A Study Guide for Microsoft's TCP/IP on Windows NT 4.0 Exam

Although nothing can substitute for real-world, hands-on experience, knowing what to expect can help you pass the TCP/IP exam.

Emmett Dulaney

February 28, 1998

14 Min Read
ITPro Today logo

A look at the exam's format and content

Exam 70-059: Internetworking with Microsoft TCP/IP on Microsoft Windows NT 4.0 measures your ability to implement and administer TCP/IP on Windows NT Server 4.0. The TCP/IP exam is important for three certifications. First, you can become a Microsoft Certified Professional (MCP) with an Internet specialty if you pass the TCP/IP exam and two other exams. Second, the TCP/IP exam counts as an elective toward becoming an MCSE, which requires passing six exams. Third, passing the TCP/IP exam is mandatory for becoming an MCSE with an Internet specialty, which requires passing seven exams. (For the specific exams that you must pass for each of these certifications, go to Microsoft's Web site at http://www.microsoft.com/train_cert/cert/cert.htm.)

A candidate taking the TCP/IP exam has 90 minutes to answer 58 questions. Out of a possible 1000 points, you must get a score of at least 750. To obtain this score, you must answer 44 questions correctly.

The multiple-choice questions in this computer-administered exam are extremely verbose and include a large number of exhibits. Typically, you choose among four responses, but some questions include a possible fifth response. Of the questions with five possible responses, the majority contains a scenario, a solution, several required results, and several optional desired results. You then must choose how well the solution met the desired results. As Figure 1 shows, these questions are often complicated and difficult to answer. My advice is to mark such questions the first time through. Then when you have finished the exam, you can check to make certain you read and answered them correctly.

The answer to the sample question in Figure 1 is E (the required result was not met). To route TCP/IP packets on an NT server functioning as a multihomed host (i.e., a host that has more than one networking adapter installed--in this case, three network cards), you must assign an IP address to each card. As for the optional results, the Simple Network Management Protocol (SNMP) component is correct, but for routing tables to automatically update, you must install Routing Information Protocol (RIP) for IP.

At this point, you might be thinking that RIP is no longer needed because of the new Routing and Remote Access Service (RRAS) in Service Pack 3 (SP3). But Microsoft's exams test you on the core products only; Microsoft doesn't include service packs and add-ons in its scenarios.

The TCP/IP exam contains five sections: Planning, Installation and Configuration, Connectivity, Monitoring and Optimization, and Troubleshooting. If you understand the concepts covered in these sections, you will have little difficulty passing the TCP/IP exam. Here is a summary of the primary concepts in each section. If you need more information, see the sidebar "Suggested Study Aids," page 147, for additional resources.

To plan a TCP/IP network, you need to know about TCP/IP and Point-to-Point Tunneling Protocol (PPTP). Microsoft has built support and implementation of TCP/IP into NT Server 4.0 and NT Workstation 4.0. To use TCP/IP, every host computer must have a unique IP address and share a subnet mask with other hosts on the same network. With PPTP, you can securely transmit Point-to-Point Protocol (PPP) packets over a TCP/IP network. PPTP is part of an emerging technology called Virtual Private Networks (VPNs). PPTP can use X.25 technology, ISDN, or a Public Switched Telephone Network. NT enhances TCP/IP by including services for Windows Internet Naming Service (WINS), Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP).

Installation and Configuration
More than half of the exam questions address TCP/IP installation and configuration. You need to understand a variety of concepts associated with these topics, including subnetting, DHCP, HOSTS and LMHOSTS files, DNS and WINS servers, TCP/IP printing, and SNMP.

Subnetting. Many of the questions in the installation and configuration section deal with subnetting. Although you can use the onscreen scientific calculator during this exam, you can save yourself a lot of time if you memorize binary-to-decimal conversion and subnetting information.

IP addresses are 32-bit binary numbers, most often written as four octets (separated by periods), converted to decimal values. For example, the decimal IP address of in binary form is 11000000.00001110.11001000.00000010. To simplify the conversion, always break the address (whether it is decimal or binary) into the four parts and then convert each part. Memorizing the binary place values (128, 64, 32, 16, 8, 4, 2, and 1) will help you easily convert decimal and binary values.

For example, the decimal value 131 equals 128+2+1, so the binary representation is 10000011. Likewise, 191 is 128+32+16+8+4+2+1 or 10111111. The decimal value 255 is 11111111, and 0 is 00000000. Conversely, the binary value 01010101 is 64+16+4+1 or 85.

The left most part of the IP address identifies the class of network, and the right most part identifies the host. The middle forms the network ID.

There are three classes of networks: A, B, and C. Table 1, page 146, lists these classes and their addresses, the number of available hosts, and default subnet masks. Notice that address 127 is not used. This value is reserved as a loopback address. The number of available hosts remains the same when you leave the subnet mask at the default. However, you can use the subnet mask to decrease the number of hosts and increase the number of subnets. Table 2, page 146, shows the tradeoffs between the number of hosts and the number of subnets.

DHCP. You can manually assign IP addresses to every machine on your network, or you can let a DHCP server do this task for you. DHCP is an extension of the boot protocol for diskless workstations. It issues an IP address from a pool of addresses (i.e., a scope) and assigns the subnet mask, default gateway address, and other parameters. As a result, DHCP reduces configuration problems and simplifies IP administration.

You must have an IP address and subnet mask for any TCP/IP client to properly operate. If your machines are going to interact with computers outside your local network, you must also have a default gateway. This address lets your network route messages outside a subnet. The default gateway must be on the same logical network as the host IP address.

The DHCP server issues, or leases, a DHCP address to a client for a given period, called a lease period. About halfway through that period, the client will try to renegotiate the lease to keep the address longer. If the client doesn't get an acknowledgment, it will try again at regular intervals. If the lease expires, the client will try to get another lease from that or another DHCP server.

A DHCP server cannot be a DHCP client because the DHCP server must have a unique static IP address, subnet mask, and default gateway address. The DHCP server must have at least one scope. Multiple DHCP servers need to have non-overlapping portions of each other's scopes so they can serve the clients of a failed server.

The DHCP server will always assign a DHCP client the same IP address because the server reserves that address (i.e., client reservation). The DHCP server can also reserve addresses within a scope for hosts that use static addresses. For example, the DHCP server can reserve addresses for hosts that don't use DHCP.

HOSTS and LMHOSTS files. You can use an ASCII-readable file, called the HOSTS file, to map host names (common system names) to IP addresses for address resolution. Similarly, you can use the LMHOSTS file to map NetBIOS names to IP addresses. You can even load portions of the LMHOSTS file in the DHCP server's memory so the server doesn't have to read the LMHOSTS file each time name resolution takes place. The LMHOSTS file must at least contain each domain controller on the local domain and the Primary Domain Controller (PDC) of every remote domain. Both HOSTS and LMHOSTS files are static.

DNS and WINS servers. You can use DNS and WINS servers to dynamically answer queries to name resolution requests. DNS servers eliminate the need for HOSTS files because DNS servers map host names given in the format of fully qualified domain names (FQDNs--such as iquest.net) to IP addresses to answer queries. You need one primary DNS server and one secondary DNS server in each zone.

WINS servers eliminate the need for LMHOSTS files because WINS servers map NetBIOS names to IP addresses to answer queries. WINS servers work with Microsoft clients but not with Macintosh clients. (You can, however, use DNS servers to work with Macintosh clients.) Unique entries are those that manually map a computer name to an IP address. Four other static entry types are Domain Name, Group, Internet Group, and Multihomed.

TCP/IP printing. TCP/IP printing can take place between UNIX and NT hosts. The NT server can send print jobs to the UNIX host. To enable this option, you must run a Line Print Daemon (LPD) service on the UNIX host, install a TCP/IP printing service, and give UNIX clients the IP address of the LPD print server. The UNIX host can send print jobs to the NT server. To enable this capability, you must use the Line Print Remote (LPR) command to submit the job.

SNMP. This protocol captures, or traps, configuration and status information on the various machines in a network running an SNMP agent. (An SNMP agent is the SNMP client software.) SNMP then sends this trapped information to a designated machine for network management. For SNMP to work, you must install the SNMP service on the server and specify which machine will receive the trapped messages. This designated machine must be running SNMP Manager.

Another key topic that the TCP/IP exam covers is connectivity. Here are some concepts you need to know about when you are completing the connectivity section of the TCP/IP exam.

RIP. RIP packets exchange routing information with other dynamic RIP routers. By default, an NT router cannot exchange RIP packets with other IP RIP routers unless you install RIP software and select the Enable IP Forwarding check box on the Routing tab of the TCP/IP Properties page.

Without RIP, you must use the ROUTE ADD command to manually set up router tables. The syntax for manual adds is

ROUTE ADD [destination net id] MASK [netmask] [gateway mask]

Multihomed host. You can use your NT server as a multihomed host, but each network card must have an individual IP address. A multihomed host is useful for hosting several Web sites.

Internet Information Server (IIS) and FTP. IIS serves primarily as a Web server, but it also supports FTP and Gopher. For an FTP client to access the services of an FTP server, the client must use the Windows Sockets interface to get to the session layer NetBT (NetBIOS over TCP/IP).

Internet Service Manager. ISM is a graphical administration tool. You can use ISM to centrally manage, control, and monitor the Internet services in your NT network.

Telnet. This protocol lets a computer become a dumb terminal on other hosts. When you connect to another host, you can access and run files and applications on that host. However, you can't download or upload files.

Remote Access Service (RAS). If you use a RAS server for dial-up networking, you must leave the default gateway information blank. The Internet Service Provider (ISP) will provide this information.

Monitoring and Optimization
The key to this section of the TCP/IP exam is how to monitor and make changes (via the Registry Editor, regedt32.exe) to optimize your network. You can use three monitoring tools to collect, view, and analyze information about your network:

Event Log. The Event Log in NT stores all critical system messages, not just those related to TCP/IP. You can use this log to track events and errors.

Network Monitor. The Network Monitor captures incoming and outgoing packets to help you detect and analyze problems. The monitor includes filters that limit what you view so the data doesn't become overwhelming. Commonly used filters are Filter during capture and Filter during display.

One area in Network Monitor that often confuses users is the monitor's range of service. With NT Server 4.0's Network Monitor, you can monitor only the specific system on which you install it. Users sometime believe that it can monitor other systems on the network.

Performance Monitor. The Performance Monitor (Perfmon) is NT's all-around tool for monitoring. It collects statistical measurements on hardware and software components. Perfmon establishes baselines from which you can judge those components' performance. You can then analyze performance to identify problems and opportunities for improvement. For Perfmon to collect TCP/IP information, you must install SNMP.

TCP/IP problems in NT 4.0 typically fall into two categories: configuration and name resolution. Configuration problems usually involve incorrect subnet masks, IP addresses, and default gateway addresses. You can use several tools to troubleshoot configuration problems.

Address Resolution Protocol. ARP displays the ARP cache, which contains media access control addresses. ARP also displays the NetBIOS cache, which contains resolved NetBIOS names.

Ipconfig. As the name implies, ipconfig shows the IP configuration information for the host. The ipconfig /all command will show not only TCP/IP configuration, but also DNS, WINS, DHCP, and NetBIOS information.

Netstat. This tool gives all the TCP/IP protocol statistics. Netstat also lets you know about the current state of TCP/IP connections.

Nslookup. This troubleshooting tool shows DNS server entry information. You can use nslookup to query a name server to determine whether it is working correctly.

Ping. You can use this utility with IP addresses or host names to verify connectivity with another host. You can also use ping to verify that your host is responding properly. When you use ping with the loopback address, you are testing only the IP layer and not the physical layer.

Route. With route print, you can view the routing table. With route add, you can add entries.

Tracert. This tool is similar to the ping utility. However, tracert traces only the route being taken.

You can easily troubleshoot name resolution problems with the ping utility. If you can ping a host using its IP address but not its host name, you have a resolution problem. (If you cannot ping the host at all, the problem lies elsewhere.) Here are five common causes of name resolution problems and how to prevent or fix them.

  1. You misspell the host name: Examine the HOSTS or LMHOSTS file to verify that you spelled the host name correctly.

  2. Comment characters prevent NT from reading the host name: Verify that a pound sign is not at the beginning of the line or anywhere on the line before the host name.

  3. The file contains duplicate host names: Verify that all host names are unique. When you have duplicate host names, NT will read only the first entry because it reads files linearly.

  4. NT contacts the wrong host: Verify that the IP address you entered in the file is valid and corresponds to the host name.

  5. You place an entry in the wrong file: Although similar, HOSTS and LMHOSTS files aren't interchangeable. HOSTS files map IP addresses to host names, and LMHOSTS files map NetBIOS names to IP addresses. If you put HOSTS entries in to the LMHOSTS file, NT will ignore those HOSTS entries. Similarly, if you put LMHOSTS entries in the HOSTS file, NT will ignore those LMHOSTS entries.

In addition to ping, useful name resolution utilities include nbtstat and hostname. The nbtstat utility (NetBIOS over TCP/IP) displays protocol statistics and current TCP/IP connections. This utility is useful for troubleshooting NetBIOS name resolution problems and has several parameters and options:

  • -a(adapter status), which lists the remote machine's name table given its name

  • -A(Adapter status), which lists the remote machine's name table given its IP address

  • -c(cache), which lists the remote name cache, including the IP addresses

  • -n(names), which lists local NetBIOS names

  • -r(resolved), which lists names resolved by broadcast and via WINS

  • -R(Reload), which purges and reloads the remote cache name table

  • -S(Sessions), which lists the sessions table with the destination IP addresses

  • -s(sessions), which lists the sessions table converting destination IP addresses to host names via the hosts file

The hostname.exe utility returns the name of the local host. You can use this utility only to view the name; you can't use it to change the name. You can change the host name from the Network Control Panel applet.

Ace the Exam
Although real-world, hands-on experience is the best preparation for the TCP/IP exam, knowing what to expect on the exam can be helpful. But you can't just memorize the concepts in these five sections to pass the exam. Rather, you must understand the reasoning behind these concepts. If you possess this understanding, you will have no trouble acing the TCP/IP exam.

Read more about:

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like