP, Arpa * Ethernet 802.2, Snap Correct answer: B The default IPX LAN encapsulation is Novell-Ether which is 802.3 127.Identify 3 characteristics regarding IP access-lists? * Can be configured as a standard access-list * Can be run from another router running IP * Can be configured as a named access-list * Are the same as IPX access-lists * Can be configured as an extended access-list Correct answer: A C E There are 3 types of IP access-lists; standard, extended and named. Named access -lists can be either standard or extended depending on how they are configured. 128.Identify 3 ways in which a router can be configured? * TFTP * Nvram * Ping * Console * Trace Correct answer: A B D Changes to the configuration can be entered via the console, a config stored in NVRAM or on a TFTP server. Trace and ping are tools to verify connectivity. 129.A traffic light is an example of what type of mechanism? * Collision detection * Flow control * Sequence numbering * Network management Correct answer: B A Traffic light is an example of flow control. 130.Windowing is a type of? * Negative acknowledgement * Address resolution * Layer transition mechanism * Flow control Correct answer: D Windowing allow the sender and receiver to dictate how much information that can be received prior to an acknowledgement. It is a form of flow control. 131.Identify the 2 types of access-list filters that control SAP traffic? * Novell-ether * Arpa * Input-sap-filter * Round-robin * Output-sap-filter Correct answer: C E SAP s can be blocked by 2 methods; inbound and outbound. 132.Identify the 3 guidelines for routers in the same autonomous system? * Must be configured for IGRP or RIP * Interconnected * Assigned the same autonomous system number * Configured for the same routing protocol * Must be same model of router Correct answer: B C D Autonomous system must be interconnected, assigned the same AS # and configured with the same routing protocol. 133.Identify the hardware component used to store buffers, tables, running-confi guration etc? * NVRAM * ROM * RAM

* Flash Correct answer: C RAM is the dynamic memory area. ROM contains the boot strap code, NVRAM contains the startup-config and Flash contains the IOS. 134.Identify 3 UDP characteristics? * Reliable communication protocol * Applications that use UDP must incorporate reliability * Connection-less oriented * Incorporates no handshaking Correct answer: B C D UPD is a layer 4 Transport protocol. It is connection-less because it does estab lish a connection therefore the 3 step handshake is not needed, it does NOT impl ement any flow control or acknowledgments. Any application that uses UDP must in corporate any needed reliability. 135.Identify the IPX standard access-list number range? * 600 - 699 * 1000 - 1099 * 1 - 99 * 100 - 199 * 800 - 899 Correct answer: E IPX standard access-list range is 800-899. 136.Which OSI layer provides best effort end to end packet delivery? * Data-Link * Presentation * Network * Transport * Physical * Application Correct answer: C Layer 3 the Network layer performs this function. 137.Identify the 2 methods to modify the routers boot sequence? * Setup program * Boot system commands * RXBoot * Config-register Correct answer: B D Boot system command the config-register are used to manipulate the boot sequence. 138.Identify the 3 pieces of hardware you would not install to prevent broadcast s? * Switch * Repeater * Bridge * Router Correct answer: A B C Router are implemented not only to break up networks into smaller segments but t hey are used to block broadcasts. 139.Identify 2 features of PPP PAP authentication? * Username and password is sent in clear text * Authentication messages are sent periodically during the connection * More secure than CHAP * Remote node is control of authentication process Correct answer: A D PPP PAP authentication sends the username and passwords in clear text and the re mote node initiates the authentication process. 140.Identify the switching method that examines the destination MAC address as t he frame is being received then begins forwarding the frame prior to receiving t he entire frame? * Fragment-free * Store and Forward

* Cut-through * Fast forward Correct answer: C Cut through examines the destination MAC address and begins forwarding the frame prior to receiving the entire frame. 141.Identify 1 characteristic of RARP? * IP to MAC address translation * Connectionless delivery of packets * Can be used to initiate remote O/S load sequence * Generates error and control messages Correct answer: C Reverse Address Resolution Protocol is used to obtain a layer 3 address if the M AC address is known which then facilitates the loading of the O/S. 142.Identify the protocol to test connectivity without configuring any layer 3 p rotocols? * TCP * Ping * IP * CDP * Telnet Correct answer: D CDP can be used to verify connectivity prior to any layer 3 protocols being conf igured. 143.LMI operates between the Frame Switch and what other device? * CPE device * Another Frame Switch * X.25 switch * Novell File Server Correct answer: A LMI stands for local management interface. It operates between the Frame Relay s witch and the customer equipment. 144.Identify IPX SAP and it s purpose? * Sonet Access Pipe - interface to Sonet ring * Service Advertising Protocol - advertise services * Server Appletalk Protocol - appletalk directory services * Service Access Point - identify upper layer protocols Correct answer: B SAP is an Novell protocol to advertise services. 145.Identify the default values that make up IGRP s composite metric? * Bandwidth * Load * Reliability * MTU * Delay Correct answer: A E IGRP can be configured to use all 5 within it s metric. By default it uses bandwid th and delay. 146.Identify the default serial encapsulation? * ISDN * HDLC * SDLC * Frame Relay * PPP Correct answer: B The default serial encapsulation is HDLC. 147.Identify the purpose of ARP? * Avoiding routing loops * Determining a workstation s IP address * Sending a directed broadcast * Determining a workstation s MAC address

Correct answer: D ARP is used to find a devices MAC address given an IP address. 148.What is the purpose of the DLCI? * Identifies the remote routers * Contained with a 802.2 frame for routing purposes * Used with PPP during authentication * Identifies the PVC in a Frame Relay network Correct answer: D DLCI stands for Data Link Connection Identifier. It identifies the local PVC. 149.Identify 3 characteristics of the Network layer (OSI layer 3)? * Connection oriented * Path determination * Supports multiplexing * Manages sessions * Packet forwarding Correct answer: B C E The network layer is responsible for routing which entails learning the paths, s electing the best path and forwarding the packet. Because it services multiple l ayer 4 protocols it multiplexes. 150.Identify 3 characteristics of switches? * Increase available bandwidth * Decrease broadcast traffic * Support full duplex in a multipoint topology * Make forwarding decision using MAC address * Create collision domains Correct answer: A D E Switches operate at layer 2. They increase bandwidth by reducing the number of d evices sharing the media. They isolate collisions. Like a bridge they forward tr affic based upon layer 2 address/ MAC address. 151.Which OSI layer handles physical address, network topology? * Presentation * Physical * Transport * Application * Data-Link * Network Correct answer: E Layer 2 the Data-Link layer performs this function. 152.Identify 2 reasons for disabling CDP? * If the router is not configured for RIP * Save bandwidth by eliminating overhead * If the router is configured for Appletalk * When connected to a non-Cisco router Correct answer: B D CDP can be disabled here are a couple of reasons. Connecting a Cisco router to a non-Cisco router. Don t want to exchange CDP information to save bandwidth. 153.Identify 3 characteristics of ISDN? * Transports voice and data * Transports voice only * Support both BRI and PRI * Runs over existing phone lines * Same as X.25 Correct answer: A C D ISDN supports voice, data, and video. It runs over existing phone lines and supp orts 128K (BRI) and T1 (PRI). 154.Identify the 3 characteristics of IGRP? * Uses hop count as a metric * Supports multiple unequal paths * Administrative distance is 100 * Configured with an Autonomous system number

* Link state Correct answer: B C D IGRP is a distance vector routing protocol, it s degree of trustworthiness is 100, it can support up to 6 un-equal paths and must be configured with an autonomous system number. 155.Identify 2 features of PPP CHAP authentication? * Username and password is sent in clear text * Authentication messages are sent periodically during the connection * Less secure then PAP * Local router challenges the remote router Correct answer: B D PPP CHAP authentication message are sent periodically during the connection by c hallenging the other end of the connection. It is more secure than PAP and passwords and username are encrypted. 156.Identify the default IPX serial encapsulation? * Novell-Ether * SDLC * SNAP * HDLC Correct answer: D The default IPX serial encapsulation is HDLC. 157.Identify the hardware component that stores the backup configuration? * RAM * NVRAM * Flash * ROM Correct answer: B NVRAM contains the backup config. RAM is the dynamic memory area, ROM contains t he boot strap code and Flash contains the IOS. 158.Identify the extended IP access-list number range? * 600 - 699 * 1 - 99 * 900 - 999 * 100 - 199 Correct answer: D The extended IP access-list range is 100-199. 159.Identify 3 Fast Ethernet technologies? * 100 Base FastEther * 100 Base FX * 100 Base T4 * 100 Base TX Correct answer: B C D 160.BaseFastEther is false. 100 Base FX, TX and T4 are all valid. 161.Identify the OSI layer which is responsible for end-to-end connections? * Network * Transport * Session * Data link * TCP Correct answer: B Layer 4 is the Transport layer and is responsible for end-to-end connections. 162.Identify the 2 characteristics regarding MAC addresses? * Contains a network portion and host portion * Always assigned by System Administrator * 48 bits long * Contains a vendor code and serial number Correct answer: C D MAC addresses are assigned by the vendor. Each MAC address is 48 bits long and m ade up of 24 bits vendor code and 24 bits serial number. 163.Identify the number range for IPX SAP filters?

* 900 - 999 * 1000 - 1099 * 800 -899 * 100 - 199 Correct answer: B The IPX SAP filtering range is 1000-1099. 164.What is the purpose of ARP? * IP to host name resolution * Host name to IP address resolution * Mac to IP address resolution * IP to Mac address resolution Correct answer: D Address Resolution Protocol resolves the MAC address if the IP address is known. It is a layer 3 protocol. 165.Which OSI layer establishes, maintains and terminates sessions between hosts ? * Application * Physical * Data-Link * Presentation * Network * Session Correct answer: F Layer 5 the Session layer performs this function. 166.Which statement is true regarding Administrative distance? * It is a metric * Number of hops between two routers * Trustworthiness of the routing information * RIP Administrative distance is 100 Correct answer: C Administrative distance is rating of trustworthiness of the routing information. The lower the AD the better the information. 167.Identify the purpose of the Ping command? * Share routing information with a neighbor router * Transmit user data when buffers are full * Test connectivity at layer 3 * Test entire protocol stack Correct answer: C The ping command tests layer 3 connectivity. 168.Identify the order of the 5 step encapsulation? 1. Create the segment 2. Convert the frame to bits 3. Create the packet 4. Create the frame 5. User creates the data * 1,2,4,2,5 * 2,1,3,4,5 * 5,1,3,4,2 * 5,3,4,1,2 Correct answer: C Cisco 5 step encapsulation. 1) User creates Data 2) Data is converted into a segment at layer 4 3) The segment is converted to packet at layer 3 4) The packet it converted into a frame at layer 2 5) The frame is converted into bits at layer 1 169.The Cisco IOS is stored where? * ROM * CD * Flash

* NVRAM Correct answer: C By default the Cisco IOS is stored in flash. 170.Sequence and acknowledgement numbers are used for? * Layer transitioning * Flow control * Port number addressing * Reliability Correct answer: D TCP uses sequence numbers and acknowledgements to implement reliability. 171.Identify IPX GNS and it s purpose? * Go Network Server - sends a print job to a network server * Get Nearest Server - locate the nearest server * Guaranteed Network Services - allocates resources to users * Get Notes Server - locates Domino Server Correct answer: B GNS stands for Get Nearest Server, initiated by a workstation. 172.Identify the true statement regarding subnetting? * Allows for more host address * Borrow bits from the network portion of the address * Allows for unlimited number of networks * Borrow bits from the host portion of the address Correct answer: D Subnetting involves borrowing bits for the host portion of the address to be use d to subnet addressing. 173.Inverse ARP serves what purpose? * Method for a local router to introduce itself to the remote end of the connect ion * Broadcast a routing table update * Identify MAC addresses if the IP address is known * Sent every 10 seconds used to verify the Frame Switch is still active Correct answer: A Inverse ARP operates in a Frame Relay network so the two end points can identify themselves to each other. 174.Identify 3 characteristics of a MAC address? * Burned into the NIC * 48 bits long * Length is 32 bits * Used to deliver the frame to the end device * Contains a network portion and a host portion Correct answer: A B D The MAC address is 48 bits long not 32. It does NOT contain a network and host p ortion with the address. It is used to deliver the frame to the destination devi ce. 175.Identify 3 IP routing protocols? * RIP * AURP * OSPF * IGRP * ARP * ICMP Correct answer: A C D AURP and ICMP are not routing protocols. 176.Identify the type of routing protocol that exchanges entire routing tables a t regular intervals? * Link state * Interior gateway protocols * Appletalk routing * Distance vector Correct answer: D

Distance Vector routing protocols exchange entire routing tables with it s neighbo rs. Link State routing protocols exchange LSP s to share information regarding the networks they know. 177.Identify the type of hardware required to connect a Token ring network to an Ethernet network? * Repeater * TR-Enet * Router * Token Ring to Ethernet translation hub Correct answer: C Routers are used to connect dissimilar networks with different access-methods, l ike connecting Token Ring to Ethernet. 178.Identify 3 characteristics regarding CDP? * On by default * Shows only directly connected neighbors * Requires IP or IPX * 60 second update interval by default * 30 second updates interval by default Correct answer: A B D CDP stands for Cisco Discovery Protocol. It is used to discover directly connect ed neighbors, it is on by default and has a 60 second update interval by default . 179.Identify 2 transport layer protocols? * IP * TCP * CDP * ARP * UDP Correct answer: B E TPC and UDP are 2 layer4 Transport protocols. 180.Identify 2 features of X.25? * Supports only IP * Utilizes switched and permanent virtual circuits * Contains minimal flow control and error recovery * Utilizes LAPB as it s data-link protocol Correct answer: B D X.25 utilizes LAPB and uses switched and permanent VC s. It supports multiple laye r protocols and is heavy laden with error detection and correction mechanisms. 181.Identify the purpose of the Trace command? * Explorer packet transmitting routing information * Test connectivity * Determine the path a packet is taking through the network * Transmits user data when buffers are full Correct answer: C The trace command is used to determine the path a packet has taken through the n etwork. 182.Identify the purpose of the TCP 3 step handshake? * Setup a un-reliable connection * Initialize routing tables * Synchronize sequence numbers between hosts * Connection tear down process Correct answer: C The 3 step handshake establishes the parameters required for a TCP connection. D uring the handshake process sequence numbers are synchronized allowing for the e nd points to properly acknowledge and re-assemble the segments. 183.Identify 2 PPP characteristics? * Is proprietary to Cisco * Supports authentication * Support compression * Run on a multi-access network

Correct answer: B C PPP supports authentication; PAP and CHAP. It also supports compression; Stacker and Predictor. 184.Which statement is true regarding half duplex? * Only works in a point-to-point configuration * Allows for transmitting and receiving but not a the same time * Allow for transmitting and receiving of data simultaneously * Doubles the bandwidth Correct answer: B Half duplex is analogous to a single a lane bridge, it can handle traffic in bot h directions but no at the same time. 185.Identify the purpose of the wildcard mask? * Match a certain portion of the IP address while ignoring the rest of the addre ss * Determine the class of the IP address * Determine the network portion of an IP address * Hide the host portion of an IP address Correct answer: A The purpose of the wildcard mask to match a certain portion of the IP address wh ile ignoring the rest. 186.Identify the OSI layer associated with bits? * Physical * Network * Binary * Data link Correct answer: A The Physical layer converts the frames to bits. 187.Identify the type of routing protocol that maintains a topological database of the network? * Topological state * Shortest Path First * Link state * Distance vector Correct answer: C Link State routing protocols maintain a database that lists all the networks in the internetwork. 188.Identify the 3 major functions at layer 3 of the OSI model? * Forwarding process * Logical addressing * End-to-end connections * Path selection * MAC address examination * Network monitoring Correct answer: A B D Layer 3 determines the path, forwards the packet and implements software or logi cal addressing. 189.Identify the 2 rules used when configuring a Distance Vector routing protoco l? * Physically connected network(s) * Configure the classful address, no subnets * Enable CDP so neighbors can be detected * Configure all networks in Area0 Correct answer: A B When configuring a Distance Vector routing protocol only assign the physically c onnected networks with the classful address only. 190.Identify 3 characteristics of an IP address? * Contains a network portion and a host portion * 32 bits long * Unique to each network * Part of the default Cisco configuration

* Referred to as the hardware address Correct answer: A B C An IP address is 32 bits long, it is referred as the logical or software address . It contains a network and host portion. Each IP address is unique. 191.Identify 3 feature of access-lists? * Implicit deny will deny any packets not matched * Processed sequentially from bottom to top * Processed sequentially from top to bottom * If a packet is denied it would be tested against the remaining statements in t he access-list * Once a match is made the packet is either denied or permitted * Enabled on all interfaces by default Correct answer: A C E Access-list are processed from top to bottom, once a match occurs the packet is either denied or permitted and is no longer tested and if no match occurs the pa cket is denied via the implicit deny. 192.Which OSI layer performs code conversion, code formatting and encryption? * Physical * Data-Link * Application * Transport * Presentation * Network Correct answer: E Layer 6 the Presentation layers performs this function. 193.Identify the 3 methods routers learn paths to destinations? * Dynamic routing * None of the above, configured by default * Default routes * Administrative distance * Static routes Correct answer: A C E Routers can learn paths via 3 different sources; static routes, dynamic routing protocols (i.e. RIP) and default routes. 194.Identify the purpose of the following command ip route 192.168.100.0 255.255. 255.0 10.1.0.1' * Enabling a dynamic routing protocol * Creating a static route to the 10.1.0.0 network * Teaches the router about the distant network 192.168.100.0 and how it can be r eached via 10.1.0.1 * Assigning the IP address 192.168.100.0 to an interface Correct answer: C A static routes teaches the router about a distant network and the next hop to r each that network. Command syntax: ip route network-address subnet-mask next-hop-address 195.Based upon the 1st octet rule identify the range for a Class A address? * 1 - 126 * 192 - 223 * 128 - 191 * 1 - 191 Correct answer: A Class A address has the 1st octet between 1 - 126. Class B between 128 - 191 and Class C between 192 - 223. 196.What does a Standard IP Access-list use as test criteria? * IP source address * IP source and destination address, protocol numbers and port numbers * IPX source and destination address * Source MAC address Correct answer: A Standard IP access list use only source address.

197.What is the function of the Transport layer and which protocols reside there ? * MAC addressing - IP * Interhost communication - SQL, NFS * Best effort Packet delivery - TCP, UDP * End-to-end connections - TCP, UDP Correct answer: D Layer 4, the Transport layer, is responsible for end-to-end connections. The two TCP/IP protocols that reside there are TCP and UDP. 198.Identify the 3 Internet layer IP protocols? * NetBios * IPX * ARP * IP * RARP Correct answer: C D E NetBios and IPX are not layer 3 IP protocols. IP - Internet Protocol, ARP - Addr ess Resolution Protocol and RARP - Reverse Address Resolution Protocol. 199.IPX routing updates occur how often? * Every 30 seconds * Every 60 seconds * Only as needed * When the remote router asks for an update Correct answer: B IPX RIP updates are exchanged every 60 seconds. 200.Identify 3 methods not used to prevent routing loops? * Holddown timers * Sequence numbers * Triggered updates * Split horizon * Area hierarchies * Order of router startup Correct answer: B E F Area hierarchies, sequence numbers and order of router startup all relate to Lin k State routing protocols which do NOT incur routing loops. 201.Identify the hardware component that stores the bootstrap program? * ROM * NVRAM * Booter load * RAM * Flash Correct answer: A ROM contains the boot strap code. 202.Which OSI layer provides mechanical, electrical, procedural for activating, maintaining physical link? * Presentation * Network * Application * Physical * Transport * Data-Link Correct answer: D Layer 1 the Physical layer performs this function. 203.Identify 2 characteristics of PPP? * Uses LLC to establish the link * Default serial encapsulation * Support multiple layer 3 protocols * Offers two types of authentication; PAP and CHAP

Correct answer: C D PPP is not the default encapsulation and uses LCP not LLC to establish the link. It support multiple layer 3 protocols and supports authentication. 204.Identify 3 characteristics of a connection oriented protocol? * Path determination * Flow control * Acknowledgements * Uses hop count as metric * 3 step handshake Correct answer: B C E Connection oriented protocols must first establish the connection (3 step handsh ake), employ methods to acknowledge the receipt of data (acknowledgements) and s low down the flow of data if required (flow control). 205.What is the maximum hop count for IP RIP? * Infinity * 16 * 15 * 1 Correct answer: C 206.is the maximum hop count, underscoring the size limitation of RIP. 207.What is Cisco s default encapsulation method on serial interfaces? * ANSI * Cisco * Q933a * HDLC Correct answer: D Cisco s implementation of HDLC is only compatible with Cisco routers. It is the de fault encapsulation type for serial interfaces. 208.Which of the following is a characteristic of a switch, but not of a repeate r? * Switches forward packets based on the IPX or IP address in the frame * Switches forward packets based on the IP address in the frame * Switches forward packets based on the MAC address in the frame * Switches forward packets based only on the IP address in the packet Correct answer: C A repeater regenerates the signal it receives, a switch makes decisions based up on MAC addresses to determine whether a frame should be forwarded. Repeaters for ward all packets. 209.Ping uses which Internet layer protocol? * RARP * ICMP * ARP * FTP Correct answer: B Internet Control Message Protocol - ICMP is a management protocol and messaging service provider for IP. Its messages are carried as IP datagrams. ICMP is used in the following events: Destination Unreachable - If a router cannot send an IP packet any further, it u ses an ICMP echo to send a message back to the sender notifying it that the remo te node is unreachable. Buffer Full - If a routers memory buffer is full ICMP will send out a message to the originator. Hops - Each IP datagram is assigned a path. This consists of hops. If it goes th rough the maximum number of hops, the packet is discarded and the discarding rou ter sends an ICMP echo to the host. Ping - Ping use ICMP echo message to check connectivity. 210.Which is true regarding store-and-forward switching method? * Latency varies depending on frame-length * Latency is constant * It is default for all Cisco switches

* It only reads the destination hardware address before forwarding the frame Correct answer: A Store-and-Forward switching copies the entire frame into its buffer and computes the CRC. If a CRC error is detected, the frame is discarded, or if the frame is a runt (less than 64 bytes including the CRC) or a giant (more than 1518 bytes including the CRC). The LAN switch then looks up the destination address in its switching table and determines the outgoing interface. The frame is then forward ed to the outgoing interface. Cisco Catalyst 5000 switches uses the Store-and-Fo rward method. The problem with Store-and-Forward switching is latency is increas ed. Latency also varies with the size of the frame. The larger the frame, the mo re latency associated. This of course is due to the fact that the entire frame i s copied into its buffer before being forwarded. 211.Which three of the following are true statements about connection-oriented s essions? * The segments delivered are acknowledged back to the sender upon their receptio n * Any segments not acknowledged the are retransmitted by the receiver * A manageable data flow is maintained in order to avoid congestion, overloading and loss of any data * Segments are sequenced back into their proper order upon arrival at their dest ination Correct answer: A C D Connection-oriented services are useful for transmitting data from applications that are intolerant of delays and packet re-sequencing. FTP and Telnet applicati ons are based on connection-oriented services as well as some voice and video pr ograms. Any segment that is not acknowledged by the received is retransmitted by the sender. 212.What does a metric of 16 hops represent when using RIP? * Number of hops to the destination * Destination unreachable * Number of routers * Bandwidth Correct answer: B Routing Information Protocol (RIP) is a distance vector routing protocol that us ed hop count as its metric. The maximum hop count is 15, 16 hops is considered u nreachable. RIP updates are broadcast every 30 seconds by default. RIP has an ad ministrative distance of 120. 213.You need to come up with a TCP/IP addressing scheme for your company. Which two factors must you consider when you define the subnet mask for the network? * The location of DHCP servers * The volume of traffic on each subnet * The number of subnets on the network * The location of the default gateway * The number of host IDs on each subnet Correct answer: C E When determining which subnet mask to use, you must determine how many hosts and how many subnets are required. 214.What is the difference between TCP and UDP? * TCP is connection-oriented; UDP uses acknowledgements only * TCP is connection-oriented; UDP is connectionless * Both TCP and UDP are connection-oriented, but only TCP uses windowing * TCP and UDP both have sequencing, but UDP is connectionless The correct answer(s): B TCP provides guaranteed connection oriented delivery of packets, UDP does not. 215.What does the S mean when looking at the routing table? * Statically connected * Directly connected * Dynamically attached

* Shutdown route Correct answer: A Statically connected routes are those that an administrator has manually entered into the routing table. 216.Why would you use static routing instead of dynamic routing? * When you want automatic updates of the routing tables * All the time * When you have very few routes and want to conserve bandwidth * When you have a gateway of last resort Correct answer: C Static routes are typically used when there are very few routes and you want to conserve bandwidth. Since routing protocols are constantly sending their updates across the wire, it can cause a great deal of congestion. 217.On Cisco catalyst 5000 how would you set the second port on the controller i n the first slot to full duplex? * Set port duplex 1/1 full * Set port duplex 1/2 full * Set port duplex 0/1 full * Set port duplex 0/2 full Correct answer: B The syntax is: set type duplex slot/port 218.What does the acronym ARP stand for? * Address Resolution Phase * ARP Resolution Protocol * Address Resolution Protocol * Address Recall Protocol Correct answer: C The Address Resolution Protocol (ARP) resolved IP addresses to MAC addresses. 219.What is the default encapsulation of Netware 3.12? * Ethernet_II * 802.5 * 802.2 * 802.3 Correct answer: C The 802.2 Frame Type is the default frame-type for Netware 3.12. 220.Regarding frame relay, which of the following statements are true? * You must use ANSI encapsulation if connecting to non-Cisco equipment * You must use IETF encapsulation if connecting to non-Cisco equipment * You must use Q.933a encapsulation if connecting to non-Cisco equipment * You must use Cisco encapsulation if connecting to non-Cisco equipment Correct answer: B Cisco s encapsulation for Frame relay is proprietary. To communicate with non-Cisc o equipment when using frame-relay encapsulation, the IETF method must be used. 221.What is required to support full-duplex Ethernet? * Multiple paths between multiple stations on a link * Automatic sensing operation by all connected stations * Loopback and collision detection disabled * Full-duplex NIC cards Correct answer: C D Full duplex ethernet requires that the NIC supports full-duplex, and loopback an d collision detection are disabled. 222.Which layer is responsible for determining if sufficient resources for the i ntended communication exists? * Application * Network * Session * Presentation * Transport Correct answer: A The Application layer is responsible for determining if sufficient resources for

the intended communication exists. 223.What are the 2 functions of the Data Link Mac layer? * Handles access to shared media * Manages protocol access to the physical network medium * Provides SAPs for higher level protocols * Allows multiple devices to uniquely identify one another on the data link laye r Correct answer: B D Media Access Control (MAC) -The MAC sublayer manages protocol access to the phys ical network medium. The IEEE MAC specification defines MAC addresses, which all ow multiple devices to uniquely identify one another at the data link layer. 224.Describe End to End network services: (Choose all that apply) * Best Route selection * Accomplished Segment by Segment, each segment is autonomous * Flow Control & Data Integrity * Best efforts packet delivery Correct answer: A B C D All of the above End to End network services. 225.Which of the following provide correct information about a protocol at the t ransport layer of the OSI model? * UDP - Provides Connectionless datagrams service * TCP - Provides Connection Oriented Services * SMTP - Provides Mail Exchange * IP - Route determination * TCP - Provides Flow Control and Error Checking * FTP - Transfers of Files Correct answer: A B E Only TCP and UDP work at the Transport layer of the above choices. IP is a Netwo rk layer protocol. SMTP and FTP are application layer protocols. 226.Which protocol works at the Internet layer and is responsible for making rou ting decisions? * UDP * IP * TCP * ARP Correct answer: B Internet Protocol - IP provides routing and a single interface to the upper laye rs. No upper layer protocol and now lower layer protocol have any functions rela ting to routing. IP receives segments from the transport layer and fragments the m into packets including the hosts IP address. 227.Which layer is responsible for providing mechanisms for multiplexing upper-l ayer application, session establishment, and tear down of virtual circuits? * Session * Network * Physical * Transport * Application * Presentation Correct answer: D The Transport layer does the following: Responsible for end-to-end integrity of data transmission. Handles multiplexing upper-layer application, session establi shment and tear down of virtual circuits. Hides details of network dependent inf o from the higher layers by providing transparent data transfer. The windows works at this level to control how much information is transferred before an acknowle dgement is required. 228.Which of the following are logged when IP access list logging is enabled? * source address * protocol * source port * destination address

* access list number * destination port Correct answer: A B C D E F All of the above are logged when IP access list logging is enabled. 229.What s the default CDP holdtime in seconds for Cisco routers? * 30 seconds * 180 seconds * 90 seconds * 60 seconds Correct answer: B Cisco Discovery Protocol is a proprietary protocol to allow you to access config uration information on other routers and switches with a single command. It uses SNAP at the Data-Link Layer. By default CDP sends out a broadcast every 60 seco nds and it holds this information for 180 seconds. CDP is enabled by default. 230.Which two of the following protocols are used at the Transport layer? * ARP * UDP * ICMP * RARP * TCP * BootP Correct answer: B E TCP and UDP operate at the Transport layer. 231.LAN stands for which of the following? * Local Area Network * Local Arena Network * Local Area News * Logical Area Network Correct answer: A LAN stands for Local Area Network 232.Choose three reasons why the networking industry uses a layered model: * It facilitates systematic troubleshooting * It allows changes in one layer to occur without changing other layers * It allows changes to occur in all layers when changing one protocol * It clarifies how to do it rather than what general function to be done * It clarifies what general function is to be done rather than how to do it Correct answer: A B E Why do we have a Layered Model? 1) It reduces complexity 2) Allows for a standardized interface 3) Facilitates modular engineering 4) Ensures interoperable technology 5) Accelerates evolution 6) Simplifies teaching and learning 233.Which layer is responsible for identifying and establishing the availability of the intended communication partner? * Application * Presentation * Transport * Session * Network Correct answer: A The Application layer performs the following: Synchronizing sending and receivin g applications. Program-to program communication. Identify and establish the ava ilability of the intended communication partner, and determine if sufficient res ources exist for the communication. Popular application protocols include WWW, S MTP, EDI, FTP, Telnet, and SNMP NETWORKING 1.What is a default gateway? - The exit-point from one network and entry-way int

o another network, often the router of the network. 2.How do you set a default route on an IOS Cisco router? - ip route 0.0.0.0 0.0. 0.0 x.x.x.x [where x.x.x.x represents the destination address] 3.What is the difference between a domain local group and a global group? - Doma in local groups grant permissions to objects within the domain in which the resi de. Global groups contain grant permissions tree or forest wide for any objects within the Active Directory. 4.What is LDAP used for? - LDAP is a set of protocol used for providing access t o information directories. 5.What tool have you used to create and analyze packet captures? - Network Monit or in Win2K / Win2K3, Ethereal in Linux, OptiView Series II (by Fluke Networks). 6.How does HSRP work? 7.What is the significance of the IP address 255.255.255.255? - The limited broa dcast address is utilized when an IP node must perform a one-to-everyone deliver y on the local network but the network ID is unknown. OUTLOOK WEB ACCESS Q: What do I need for a Web Access server installation? First install the latest version of Active Server Pages for IIS 3.0 (version 1.0 b) -- this requires NT 4.0 SP 3. Then install Microsoft Exchange Server 5.0 with the Active Server Components opt ion. There is also a hotfix for NT 4.0 SP 3 for a problem with ASP applications leaking memory. It is recommended to install that hotfix. Also install Exchange 5.0 SP 1 since it is now released. The Web Access componen t is now named Outlook Web Access in SP 1. -------------------------------------------------------------------------------Q: Where do I get the things needed for installation? Get the latest version of Active Server Pages on your CD-ROM for NT 4.0 Service Pack 3 or from the Microsoft Web site at http://www.microsoft.com/iis/. If you g o through the Web page, you will need to register to download IIS 3.0. NOTE: IIS 3.0 _is_ Active Server Pages, it's an update to IIS 2.0, which ships w ith NT 4.0. Get Exchange Server 5.0 from whatever source you get your MS products through. R ead the README.WRI on the Server CD. Get the hotfix for ASP from the Microsoft FTP site at ftp://ftp.microsoft.com/bu ssys/winnt/winnt-public/fixes/ and then your respective country. Go to the /nt40 /hotfixes-postSP3/asp-fix/ directory and download the fix and README from there. Get Exchange Server 5.0 SP 1 from the MS FTP site at /bussys/exchange/exchange-p ublic/fixes/ and go to your respective language. Then traverse down into the /Ex chg5.0/Sp1/ directory and get the README.WRI for the service pack and read it. T hat will tell you where to get the update for the Exchange Server installation, and a separate file for just a Web Access component installation. -------------------------------------------------------------------------------Q: What do my clients need to view Web Access? A browser that supports frames, JavaScript, and cookies. Currently the browsers that are known to work are Netscape Navigator 2.0 and above and Microsoft Intern et Explorer 3.0 and above. The only browser that supports NT Challenge/Response authentication is Internet Explorer. Netscape browser users can use Challenge/Response if the Authentication Proxy fo r Netscape Browsers is installed. This can be downloaded from http://backoffice. microsoft.com/DownTrial/mapn.asp. For all other browsers, you must enable Plain Text Authentication. --------------------------------------------------------------------------------

Q: I thought Exchange Server 5.0 SP 1 was supposed to give me access to my Calen dar. Where is that functionality? Well, it was going to be in that release, but Microsoft has updated its statemen ts to say this: Initial Outlook Web Access release on June 23, 1997, doesn't support calendar an d group scheduling. Outlook Web Access with calendar and group scheduling is sch eduled to be available on http://www.microsoft.com/ in July or August 1997, and is scheduled to ship with the next release of Microsoft Exchange Server in the s econd half of 1997. This statement is available at the end of this Web page: http://www.microsoft.co m/Outlook/documents/OWA/Web_Acc.htm. -------------------------------------------------------------------------------Q: I'm using IE 3.x and I am running Outlook Web Access from Exchange Server 5.0 SP 1. Why can't I attach a file to a message? If you're running Win 95 or NT 4.0, you need to install an update to Internet Ex plorer called the File Upload Add-On. Get it at http://www.microsoft.com/msdownl oad/ieplatform/iewin95/iewin95.asp. If you're running IE for Win 3.1 or NT 3.51, you need to get IE 3.02a from http: //www.microsoft.com/msdownload/ieplatform/iewin31/iewin31.asp. -------------------------------------------------------------------------------Q: What settings need to be turned on for Web Access to work? Apart from what is mentioned in the README files, be sure that LDAP access to th e site in enabled. (Go to Exchange Administrator, expand your site Configuration and select Protocols.) HTTP access, of course, must be turned on also. And to sum up a few necessary settings mentioned in the README files: Users who will access Exchange must have Log On Locally permissions (granted in User Manager) for the Web Server. If turning on anonymous access to public folders, the Guest account on the Web S erver must be enabled. -------------------------------------------------------------------------------Q: When I go to http://myservername/exchange/, I don't get a logon screen for We b Access. What could be wrong? Check to see if other Active Server Page applications are able to run. Go to htt p://myservername/ASPSamp/ and run an app there. This will only work if you insta lled the ASP sample applications when you installed IIS 3.0. Also check to see t hat the account you're logging in as has rights to Log On Locally to the Web Ser ver. -------------------------------------------------------------------------------Q: I'm experiencing odd problems with the Web Access components. I can read mess ages, but not send them. What could be wrong? For Web Access to work, the mailbox you want to access must be on an Exchange 5. 0 Server. You might be able to view a mailbox on a 4.0 server, but it's not guar anteed, and some things will not work. -------------------------------------------------------------------------------Q: I have enabled NT Challenge/Response on my IIS server, but Internet Explorer either errors out or asks for a logon when I access Web Access. For Challenge/Response to work, the Web Access components and IIS must be on the Exchange Server where the mailbox is that you want to access. -------------------------------------------------------------------------------Q: After updating my Web server to NT 4.0 SP3 and applying the Exch5.0 SP1 Web c lient update, and putting SSL (Verisign certificate) on my Server Virtual direct ory, I can access the pages, but after a short while (varies) IE 3.02 for Window s 95 will GPF with the error: IEXPLORE caused a page fault in KERNEL32.DLL. This was posted to the Microsoft Exchange mailing list (http://www.msexchange.or

g) and several people had this same problem. It appears to only occur with IE 3. 02 and SLL + Outlook Web Access; testing with Netscape 3.0 & SSL worked fine. More info will be posted here as it is learned. -------------------------------------------------------------------------------Q: I'm getting Server Error pages returned when I access Web Access with IE or N etscape Navigator, but Web Access was working before. What should I do? First try reloading the page in your browser a couple of times to see if the err or stays. If that does not get rid of the error, restart the World Wide Web Publ ishing Service on your IIS Server. -------------------------------------------------------------------------------Q: How do I know what version of Active Server Pages I have installed? Find the ASP.dll and from Explorer select it, select Properties: ASP 1.0a 1.0b hotfix Reported Version 1.12.06.0 1.15.14 1.17.07

-------------------------------------------------------------------------------Q: Only MS Internet Explorer seems to work for Web Access. When my users using N etscape browsers try it, they get "Failed to get Inbox". Doesn't Web Access work with Netscape browsers? You only have Challenge/Response enabled. See the previous question for informat ion on how to update your Netscape browser to work, or enable Plain Text Authent ication. -------------------------------------------------------------------------------Q: If I have Challenge/Response disabled, what do I type when my browser asks fo r a user name and password? As is stated in the README for Exchange Server 5.0: In the Authentication box, type the user name in the following format: domain\user name For password, type the user's Windows NT domain password -------------------------------------------------------------------------------Q: I am trying to setup Web access for my Exchange server and I keep getting "40 4 Access Forbidden" messages. What could be wrong? Make sure the account you're logging in as has rights to Log On Locally to the W eb server. -------------------------------------------------------------------------------Q: When I first access my Web Access page, it prompts me for user name and passw ord. Can I disable that login box? Enable "Allow Anonymous" on the WWW server properties. -------------------------------------------------------------------------------Q: I am able to get to the list of items in my inbox, but I get an error when I try to open any mail items. What could be wrong? This has been seen happening if you are using Internet Explorer and have turned off "Run ActiveX Scripts" in the Security settings. That option is necessary for Web Access to run. -------------------------------------------------------------------------------Q: I am using the IE 4.0 beta/Platform Preview to view Web Access and am having problems. Can IE 4 be used against Web Access?

Several people on the Exchange mailing list have experienced problems running th e IE 4.0 beta against Web Access. Others have had it working without problems. M icrosoft's position on this is that it is a beta release, treat it as so (meanin g don't run it in a production environment and don't be surprised or upset that particular things don't work). -------------------------------------------------------------------------------Q: When I try to access anonymous public folders, I get the message "HTTP/1.0 50 0 Server Error (-2146893048)". Is there a setting I'm missing? According to Microsoft Knowledge Base (KB) article Q168661 at http://www.microso ft.com/kb/articles/q168/6/61.htm, this will occur if no folder shortcuts have be en defined for anonymous access. See the KB article for more information. -------------------------------------------------------------------------------Q: I get the message "HTTP/1.0 500 Server Error (-2146893048)" when accessing my mailbox over Web Access. What should I do? A few people on the Exchange mailing list mentioned that they had this error occ urring, when using IE 3.02. It was found that when Challenge/Response authentica tion was disabled for the IIS server (and plain text authentication used) the er ror went away. EXCHANGE BASIC 01 What is Exchange 2003 Forestprep? Exchange 2003 Forestprep extends the AD schema to include Exchange specific info rmation. 02 What is Exchange 2003 Domainprep? Exchange 2003 Domainprep creates the groups and permissions necessary for Exchan ge servers to read and modify user attributes. 03 What is a DC? A DC is a Windows 2000 or 2003 Domain Controller that holds active directory par titions for a domain (used for things like user authentication). 04 What is a GC? A GC is a Global Catalog Server. A GC holds a full set of attributes for the dom ain in which it resides and a subset of attributes for all objects in the Active Directory Forest. 05 What is DDNS and why do I need it? Dynamic DNS (described in RFC 2136) allows servers to dynamically update and cre ate records in DNS. Dynamic DNS is used by the Exchange server to create server records and other entries used by the Exchange Servers for things like message r outing. In a simple Exchange organization, DDNS is not strictly necessary, but m

akes administration much easier. 06 What is a border server? A border server is an Exchange server that communicates with external servers. I n a single server organization, your server is by default a border server. In a multi-server configuration, you may have one or more dedicated servers that comm unicate directly or indirectly with foreign servers and then pass the mail to ot her internal Exchange servers. 07 What is a mixed mode Exchange environment? An Exchange environment which contains Exchange 2003 or Exchange 2000 and Exchan ge 5.5 servers. 08 How does an Exchange 5.5 site compare to an Exchange 2003 Routing Group or Admin istrative Group? In a mixed mode Exchange environment the Exchange 2003 Administrative Group and Routing Group correspond to the Exchange 5.5 site. In a native Exchange 2000 env ironment, the Administrative Group is a group of Exchange objects sharing a comm on set of permissions and routing groups define how those servers communicate wi th one another. A single Administrative Group can contain several Routing Groups . Example: Your North American Exchange servers might be grouped in a single Adm inistrative Group, but subdivided into several Routing Groups to optimize inters erver communication. An Administrative Group contains zero or more Routing Group s. 09 Where s the Instant Messaging Server? The Exchange Instant Messaging Service is being replaced by the Microsoft Office Real-Time Communications (RTC) server. It is no longer a component of the Excha nge Server. For more information, see http://www.microsoft.com/office/preview/rt cserver/. 10 What is OMA? Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile Information Server 2002, are now built-in with all Exchange Se rver 2003 Standard installations. Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlo ok Mobile Access and Exchange Server ActiveSync help enable secure corporate e-m ail on a range of mobile devices including browser-based mobile phones, Microsof t Windows Powered Pocket PC, and Microsoft Windows Powered Smartphone devices. Adding this functionality to the core Exchange Server 2003 product reduces the n eed to deploy additional mobile server products in the corporate environment, th us lowering the total cost of ownership.

11 Why should I go to Exchange 2003 now? There are several reasons. A few are: 1. Opportunity for Server Consolidation From Exchange 5.5 and Exchange 2000 because you can get more mailboxes on an Exchange 2003 Server. 2. Better security features. The server is secure by default and has added t hings like automatic logoff for an inactive OWA session, Connection filtering, a nd has more junk mail features like real-time blacklists. 3. Availability enhancements such as End-to-End Outlook Monitoring, Improvem ents in ESM, Mailbox Recovery Center, and a Recovery Storage Group. 4. Increase in Mobile device support for Pocket PC s, Pocket PC Phones and Mic rosoft Windows-powered Smartphones. 12 What are the differences between Exchange 2000 and Exchange 2003? Some features that are new in Exchange 2003 are: Volume Shadow Copy Service for Database Backups/Recovery Mailbox Recovery Center Recovery Storage Group Front-end and back-end Kerberos authentication Distribution lists are restricted to authenticated users Real-time Safe and Block lists Inbound recipient filtering Attachment blocking in Microsoft Office Outlook Web Access HTTP access from Outlook 2003 cHTML browser support (i-Mode phones) xHTML (Wireless Application Protocol [WAP] 2.0) browser support Queues are centralized on a per-server basis Move log files and queue data using Exchange System Manager Multiple Mailbox Move tool Dynamic distribution lists 1,700 Exchange-specific events using Microsoft Operations Manager (requires Mic rosoft Operations Manager) Deployment and migration tools

13 What is the difference between Exchange 2003 Standard and Exchange 2003 Enterpri se editions? Standard Edition 16 GB database limit One mailbox store One public folder store NEW: Server can act as a front-end (post-Beta 2) Enterprise Edition Clustering Up to 20 databases per server X.400 Connectors Both Editions support features such as: Database snapshot OMA and ActiveSync AirMAPI Recovery Storage Group Exchange Management Pack for MOM Note: It is not possible to in-place upgrade Exchange 2000 Enterprise Edition t o Exchange 2003 Standard Edition. 14 What s the difference between Exchange 2003 and Windows 2003? Windows Server 2003 provides significant enhanced functionality that Exchange 20 03 takes advantage of: Outlook HTTP access IIS 6.0 and Windows RPC Proxy service in Windows Server 2003 enable communicatio n between Outlook 2003 and Exchange Server 2003 by means of HTTP. Outlook 2003 u sers can synchronize directly with the server running Exchange Server 2003 over a HTTP or HTTPS connection. Internet protocol support IIS 6.0 provides Exchange with its support for many common Internet access proto cols that increase the flexibility of the operating system, such as HTTP, Post O ffice Protocol version 3 (POP3), Internet Message Access Protocol version 4 (IMA P4), and Simple Mail Transfer Protocol (SMTP). Active Directory Windows provides Active Directory, upon which Exchange depends for user informat ion, mail routing information, user authentication, and LDAP read and write func tions.

Support for clustering Exchange Server 2003 provides better support for clustering, which enables high availability of a company s infrastructure. Customers can choose to run up to 8-no de clusters, with at least one passive node, when running Exchange 2003 on Windo ws Server 2003, Enterprise Edition. (In Windows 2000 Advanced Server, clustering was limited to two nodes, one active and one passive; if a company chose to run Windows 2000 Datacenter Server, clustering was limited to four nodes.) Volume Shadow Copy service This and Virtual Disk Service are part of a storage framework that provides hete rogeneous interoperation of storage hardware, storage software, and applications . Exchange 2003 writes to the Volume Shadow Copy service on Windows Server 2003, reducing dramatically the backup and restore times for Exchange messaging envir onments. This enables IT departments to support greater numbers of users per ser ver and reduces the total number of servers running Exchange in their environmen t. SETUP/UPGRADE 01 How can I merge multiple directories to create a unified Exchange organization? Microsoft s Meta-Directory Services (MMS) HP s LDAP Directory Synchronization Utility CPS Systems SimpleSync

ADSI (code, code code) 02 Can I upgrade from the evaluation edition of Exchange 2003 Enterprise Server to the RTM standard version of Exchange 2003 Server? No this is technically a downgrade from enterprise to standard. You can only upg rade the evaluation version of Exchange 2003 Enterprise to Exchange 2003 Enterpr ise RTM. 03 How can you tell how many days remain until the evaluation copy of Exchange 2000 Server expires? The Exchange Server Setup Progress Log includes the date on which the Exchange s erver was installed. Take the difference between that date and today s date and su btract it from 120 to determine how many days remain in your evaluation. 04 My evaluation version has expired! Are my databases toast? No. Install a full version of Exchange 2000 Enterprise and you can continue to u se your existing databases. 05 I plan to run Exchange in a hosted environment, where can I find information on how to configure my Exchange server to host multiple companies 06

What happened to the M: drive? The EXIFS (M: drive) feature has been disabled by default. If the feature is sti ll needed, it can be assigned to an available drive letter with a registry setti ng. 07 Can Exchange 5.5 or Exchange 2000 run on Windows 2003? NO. Windows 2003 uses IIS 6.0, which has been re-engineered to keep up with best practices and industry standards. Windows 2003 has an IIS 5.0 compatibility mod e, however, it is not compatible with Exchange 5.5 or Exchange 2000. Therefore, neither Exchange Systems are compatible with Windows 2003. 08 Can I run Exchange 2000 with an AD infrastructure with Windows 2003 DC s? YES, all exchange versions will run in an AD 2003 environment. Exchange 2000 wil l benefit from some of the new features in AD 2003 and Exchange 5.5 has an ADC s pecifically for an Exchange 5.5/ AD 2003 environment. If AD 2000 is upgraded to AD 2003, the ADC will need to be upgraded also.* 09 Can I upgrade Exchange 2003 Beta 2 to RTM? NO. Microsoft will not support any deployment of Beta 2 into a production enviro nment. Their official position is, Exchange 2003 Beta 2 should not be deployed in a production environment. You can deploy Exchange 2003 Beta 2 in a test environ ment only. 10 Can I upgrade Exchange 5.5 in place to Exchange 2003? NO. In place upgrades to Exchange 2003 must already be Exchange 2000 SP3 and Win dows 2000 SP3 or later. The only upgrade paths from 5.5 to 2003 are; an in place upgrade to Exchange 2000 then an in place upgrade to Exchange 2003 or the leap frog migration which requires another server. 11 How should I upgrade from Exchange 5.5 to Exchange 2003? Since Exchange 5.5 can not be upgraded in place, The Active Directory should be upgraded to AD 2003, setup the new ADC and then install a new Exchange 2003 serv er. Then move users from 5.5 to 2003. 12 Where s the Instant Messaging Server? The Exchange Instant Messaging Service is being replaced by the Microsoft Office Real-Time Communications (RTC) server. It is no longer a component of the Excha nge Server. 13 What are the Supported FE/BE scenarios? (i.e. E2003 FE with E2k BE etc.)

It is not sufficient to simply upgrade front-end servers to Exchange 2003 for us ers to get the new interface. You must upgrade back-end servers to Exchange 2003 as well Interface matrix Ex2000 Ex2003 Ex2000 Ex2003 FE FE FE FE + + + + Ex2000 Ex2000 Ex2003 Ex2003 BE BE BE BE = = = = Ex2000 OWA Ex2000 OWA Not supported (AG protected) Ex2003 OWA

Ability to Reply and Forward to Messages and Posts in Public Folders is only ena bled when the client is using a front-end server. Forms-based authentication (FB A) is functional for deployments where the FE is Exchange 2003, but the mailbox is still on Exchange 2000. However, session timeouts are handled much better if the BE are also Exchange 2003 14 What do I need to get RPC over HTTP working? Client Outlook 2003, Windows XP with Service Pack 1 + Q331320 Server-side Exchange 2003 on Windows 2003 for FE (if FE is deployed) Exchange 2003 on Windows 2003 for BE Exchange 2003 on Windows 2003 for Public Folders Exchange 2003 on Windows 2003 for System Folders Windows 2003 for Global Catalog server When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003 clients can connect simply using HTTP or HTTPS, thereby reduc ing the need for virtual private networks (VPNs) or dial-up remote access. If re mote users only need to gain access to corporate messaging information, your IT department may not need to deploy VPN infrastructure. VPN-less access reduces co sts and provides for increased security by ensuring that remote Outlook users do n t need access to the entire network. 15 What do I need in order to install Exchange 2003? A partial list includes: DNS (preferably DDNS) Active Directory 2000 or 2003 Permissions to update the Schema Hardware sufficient to run Exchange 2003

Windows 2000 SP3 applied to all DCs, GC, and all (future) E2K2 servers, or Wind ows 2003. 16 I m running Exchange 5.5 and would like to upgrade to Exchange 2003. Can I upgrade directly? No. The only supported upgrade in place is from Exchange 2000 SP3 or later. You would need to first upgrade your Exchange 5.5 server to at least Exchange 2000 S P3 and then upgrade in place to Exchange 2003. Another option is to exmerge out your current users and exmerge them into an Exchange 2003 server. And the only o ther option is called the leap frog migration. You configure the Active Director y Connector (ADC) for Exchange 2003 between the Active Directory and Exchange 5. 5 Directory Service. Install a new Exchange 2003 server into the enterprise and move the Exchange 5.5 users to Exchange 2003. 17 Can I install Exchange 2003 on Windows 2000 server? Yes, but Windows 2000 must have SP3 loaded first. 18 Can I rename or move the default groups created by Exchange during domainprep an d forestprep? Only if you want to horribly break your Exchange installation. 19 What are the minimum hardware requirements for Exchange 2003? The minimum practical hardware requirements in our experience are 1.25 times the disk space one would allocate under Exchange 2000, 1GB RAM (4GB minimum if the Exchange server also serves any other function) and the fastest processor(s) you can afford. 20 Am I better off with one really fast processor or two somewhat slower processors ? You re better off with two really fast processors. But, with all other things bein g equal, two processors are better than one with Exchange 2003. In most instance s, a 2-processor machine would be preferable. 21 Can I have multiple Exchange 2003 organizations in a single forest? No. Only a single E2K3 organization can exist within a single forest. Delegation of administration within the organization can be accomplished using OUs in AD a nd Administrative/ Routing Groups in the Exchange system manager. 22 Can an Exchange 2003 organization span multiple forests? No. All domains in a forest share a common schema and the Exchange organization exists within this configuration naming context. The GC, which provides the Glob

al Address List is populated only with items within the forest 23 What ports does Exchange use? A partial list of the ports your Exchange server might use is included below 25 SMTP 53 DNS 80 HTTP 88 Kerberos 102 X.400 110 POP3 119 NNTP 135 RPC 137 139 NetBIOS Session Service NetBIOS Name Service

143 IMAP4 379 LDAP (SRS) 389 LDAP 443 HTTP (SSL) 445 NetBIOS over TCP

465 SMTP (SSL) 563 NNTP (SSL) 636 LDAP (SSL) 691 LSA 993 IMAP4 (SSL) 994 IRC (SSL) 995 POP3 (SSL) 1503 T.120 1720 H.323 1731 Audio conferencing 1863 MSN IM

3268 GC

3269 GC (SSL) 6001 Rpc/HTTP Exchange Store 6002 HTTP Exchange Directory Referral service 6004 Rpc/HTTP NSPI Exchange Directory Proxy service/Global Catalog 6667 IRC/IRCX 6891 6901 7801 24 6900 MSN IM File transfer

MSN IM Voice 7825 MSN IM Voice

Exchange Group Policy Notes, what should I do? A: Do Not delete the Default Domain Policy or Default Domain Controller Policy i n your Active Directory. The Exchange domain prep operation targets a policy with GUID 6AC1786C-016F-11D2 -945F-00C04fB984F9 for its operations. If it doesn t find it, domain prep will fai l.

ADMINISTRATION

01 What happened to the M: drive? The EXIFS (M: drive) feature has been disabled by default. If the feature is sti ll needed, it can be assigned to an available drive letter with a registry setti ng. 02 Do I need Windows XP to use Outlook RPC over HTTP? Yes. Windows XP with Service Pack 1 + KB331320 03 When will Exchange 2003 SP1 be available? When it is ready 04 How do I configure the Recovery Storage Group? In Exchange 2003, there is a new feature called the Recovery Storage Group (RSG). This is a special instance of ESE (a 5th instance) which can be spun up to provi

de: a. Item/Folder/Mailbox level restore without the need for a spare server b. Dial tone (blank mailbox) support if you lose a database and need to get the us ers quickly up and running for send/receive To create the RSG, go into Exchange 2003 ESM, right-click on your server object and choose to create a new Recovery Storage Group. Once the RSG exists, you can add a database to it (any MDB from any Storage Grou p from any server inside the same Admin Group). Then, use NTBackup or similar to restore a backup into the RSG. Now, you can use ExMerge to extract the data fro m the RSG and merge it into the production database (for scenario a.), or you ca n swap the RSG-restored database for the temporary production database (for scen ario b). One of the goals for the Recovery Storage Group 05 Under Exchange 5.5 I couldn t restore a single mailbox without 3rd party products. With Exchange 2003, is it any easier to restore a single mailbox or back up a s ingle mailbox? Yes and no. Under Exchange 2003, a mailbox is not deleted immediately when a Win dows account is deleted. Although restores have been greatly improved with the n ew Recovery Storage Group (RSG) and the Volume Shadow Copy Service, there is no built in mechanism for backing up a single Exchange mailbox. This would still re quire a 3rd party brick level backup utility. 06 Can I back up the EXIFS drive using NT Backup or another backup application? You can, but you will be sad. Do NOT back up the EXIFS drive of an Exchange 2003 server. It can result in messages and attachments being inaccessible via the Ou tlook client. 07 How can I prevent a user from sending and receiving Internet mail? Follow the steps outlined below: 1. Create a group called InternalOnly.

2. Create a recipient policy that gives them a fake SMTP address. i.e. @fake .domain. Leave the X400 address alone so they can receive internal mail. 3. Drill down through Routing Groups > Group Name > Connectors > SMTP intern et connector(s), choose its properties. Choose the Delivery Restrictions tab, an d under reject , add this group. Do this for each connector. 4. Follow the steps in KB277872, regarding Connector Restrictions. [Now they can't use the SMTP connector(s) to send external mail] 08 What tools are used to administer Exchange 2003? Active Directory Users & Computers contacts. Exchange System Manager Used to create users, distribution groups and

Used to manage the Exchange Server, create address lists

, recipient policies, and now does some user level actions 09 Can I use Exchange 2000 tools to manage Exchange 2003 Servers? No, the property sheets of the 2003 servers will appear as read-only. You should avoid using Exchange 2000 ESM in environments where Exchange 2003 is installed. Not only will you not be able to access new Exchange 2003 features, but there i s also the risk of damage to new objects that Exchange 2000 does not understand. If you must continue to use Exchange 2000 ESM, apply the latest Exchange 2000 S P3 roll-up to your Admin workstation(s) http://microsoft.com/downloads/details.a spx?FamilyId=E247C80E-8AFA-4C2A-96B3-F46D1808C790&displaylang=en The roll-up includes support for the msExchMinAdminVersion attribute (also known as ESM versioning). Essentially, each Exchange object in the AD is stamped with a minimum admin version. If ESM detects that the data value is greater than the version of ESM running, it will not allow edits to that object. 10 Can I use Exchange 2003 tools to manage Exchange 5.5 and Exchange 2000 Servers? Yes, with the exception of the following Exchange 2000 components; Key Managemen t Server, Exchange Instant Messaging, Chat, MS-Mail / Schedule+ / DirSync / cc:M ail Connectors 11 I created a user in AD Users and Computers, but in the Exchange system manager i t doesn t appear under Mailbox Store Mailboxes. What did I do wrong? Probably nothing. A mailbox will not appear under Mailbox Store Mailboxes unti l either someone has logged into the mailbox or the mailbox has received a mail message. Some administrators send a welcome message to a mailbox shortly after i t has been created, which would cause it to appear. 12 I created a secondary Public Folder Hierarchy, but only the original public fold er hierarchy appears in Outlook. Current versions of Outlook only support a single public folder hierarchy. Secon dary Public Folder hierarchies can be accessed with the web. 13 In Exchange 5.5, I could have multiple mailboxes associated with a single user a ccount. How do I do that in Exchange 2003? Exchange 2003 requires a user object for each mailbox. You can create a disabled user object, associate a mailbox with it, and then grant another user object rec eive as and send as permissions to that mailbox. 14 What is the difference between receive as and send as ? allows a user to send out

Receive as allows a user object to open a mailbox. Send as a mail message as the mailbox that has been opened.

15 How do I restrict a user or domain from sending mail to my users? First, add the address or domain you wish to filter to the Filtering Tab of the Message Delivery Global Settings. Next, you need to apply the filter to the SMTP virtual server you wish to filter. (Administrative Group Server Protocols SMTP <SMTP Virtual Server> Properties Advanced <select the IP address f or which you wish to enable filtering> Edit Apply Filter). Normally, you wou ld only want to apply message filtering to the border SMTP servers (servers that communicate directly with External servers). 16 I ve created more than one address list. Which list will users see for their GAL? The following criteria are used when determining what a client will see for the Global Address List. Which Address List do you have permissions to see? Which Address List contains your mailbox object as an entry? If your mailbox appears as an object in more than one address list: Which of the remaining Address Lists contains more entries? 17 What do the event IDs mean in the message tracking log? They are listed in Appendix A 18 Is Single Instance Storage maintained when moving users between servers e groups databases? Yes 19 In my native E2K3 organization is there any requirement for RPC connectivity bet ween servers? In order to move users between servers, RPC connectivity is required. 20 How can I archive messages sent or received by my users? 1. Messages can be archived on a per store basis by enabling the option on t he general properties tab of the Mailbox Store in the Exchange System Manager. 2. Use an event sink (either write your own or use the simple one provided b y Microsoft and described in Archive Sink Readme.txt 3. 21 Use a 3rd party message archival tool. storag

Why when I try to add an additional mailbox store do I receive the following err

or? This storage group already contains the maximum number of stores allowed. ID no: c1034a7a You are running the standard version of Exchange 2003 which is limited to a sing le 16GB private information store. 22 How do I get the Exchange Advanced Tab in Active Directory Users and Computers? Open Active Directory Users and Computers. Click on the View menu item at the to p of the application. Select Advanced Features on the menu list. When you open a p roperty page for an Active Directory object that has a mailbox associated with i t, you will now see the Exchange Advanced tab at the top. 23 How do I control the format of the addresses before the @ sign in a recipient po licy? You can use the following variables: %g Given Name, %s Surname, %i initials in t he recipient policy. Examples: User: Tommy Lee Jones Domain: company.com %g.%[email protected] = [email protected] %1g%[email protected] = [email protected] %g%[email protected] = [email protected] Less commonly used variables include, %m (alias) and %d (display name). 24 How do I make Exchange automatically send a welcome message to all newly created users? There is nothing in the product that will do this. You can create a WELCOME.MSG that you deploy with Outlook, but that only applies the first time Outlook is op ened after creating a new profile. Otherwise, you could script mailbox creation and send a message at the end of the script. 25 Is there any way to append a text message to all out bound email for Exchange 20 03? On a single Exchange server deployment, there is no 100% reliable way to accompl ish this with an SMTP Transport Event Sink; even though KB273233 suggests that c reating a second SMTP Virtual Server works. However, at startup the Exchange Inf ormation Store binds to the SMTP Virtual Server that starts first and you can no t rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 pr oposes. Also note that under special circumstances the database can become corru pted if you use an SMTP Transport Event Sink to manipulate outgoing (MAPI) messa ge contents. This is currently under investigation by Microsoft and a QFE to pre vent the store corruption is under development. **** There are 3rd party products that will do this too. 26

How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script? You can do it, however, see there are limitations. It reliably works only on a b order server, which can be either a Windows 2000 or 2003 SMTP Server with or wit hout Exchange 2000/2003 installed. For more information, see KB317327 and KB3176 80 27 How can you tell the exact version of Exchange you are running? Here is a list of build numbers for Exchange 2000/2003: Exchange 2000 4417.5 = Exchange 2000 RTM 4712.7 = Exchange 2000 SP1 5762.4 = Exchange 2000 SP2 6249.4 = Exchange 2000 SP3 6396.1 = Exchange 2000 Post-SP3 Super Roll-up 63xx/64xx = Exchange 2000 Post-SP3 Hotfixes Exchange 2003 6728.12 = Exchange 2003 Beta 1 6803.8 = Exchange 2003 Beta 2 6851.10 = Exchange 2003 Release Candidate 0 6895.5 = Exchange 2003 Release Candidate 1 (Candidate) 28 How do I add a disclaimer to outgoing SMTP messages in Visual Basic? How To: Add a Disclaimer to Outgoing SMTP Messages in Visual Basic 29 Resource / Conference room scheduling Outlook 2003 offers basic resource booking functionality through Direct Booking. For more information refer to Direct Booking of Resource Without a Delegate Acco unt There are 3rd party products such as Exchange Resource Manager and AutoAccept Si nk for Exchange that will automatically accept/decline meeting requests for conf erence rooms and other resources. 31 How do I find an SMTP mail address in Active Directory if Active Directory Users and Computers tells me it is in use when I try to create a new user? KB317327

Either open Outlook to create a new message with that SMTP address and hit CTRL+K to resolve it, or use a Windows Scripting Host script to find it. For the latter , see http://www.cdolive.net/download/adusermanagement.zip (look for FindUserWit hADSI.wsf and FindUserWithCDO.wsf) 32 How do I Enable the Security Tab for the Organization Object? This tab is not enabled by default. For instructions on how to enable it see KB2 64733 33 How do I restrict users from Creating Top-Level Folders? For Exchange 2000 public folders, you can follow the instructions in this articl e KB256131. But with Exchange 2000, however, any time a new server is added to t he organization, these permissions will be reset. In Exchange 2003 these permission are restricted by default so to install Exchan ge 2003, you will automatically restrict them. Allow create top-level public folder access control entry for everyone permissions and allow anonymous logon from the organization container permissions are removed during the installation of Exchange 2003.***** 34 Why do the storage quota settings not take effect immediately? This problem has been fixed in AN Microsoft Exchange 2000 Server Post-Service Pa ck 3 MDB patch. For more information see KB327378 35 How do I limit which Outlook client versions can access my server? You need to create the Disable MAPI Clients registry value to disable MAPI clien t access. For more information, see KB288894 37 How do I disable the Automatically update e-mail addresses based on recipient pol icy on all users or contacts? Default setting for msExchPoliciesExcluded is empty Once disabling the automatic e-mail address update it is: {26491CFC-9E50-4857-861B-0CB8DF22B5D7} Default setting for msExchPoliciesIncluded is: {26491CFC-9E50-4857-861B-0CB8DF22B5D7} plus a unique GUID for each applied Recipie nt Policy separated by a comma And after turning off the automatic update msExchPoliciesIncluded is only: {26491CFC-9E50-4857-861B-0CB8DF22B5D7}

Migration

01 Can I use Exchange 2003's OWA to access a mailbox on an Exchange 5.5 or Exchange 2000 server? Yes and No. Exchange 2003 can access a 2000 back-end server however, it will rem ain the same as Exchange 2000 OWA. As for Exchange 5.5, the enhanced OWA is buil t directly into the store technology and only a mailbox residing on an Exchange 2003 server can be accessed using the enhanced OWA interface. Nice try, though. 02 Can I use Exchange 5.5's OWA to access a mailbox on an Exchange 2003 server? Yes. But you will not get the look and feel or the added features from the 2003 servers. 03 How do I remove the ADC after moving all of my users to an Exchange 2003 server? First, you need to use the Exchange 5.5 Admin program to delete the directory re plication connectors (Org Site Configuration Connections). Once you have d eleted the connections, you need to be logged on with an account with Schema Adm in privileges to delete the ADC connector. 04 How many Global Catalog servers should I deploy? There is no hard and fast rule in this regard. Some potential guidelines include : 1. 2. 3. At least 1 per routing group One for every 4 Exchange servers in a routing group One (or more) for each physical location

Transport 01 What additional queues have been exposed? All the system queues like the failed message retry queue, DNS messages pending submission, and messages queued for deferred delivery are now exposed to enhance trouble shooting. 02 Is there any way to append a text message to all out bound email for Exchange 20 03?

On a single Exchange server deployment, there is no 100% reliable way to accompl ish this with an SMTP Transport Event Sink; even though KB273233 suggests that c reating a second SMTP Virtual Server works. However, at startup the Exchange Inf ormation Store binds to the SMTP Virtual Server that starts first and you can no t rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 pr oposes. Also note that under special circumstances the database can become corru pted if you use an SMTP Transport Event Sink to manipulate outgoing (MAPI) messa ge contents. This is currently under investigation by Microsoft and a QFE to pre vent the store corruption is under development. **** There are 3rd party products that will do this too. 03 How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script? You can do it, however, see there are limitations. It reliably works only on a b order server, which can be either a Windows 2000 or 2003 SMTP Server with or wit hout Exchange 2000/2003 installed. For more information, see KB317327 and KB3176 80 04 Can I view the queues on a per server basis? Yes, in the new Queue Viewer in the Exchange 2003 System Manager. 05 How do I move SMTP queues and badmail directories? Exchange 2003 allows you to change the location of queue directories for SMTP vi rtual servers and X.400. The Directions are in the document entitled de 06 What do the various queue names mean? DNS messages pending submission Contains delivery status notifications (DSN), al so known as non-delivery reports that are ready to be delivered by Exchange. The Delete All Messages (no NDR) and Delete All Messages (NDR) functions are unavai lable for this queue. Messages queued for deferred delivery Contains the messages marked by the client for deferred delivery or messages simply awaiting delivery at a different time. Failed message retry Contains messages that have been marked as retry due to a d elivery failure. This queue also does not have the NDR functions mention in the DNS messages pending submission queue. 07 How do I activate the real time safe block list? Enabling connection filter involves two steps: 1. Create the recipient filter using the Connection Filtering tab on the Mes Exchange Titanium Getting Started Gui

sage Delivery Properties under Global Settings. 2. 08 How do I filter incoming mail by subject or attachment? Exchange 2003 does not have any built-in function to accomplish that. Either loo k for a third party tool or develop your own Windows SMTP Transport Event Sink. 09 How do I limit the maximum amount of messages the SMTP queue can hold? You have to use the MaxMessageObjects registry key. 10 How do I strip the attachment from an NDR? You can do this through a registry entry. But there are two drawbacks. Once this is done, the details that are necessary to display the notification in the prev iew pane are stripped, and the originator of the message cannot use the Send Aga in option. 11 How do you restrict Distribution Lists? Submissions can be restricted to a limited number of security principles though the standard Windows Discretionary Access Control List (DACL). This feature prev ents non-trusted senders, such as unauthorized Internet users, from sending mail to an internal only distribution list. An example of this would be an All Employ ees distribution list which should not be available to anyone outside the company (by spoofing or otherwise). Note Restricted distribution lists will only work o n the bridgehead servers or SMTP gateway servers running Exchange 2003. To set restrictions on a distribution list 1. Click Start, point to All Programs, point to Microsoft Exchange, and then click Active Directory Users and Computers. 2. Expand your organizational unit container, and double-click Users. Apply the filter at the SMTP virtual server level.

3. Right-click the distribution list for which you want to restrict submissi ons, and then click Properties. 4. Click the Exchange General tab.

5. Under Message Restrictions, under Accept messages, select one of the foll owing options: Click From everyone to allow anyone to send to this distribution list. This inc ludes anonymous users from the Internet. Click From authenticated users only to allow only authenticated users to send m ail to this distribution list. Click Only from to specify a select set of users or groups that can send to thi

s group and then click Add to specify the users or groups that you want to permi t to send mail to this distribution list. Click From everyone except to allow everyone but a select set of users or group s to send to this distribution group and then click Add to specify the list of u sers or groups that you want to restrict from sending to this distribution list. STORE What happened to the M: drive? The EXIFS (M: drive) feature has been disabled by default. If the feature is sti ll needed, it can be assigned to an available drive letter with a registry setti ng. 02 What is the STM file? the .stm file is part of the information store database that contains the native internet formatted items. It is used to improve the performance of the database . 03 Why does the size of the EDB file not change when I move users out of that store ? The .edb file will only decrease in size once a database defrag is performed. 04 How do I move the log files? The new ESM allows the administrator to move the log files through the GUI. 05 Is there an easier way to move mailboxes grouped by mailbox.store? Yes, you can now move mailboxes through ESM grouped by mailbox store. 06 Will an in place upgrade from Exchange 2000 remove the M: drive? Yes, In both the clean install and upgrade from Exchange 2000 scenarios, Exchang e 2003 does not present EXIFS as drive letter M: 07 If there is still an M: drive mapped, why does the free space number look funny? The free space number shown on the M: drive is based on the main install drive f or Exchange. It is not related to the drive space on the drives where the stores actually exist. CLUSTERING 01

Which cluster configuration is preferred? Microsoft recommends Active/Passive clustering because it: Scales better sizes the same way as a stand alone Exchange server can have up to 8 nodes in the cluster always fails over to a fresh node 02 What happened to Active/Active Clustering? Active/Active clustering is only supported with a 2-node cluster limited to 1900 concurrent connections. 03 Do I still have to cycle the services on fail back like in 2000 Active/Passive m ode? The Exchange services are automatically shutdown on failover so when fail back h appens the services are automatically brought back online for a clean address sp ace. 04 How many cluster nodes are supported by each version of Exchange? Exchange 2003 and Windows 2003, Standard Edition will run up to a 4-node cluster . Exchange 2003 and Windows 2003 Enterprise will run an 8-node cluster with at l east one passive node. 05 Are there any other differences between Win2k and Win2k3 clustering? Win2k3 Enterprise and Datacenter both support 8-node clusters. MSCS (Microsoft C lustering Services) is now available for high availability. NLB Manager allows t he administrator to configure the NLB service in a central location thus avoidin g mistakes from repetitive actions. For more information see the Technical Overvi ew of Clustering in Windows Server 2003? and Windows Server 2003 Server Cluster A rchitecture documents. 06 Why am I getting the 9582's and what is VM Fragmentation? VM fragmentation is when the virtual memory becomes fragmented and can prevent s tores form mounting. The 9582 event is the event that warns about this condition . For more information refer to The Extensible Storage Engine Database Engine Con tributes to Virtual Memory Fragmentation (324118)

ADC

01 What are the new ADC Tools? The Active Directory Connector management console now contains an ADC Tools opti on. ADC Tools is a collection of wizards and tools that help you set up connecti on agreements by scanning your current Active Directory and Exchange 5.5 Directo ry and organization, and automatically creating the recommended connection agree ments. The following wizards are included in the ADC Tools: Resource Mailbox Wizard This wizard identifies Active Directory accounts that ma tch more than one Exchange 5.5 mailbox. Using this wizard, you can match the app ropriate primary mailbox to the Active Directory account and stamp other mailbox es with the NTDSNoMatch attribute, which designates the mailboxes as resource ma ilboxes. You can either make these changes online or export a commaseparated val ue (.csv) file that you can update and import into the Exchange 5.5 directory. Connection Agreement Wizard This wizard recommends connection agreements based o n your Exchange 5.5 directory and Active Directory configuration. You can review the list of recommended connection agreements and select those you want the wiz ard to create. The Exchange Server Deployment Tools lead you through the process of installing Active Directory Connector and running ADC Tools. 02 Can I use the Windows 2003 Active Directory connector with Exchange 2003? No, you need to install the Exchange 2003 ADC. 03 How can I get a list of connection agreements in Exchange 2003 ADC? Run the ExchDump utility with the /CA switch. OWA How do I disable OWA for a single user in Exchange 2000/2003? In Active Directory Users and Computers (Advanced Features view) open the proper ties for the user object and choose Exchange Advanced Protocol Settings HTTP Settings and uncheck the Enable for mailbox check box. 03 How do I make OWA work properly with Extended Characters? Beginning in Exchange 2000, messages with extended characters are encoded with U TF-8, by default. For more information see KB273615 and KB281745 04 How do I stop users from going to a bookmarked /LOGON.ASP page after conversion to 2003 OWA? After converting from Exchange 5.5 OWA to 2000 OWA, all the users had book marke d the URL of mail.company.com/exchange/logon.asp, since in 5.5 OWA it automatica

lly would pull the user from the root URL into a logon page (since it used ASP) but now the user only sees the same base URL of mail.company.com/exchange. So on ce the users used the book mark or in some cases the autocomplete feature in IE th ey would be pulled to a dead address. Go into the front-end server that is hosting your OWA. Start up IIS admin and locate the /Exchange virtual directory Right click on the /Exchange directory and using the wizard create a new virtual directory called logon.asp. When it prompts where the content is located just pu t something like c:\inetpub\wwwroot Once the virtual root has been created, right click it, select properties then select the tab labeled Virtual Directory Select the A redirection to a URL and then in the Redirect to URL enter /exchange/

What happens is when the user hits the virtual root of /exchange/logon.asp it pu lls the user back to only /exchange* 05 How do I activate session timeouts for OWA users? Outlook Web Access user credentials are now stored in a cookie. When the user lo gs out of Outlook Web Access, the cookie is cleared and is no longer valid for a uthentication. Additionally, by default the cookie is set to expire automaticall y after 20 minutes of user inactivity. See Logon Modifications for OWA Users for the instructions. 06 How do I disable potions of the OWA interface? Exchange 2000 SP2 introduced the concept of OWA segmentation. This is where you can selectively enable/disable certain features in the web client. Exchange 2003 extends the segmentation options found in Exchange 2000. You can either set glo bal (per server) segmentation via a registry parameter, or set the msExchMailbox FolderSet attribute on user objects. A bit mask determines the functionality ava ilable to the user. 07 What are the new OWA Hot Keys? Ctrl+N: New Mail (or Post, if in public folders) Ctrl+R: Reply to currently selected mail in view Ctrl+Shift+R: Reply all to currently selected mail in view Ctrl+Shift+F: Forward currently selected mail Ctrl+U: Mark currently selected message(s) as unread Ctrl+Q: Mark currently selected message(s) as read . OMA

01 Can I deploy OMA in a mixed environment? In a mixed Exchange environment, you must use Exchange 2003 for both the front-e nd and back-end servers to gain access to mailboxes through Outlook Mobile Acces s (OMA) and Exchange ActiveSync. For mailboxes on Exchange 5.5 and 2000, you nee d to deploy Microsoft Mobile Information Server. 02 What is OMA? Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile Information Server 2002, are now built-in with all Exchange Se rver 2003 Standard installations. Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlo ok Mobile Access and Exchange Server ActiveSync help enable secure corporate e-m ail on a range of mobile devices including browser-based mobile phones, Microsof t Windows Powered Pocket PC, and Microsoft Windows Powered Smartphone devices. Adding this functionality to the core Exchange Server 2003 product reduces the n eed to deploy additional mobile server products in the corporate environment, th us lowering the total cost of ownership. 03 Which devices are supported by Microsoft to be used with OMA? Device support for Outlook Mobile Access (OMA) Browse is dictated by the Device Update package installed on the Exchange 2003 server. When you run Exchange 2003 Setup today, the DU2 package is silently installed as part of the installation. Approximately, every 6 months, new Device Update packages are released. This wil l add support for more devices to your Exchange server. The current Device Update package is DU4. The full list of devices and which DU package they are included in is available here. 04 I have just upgraded and I can t use OMA, why? The setting to enable/disable OMA Browse is actually set during ForestPrep. Exch ange 2003 ForestPrep will no longer enable OMA Browse by default. Exchange 2003 ForestPrep/Reinstall will keep it enabled if it was already enabled. This means that OMA Browse WON T be enabled when running ForestPrep to upgrade from Exchange 2000. You can find OMA Browse settings in ESM, under Global Settings -> Mobile S ervices -> Properties Note: ActiveSync and AUTD remain unchanged. 05 I have an Exchange 2003 server on a member server that I promoted to a DC, what happened to my OMA, it no longer works? Amongst other problems, the ASP.NET account changes which causes OMA to cease fu nctioning.

06 How do I verify OMA is functioning? You can verify Outlook Mobile Access (OMA) is functioning from a desktop machine running IE 6.0 Assuming that SERVER1 is running Exchange 2003: 1. 2. er1 From a desktop PC running IE6.0, navigate to http://server1/oma Enter the logon credentials for an existing mailbox which resides on serv

3. Click the OK hyperlink when you receive the warning about your device bei ng unsupported 4. Welcome to OMA!

OUTLOOK 2003 01 What do I need to get RPC over HTTP working? Client Outlook 2003, Windows XP with Service Pack 1 + Q331320 Server-side Exchange 2003 on Windows 2003 for FE (if FE is deployed) Exchange 2003 on Windows 2003 for BE Exchange 2003 on Windows 2003 for Public Folders Exchange 2003 on Windows 2003 for System Folders Windows 2003 for Global Catalog server When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003 clients can connect simply using HTTP or HTTPS, thereby reduc ing the need for virtual private networks (VPNs) or dial-up remote access. If re mote users only need to gain access to corporate messaging information, your IT department may not need to deploy VPN infrastructure. VPN-less access reduces co sts and provides for increased security by ensuring that remote Outlook users do n t need access to the entire network. 02 Do I need Windows XP to use Outlook RPC over HTTP?

Yes. Windows XP with Service Pack 1 + Q331320 03 How can I enable/disable an attribute used by the Outlook client for ambiguous n ame resolution Registry Modification Required to Allow Write Operations to Schema Setting an Attribute s searchFlags Property to Be Indexed for ANR 04 What are the differences in compression between Outlook 2002/2003 and Exchange 2 002/2003? The following tables illustrate how RPC compression and buffer packing works on the wire between the Outlook client and Exchange Server. Outlook 2002 against Exchange 2000 / 2003 Mode Data Flow Network Client Buffer Size Data Buffer Size Size on Wire Compress ed Online Download/Upload LAN 32Kb 32Kb 32Kb No Online Download/Upload WAN 4Kb/8Kb 4Kb/8Kb 4Kb/8Kb No Offline Download/Upload All 32Kb 32Kb 32Kb No Outlook 2003 against Exchange 2003 Mode Data Flow Network Client Buffer Size Data Buffer Size Size on Wire Compress ed Online Download All 32Kb 32Kb <32Kb Yes Online Upload All 32Kb 32Kb <32Kb Yes Cached Download All 96Kb >96Kb 96Kb Yes Cached Upload All 32Kb 32Kb <32Kb Yes Offline Download All 32Kb >32Kb 32Kb Yes Offline Upload All 32Kb 32Kb <32Kb Yes The compression technology used between Outlook 2003 and Exchange 2003 is called XPRESS(tm) and is based on the Lempel-Ziv (LZ-77) algorithm. This is the same t echnology that Active Directory uses to perform compression of its RPC data when replicating between servers. All data over the size of 1 KB is compressed, and t he technology is built into both client and server; therefore the compression is full duplex. The compression gain is dictated by the message format and attachment(s) type. B ecause the compression is performed at the RPC level, all message data is compre ssed. Plain text and HTML messages usually compress between 60% and 80% (on the wire saving) Rich-text (RTF) messages usually compress up to 20% (on the wire saving) Word documents compress down better than PowerPoint files KB216060 KB243311.

Logon Modifications for OWA Users You can enable a new logon page for Outlook Web Access that will store the user s user name and password in a cookie instead of in the browser. When a user closes their browser, the cookie will be cleared. Additionally, after a period of inac tivity, the cookie will be cleared automatically. The new logon page requires us ers to enter either their domain name\alias and password or their full UPN e-mai l address and password to access their e-mail. To enable forms-based authentication 1. In Exchange System Manager, expand the Servers node. 2. Expand the Protocols node under the Exchange server for which you wish to enable forms-based authentication. 3. Expand HTTP, and then right-click the Exchange Virtual Server.

4. On the Exchange Virtual Server properties page, select the check box next to Enable Forms Based Authentication for Outlook Web Access. 5. Click Apply, and then click OK.

Cookie Authentication Timeout Outlook Web Access user credentials are now stored in a cookie. When the user lo gs out of Outlook Web Access, the cookie is cleared and is no longer valid for a uthentication. Additionally, by default the cookie is set to expire automaticall y after 20 minutes of user inactivity. The automatic timeout is valuable for keeping a user s account secure from unautho rized access. Although this timeout does not completely eliminate the possibilit y that an unauthorized user might access an account if an Outlook Web Access ses sion is accidentally left running on a public computer, it greatly reduces this risk. Note: Cookie Authentication Timeout is available for the rich experience version of Outlook Web Access only. The inactivity timeout value can be configured by an administrator to match the security needs of your organization. Note: The default value for the cookie timeout is 10 minutes. If you want to set this value to something other than 10 minutes, you must modify the registry set tings on the server. Warning This section contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about restoring the registry, see the Re store the Registry Help topic in Regedit.exe or Regedt32.exe

To set the Outlook Web Access cookie timeout value 1. Click Start, click Run, and type Regedit in the box next to Open. Click O K. 2. Navigate to the following registry key: HKey_local_machine\system\ CurrentControlSet\Services\MSExchangeWeb\OWA\ 3. 4. 5. 6. 7. Create a new Dword value and name it KeyInterval. Right-click the KeyInterval Dword value and click Modify. In the Base window, click the button next to Decimal. In the Value Data field, enter a value (in minutes) between 1 and 1440. Click OK.