CertTutor.net UPDATE—brought to you by the Windows & .NET Magazine Network and CertTutor.net
THIS ISSUE SPONSORED BY
VeriSign—The Value of Trust
Windows & .NET Magazine Road Show
SPONSOR: VERISIGN—THE VALUE OF TRUST
Secure your servers with 128-bit SSL encryption!
Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions, secure your corporate intranets and authenticate your Web sites. 128-bit SSL is serious security for your online business. Get it now!
August 9, 2002—In this issue:
- Taking Advantage of Educational Benefits
2. NEWS & VIEWS
- CompTIA'S Security+ Exam to Enter Beta
- Oracle9i Performance-Tuning Exam to Go Live
- Questions for Exam 70-216
- The Backup and Recovery Solutions You've Been Searching For!
- Don't Miss Our Storage Web Seminar—Free!
- CertTutor.net Live! Featured Thread: Loading Drivers in Safe Mode
- Link of the Week: Webmonkey
6. INSTANT POLL
- Results of the Previous Poll: Windows XP
- New Poll: Work
7. NEW AND IMPROVED
- Prepare for .NET Exams
8. CONTACT US
- See this section for a list of ways to contact us.
(contributed by Dick Lewis, [email protected])
Companies structure employee benefits to entice you to join their organization and stay there. Because the costs of employee acquisition and training are so high, companies offer significant benefits and incentives to retain employees.
Educational benefits are one of the most important compensation add-ons you should research when considering any potential employer. Even if you just earned a degree and are feeling burned out on studying, the memories of that pain will fade within a few years and you might decide to pursue an advanced degree. And if you've taken just a handful of college courses but have no diploma to show for it, you know you'll eventually hit that educational glass ceiling and need to finish that degree.
Finishing a degree or earning an advanced degree can give you real advantages if layoffs hit and you find yourself looking for a job. In many situations, a 4-year degree is a basic criterion. Without it, your resume might end up in the trash before a prospective employer even evaluates your certifications and experience.
In some cases, companies aren't willing to pay for a $10,000 MCSE or Cisco Systems certification-training package but will pay for a $25,000 masters-degree program. For those of us who see value in training and certification, these numbers might not add up, but you must take advantage of what an employer thinks has value and could ultimately advance your career.
Increasingly, employers have realized the value of offering educational assistance. Educational programs often last 2 to 4 years, and employers who offer assistance are virtually guaranteed employee retention during that time. Reimbursements and incentives can take several forms, including time off for study and payment for tuition, classes, and books. Depending on the degree program you choose, such benefits might exceed $20,000 in value. Some employers offer further incentives of stock or stock options for those who complete the program.
Some degree programs require a commitment of 4 to 5 hours per night, 2 nights per week. If you add 1 to 3 hours of homework for each in-class hour, you can see that eating and sleeping become optional activities. I attended one of these degree-completion programs for 16 months and at the end of that time, all of us in the program were completely exhausted. I was fortunate because I had a reduced daytime workload and an employer that let me study, but if I'd been working full time, the program would've been very difficult. You should ask your employer and the school what would happen if you had to drop a class or reduce the number of classes and extend the program completion. You could be liable for class costs if you drop a class after the no-charge withdrawal date. Be certain that you have plenty of extra time to complete the program if illness, pregnancy, or other expected or unexpected events occur.
College-entrance requirements can vary greatly and might include assessment tests such as the Graduate Record Examination (GRE) or the Graduate Management Admission Test (GMAT) and essays. Employers and schools might have a minimum grade standard that you must maintain to remain in good standing. Usually, the more prestigious the school, the higher the grade standard. One major California-based management school has a B grade standard.
Accepting employee educational reimbursements can introduce tax implications. These reimbursements might count as taxable income if you're seeking a degree that can be considered as retraining. Check with a tax advisor to be sure the program falls within nontaxable guidelines or you might face an unexpected tax liability on $20,000 in educational reimbursement "income."
If your employer offers educational benefits, follow the company's guidelines carefully but take full advantage of the offerings. If you work for a company that doesn't offer such benefits, keep your eyes open for an opportunity that does.
SPONSOR: WINDOWS & .NET MAGAZINE ROAD SHOW
WHY PAY WHEN YOU CAN GET IN-PERSON SECURITY EXPERTISE FOR FREE?
Windows & .NET Magazine Road Shows are coming soon to Chicago, New York, Denver, and San Francisco! Now's your chance to learn from experts like Mark Minasi and Paul Thurrott about how to shore up your system's security and what desktop security features are planned for .NET and beyond. Brought to you by NetIQ. Registration is free so sign up now!
2. NEWS & VIEWS
Computing Technology Industry Association (CompTIA) announced that its new Security+ exam will enter beta testing in September 2002. The test will likely become available to the public sometime in late October or early November. For more information, see the CompTIA Web site.
Oracle announced that the final exam in its Oracle9i DBA track, Oracle9i Performance Tuning, will go live in late September of this year. For more information, see the Oracle Web site.
(contributed by Jonathan Bischke, [email protected])
Welcome to Certifiable, your exam-prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams. This week's questions cover topics for Exam 70-216: Implementing and Administering a Microsoft Windows 2000 Network Infrastructure.
You work as the systems administrator at the Flower Mound Organic Farm Collective and are in the process of upgrading the organization's network from Windows NT 4.0 to Windows 2000. You don't have the funds to upgrade your DNS server from NT 4.0 to Win2K, and you're wondering whether you can use the NT 4.0 DNS server to support Active Directory (AD). Which of the following steps should you take to configure the NT 4.0 DNS server to support AD? (Choose all that apply.)
- Configure the DNS Server to support Dynamic Updates.
- Upgrade the server to Service Pack 4 (SP4) or a more recent service pack.
- Make sure that the NT 4.0 DNS server is authorized in AD.
- Make sure that the primary DNS server authoritative for the Netlogon service names can support SRV records.
- NT 4.0 DNS Servers can't support AD; you must install a Win2K DNS server.
For the correct answer and an explanation, go to
Answer to Question 1
The correct answers are B—Upgrade the server to Service Pack 4 (SP4) or a more recent service pack; and D—Make sure that the primary DNS server authoritative for the Netlogon service names can support SRV records. SP4 or later is required on the NT 4.0 DNS server. The NT 4.0 DNS server must be the primary DNS server authoritative for Netlogon service names and support the SRV records. SP4 introduced this capability. Dynamic updates of DNS records aren't required for AD, although Microsoft recommends them. DHCP servers and Remote Installation Services (RIS) servers must not be authorized in AD, but a server running NT 4.0 can't be (nor does it need to be) authorized as a DC in AD.
You want to use your corporate intranet to set up an IP Security (IPSec) connection for two computers located on different sides of the city. Each computer is connected to a local Cisco Systems 2501 router, which is connected to your ISP's router. Traffic travels across three routers on the ISP's network, then to the corresponding router on the other side, and finally to the other PC. These routers are all part of the intranet, although one routes traffic out to the Internet as well.
You've outsourced most of your WAN infrastructure, so you're only responsible for the LAN up to the 2501 routers. Which of the following do you need to do to set up an IPSec connection between these two locations?
- Set up IPSec on each end-node computer, then have your ISP configure the routers to let TCP traffic pass through on port 108.
B. Configure the end-node computers with IPSec; you don't need to configure the routers to pass this encrypted traffic across your WAN.
C. Set up IPSec on each end-node computer, then have your ISP configure the routers to let traffic pass through on port 31337.
D. Set up IPSec on each-end node computer, then have your ISP configure the routers to let traffic pass through on port 1138.
For the correct answer and an explanation, go to
and scroll down to "Answer to Question 2."
Answer to Question 2
The correct answer is B—Configure the end-node computers with IPSec; you don't need to configure the routers to pass this encrypted traffic across your WAN. You must activate IPSec on the clients only. A tunnel activates between the two endpoints that use encrypted IP communication. One end encrypts the communication, and the other end decrypts it. Routers and switches don't need to be IPSec-aware.
Enrious and his manager, Petal, are discussing the administration of the RAS servers at the Flower Mound Organic Farm Collective.
Petal: "I want you to set up the remote-access policy so that the system locks users out if they enter the wrong password several times when they're dialing into our server."
Enrious: "How about if we lock users out for 48 hours if they enter the wrong password five consecutive times when using a dial-up connection?"
Petal: "That sounds good. Now, can you explain to me how you set up the RAS server?"
Enrious: "I've configured the server with default settings. I created a new group called flowerrasusers, and it contains users who require the ability to access our network over a dial-up connection."
Petal: "I'm still concerned that people who aren't members of this group are somehow gaining dial-up access. Also, can you limit access to nonbusiness hours?"
Enrious: "Yes, that should be possible."
After the meeting, Petal hands Enrious the following goals for the RAS servers:
- Deny users access for 48 hours if they enter the incorrect password five times.
- Limit access to RAS to members of the flowerrasusers group.
- Restrict RAS access to between 5:00 P.M. and 8:00 A.M. for normal users.
- Give Administrators unlimited access to the RAS server at all times.
Which of the following achieves the primary goal but doesn't achieve any of the secondary goals?
- Run regedit, navigate to the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\RemoteAccess\Parameters\ AccountLockout subkey, and change the entry for MaxDenials from 0 to 5.
- Run the RRAS utility, expand the Current Server, right-click the Remote Access Policies Node, then select "New Remote Access Policy." Select Add, select Windows-Groups, select flowerrasusers, then select Close. Right-click flowerusers, select "login between 5:00 P.M. and 8:00 A.M.," then select Close. Next, select Add, select Windows-Groups, select Administrators, then select Close. Right-click Administrators, select "no logon restriction," and give the Policy the name "flower-lockout." Select Next, select Add, and select "Lockout after 5 attempts," then set the "reset lockout after" box to 48 hours. Click Close.
- Run the RRAS utility, expand the Current Server, right-click the Remote Access Policies Node, then select "New Remote Access Policy." Give the Policy the name "flower-lockout." Select Next, then select Add. Select "Lockout after 5 attempts," then set the "reset lockout after" box to 48 hours. Click Close. Select Add, select Windows-Groups, then select flowerrasusers. Select Close. Right-click flowerusers, select "login between 5pm and 8am," then select Close. Select Add, select Windows-Groups, select Administrators, then select Close. Right-click Administrators, select "no logon restriction". Select Close.
- Run the RRAS utility, expand the Current Server, right-click the Remote Access Policies Node, then select "New Remote Access Policy." Give the Policy the name "flower-lockout," then select next, select Add, select Windows-Groups, select Administrators, then select Close. Right-click Administrators and select "no logon restriction". Select Add, select "Lockout after 5 attempts" and set the "reset lockout after" box to 48 hours. Select Add, select Windows-Groups, select flowerrasusers, and click close.
For the correct answer and an explanation, go to
and scroll down to "Answer to Question 3."
Answer to Question 3
The correct answer is A—Run regedit, navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\ AccountLockout subkey, and change the entry for MaxDenials from 0 to 5. The default lockout period is 48 hours, which the registry represents in hexadecimal as b40. If you don't like working with hexadecimals, translate the value back to decimal and divide by 60. If you want to change the value to 24 hours, simply multiply 24 by 60 and translate the result into hexadecimal. The subkey to change is in the same area and is called ResetTime.
(brought to you by Windows & .NET Magazine and its partners)
Our popular Interactive Product Guides (IPGs) are online catalogs of the hottest vendor solutions around. Our latest IPG highlights the backup and recovery solutions and services that will help you recover your data and your network when disaster strikes. Download the IPG for free at:
While the cost of buying storage capacity continues to drop, the cost of managing storage and keeping it available continues to rise. Find out why this happens and how to address it by bringing your Windows storage under control. Register today for this important online seminar sponsored by VERITAS!
CertTutor.net Live! is the Internet's number-one training and certification discussion board. Each week, CertTutor.net Live! receives thousands of posts about Windows XP, Windows 2000, Cisco, and more. We've selected one of these posts to feature here in CertTutor.net UPDATE. To join in the conversation at CertTutor.net Live!, register at the following URL:
(contributed by Gregory W. Smith)
<javusa> needs to gain access to a Zip drive on a notebook PC that's booting into Safe mode only. What can he do?
Keep up with CertTutor.net Live! by subscribing to the CertTutor.net Live! UPDATE, a free weekly newsletter that highlights the best posts from the discussion forums. Subscribe at the following URL:
Webmonkey is a great site for anyone who's interested in learning how to become a Web master.
6. INSTANT POLL
The voting has closed in the CertTutor.net nonscientific Instant Poll for the question, "Are you running Windows XP at home?" Here are the results (+/- 2 percent) from the 239 votes:
- 59%: Yes
- 12%: No, but I plan to upgrade soon
- 29%: No, and I don't plan to upgrade anytime soon
The next Instant Poll question is, "How many hours do you work in a week?" Go to the CertTutor.net home page and submit your vote for a) Less than 40 hours, b) 40 hours, c) 40 to 50 hours, d) 50 to 60 hours, or e) 60 hours or more.
7. NEW AND IMPROVED
(contributed by Carolyn Mader, [email protected])
Transcender released four new products to help you prepare for your .NET exams. Licenses for Exam 70-305: VB-Flash/Web 7.0 for Developing and Implementing Web Applications with Microsoft Visual Basic .NET and Microsoft Visual Studio .NET, Exam 70-306: VB-Flash/Windows 7.0 for Developing and Implementing Windows-based Applications with Microsoft Visual Basic .NET and Microsoft Visual Studio .NET, Exam 70-315: C#-Flash/Web 7.0 for Developing and Implementing Web Applications with Microsoft Visual C# .NET and Microsoft Visual Studio .NET, and Exam 70-316: C#-Flash/Windows 7.0 for Developing and Implementing Windows-based Applications with Microsoft Visual C# .NET and Microsoft Visual Studio .NET are available in the MCSD Flash Pak for .NET.
8. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT THE COMMENTARY — [email protected]
- ABOUT CERTIFIABLE — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR CERTTUTOR.NET UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR CERTTUTOR.NET UPDATE?
This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
Thank you for reading CertTutor.net UPDATE.