Considerations for Determining How Security Design Affects End Users
To help you determine how a change in security can affect end users, ask yourself these questions: 1D0-410 70-431 70-299

How will a stronger password policy actually work at the end-user level? Will requiring a longer password mean more passwords are written on paper where unauthorized users might discover them? Will it mean loss of productivity or additional help desk labor because of an increased need to reset passwords?

What will adding an account lockout policy do to users? Account lockout policies lock accounts after a number of incorrect password attempts. The number of false attempts allowed is adjustable. Will the number of allowed attempts accommodate remote users, or will fumble-fingered sales personnel be unable to enter their orders because their account gets locked out? How long will the policy keep accounts locked out? Local users might be able to wait the 10 minutes or until the help desk can reset their account. Can the traveling executive seeking critical information on a dial-up line afford to waste that much time attempting to contact the help desk?

What will be the side-effects of moving to smart cards? What will happen when users forget their smart cards at home and attempt to use an office mate’s card? If restrictions on card removal (sessions are logged off when smart cards are removed) are set, two users cannot use the same smart card and maintain consecutive sessions. This solves a long-standing dilemma as well—that is, how to restrict each user to one session at a time on the network. These are positive side-effects that affect users. However, smart cards can also have a negative effect. In the Microsoft Windows 2000 environment, smart card certificate renewal is not automatic. This situation can have a major impact on end users because they must figure out how to renew certificates. Although this is not a difficult chore, it can be for some users. When thousands of users must do so, many of them will have problems. This will put a large strain on the help desk and might affect the productivity of the users, as after certificates expire users cannot work until they renew the certificate. In Windows Server 2003, you can implement automatic renewal. If you do not consider the impact of security on end users, you might miss this critical step.

Guidelines for Using the Security Design to Mitigate Risk
Follow these guidelines to incorporate risk mitigation strategies into your security design:

Look at IT operations with an eye to risk. This approach can help in the development of more secure systems.

Develop a risk model for IT operations as a part of any security framework.

Don’t limit risk modeling to the evaluation of potential security risks, but incorporate the development of a long-term risk management strategy into the company’s IT operations.

Find out who manages risk for the organization. You will find them to be a ready source of information on risks to your organization.

Incorporate other people’s knowledge about risks into security designs.

Require continuous risk assessment and response. Your security design should continually search for new risks and periodically evaluate known risks. Consider that viruses and worms, historically perceived as risks related to e-mail, are now spread by attacks against vulnerable services such as Web and database services exposed to the Internet. Modern malicious code is a blended threat and targets various segments of the computing environment, and as such, requires constant vigilance. ex0-100 70-291 SY0-101 70-270

Integrate risk management into all roles, including IT roles and those of every process owner. Process owners can take responsibility for identifying risks and managing them. If end users circumvent security, for example, by sharing passwords, they put systems at risk. Human Resources can be involved by ensuring that employees are aware of security risk factors, and if dictated by policy, by enforcing sanctions against people who do not comply.

Guidelines for Mitigating the Cost of Security
Follow these guidelines to minimize the cost of security: 70-293 70-431 70-236 70-642

Always insist on a clear and complete statement of the cost that security adds to any project. Whether the cost is prepared by vendors, internal IT staff, management, or the security designer, it must be complete.

Look at security solutions that reduce cost. Are there security technologies suitable for this project that can reduce overall cost and thus improve profitability? An example of such technologies is the use of Secure Sockets Layer (SSL) encryption accelerator cards in e-commerce projects. People rarely doubt the need for secure servers to protect the transmission of sensitive customer or partner financial information during an e-commerce transaction. However, SSL encryption does reduce the number of transactions that can be processed per minute. Slowing the processing of monetary transactions is not a good thing, but removing SSL encryption is not an acceptable solution. SSL-encryption accelerator cards are the answer. Although these cards add cost to a security project, they pay for themselves because they allow the number of possible SSL-encrypted transactions to increase and provide the required care of customer information as it traverses the Internet.

Look for security technologies that, if not employed, absolutely will result in the failure of the project or will result in large, unnecessary expenses. No one today can imagine running an e-mail gateway without antivirus protection. However, it was not long ago that the purchase of such products was seen only as an expense that might be useful. Many organizations learned the hard way that not providing and frequently updating antivirus protection on both the gateway and the end-user machine leads to business interruptions and larger expenses than the cost of providing protection in the first place.

Look for other tangential business drivers that, if not analyzed, can lead to increased expense. For example, confidentiality and integrity—or perhaps the lack of confidentiality and integrity—are becoming increasingly larger legal issues. Ignorance of relevant laws and regulations is not an excuse not to follow them. Potentially large fines and lawsuits can be the result of failure to follow current laws. Another example is that although designing and deploying security can be expensive and require significant expertise, the lack of security can cost even more. The hard costs of the security design—such as costs for equipment, training, and so on—should always be a part of the project cost-benefit analysis. In some cases, it can be shown that adding security reduces the cost of doing business.

Guidelines for Managing Legal Requirements
Follow these guidelines to manage legal requirements: 70-271 770-445 70-237 NS0-201
Have the organization’s legal team review each security design.
Improve the security design team’s awareness of current legal requirements.
Require the security design team to prepare legal compliance as part of its design.
Have a frank discussion with IT-knowledgeable attorneys early in each product or process development cycle.

Public Key Infrastructure Fundamentals 70-642 70-271 70-445 70-237
Computer networks are no longer closed systems in which a user's mere presence on the network can serve as proof of identity. In this age of information interconnection, an organization's network might consist of intranets, Internet sites, and extranets-all of which are potentially susceptible to access by unauthorized individuals who intend to maliciously view or alter the organization's digital information assets.
There are many potential opportunities for unauthorized access to information stored on networks. A person can attempt to monitor or alter information as it crosses the network, including e-mail messages, electronic commerce transactions, and file transfers. A thief who steals a laptop computer can attempt to access confidential documents stored on the computer. An attacker might attempt to impersonate a legitimate user to gain access to information that would not otherwise be authorized.
A well-planned PKI can reduce the likelihood of each of these common attacks. As a security administrator, you must understand the fundamentals of PKI, and be able to deploy a Windows Server 2003 Certificate Services infrastructure.

Cryptography and Encryption
Cryptography is essential for the secure exchange of information across intranets, extranets, and the Internet. From a technical point of view, cryptography is the science of protecting data by mathematically transforming it into an unreadable format, otherwise known as encryption. To a business, cryptography is a means to reduce the likelihood of a costly security compromise by providing authentication, confidentiality, and data integrity.
Network encryption comes in two main varieties: shared key encryption and public key encryption. Shared key encryption requires both the sender and the recipient of an encrypted message to have a shared secret-a password that can be used to encrypt and decrypt the message. Shared key encryption is easy to understand, but it is difficult to implement on a large scale. After all, to allow secure communication between 1,000 employees at a company would require about 1 million passwords to be exchanged, because any two users who wanted to communicate would need to exchange a unique password.
For example, if Sam wants to send an encrypted electronic message to Toby, Sam first walks over to Toby and whispers a password in his ear. Then, when Toby receives the electronic message, Toby decrypts it with the password. As long as nobody else knows the password, Sam can be sure that the contents of the message are private.
The second common network encryption mechanism is public key encryption, also known as asymmetric key encryption. Public key encryption uses one key to encrypt a message, and a second, related key to decrypt the message. These two keys form a key pair. One of these keys is kept private, and the other key can be shared publicly (hence the name, public key encryption).
For example, if Sam wants to send an encrypted message to Toby, Sam uses Toby's public key to encrypt the message. When Toby receives the message, Toby uses his private key to decrypt it. Only Toby's private key can be used to decrypt a message encrypted with his public key, so Sam can be sure that nobody else was able to view the contents of the message.
There's another interesting way to use public key encryption: digital signatures. If Sam wants to prove to Toby that Sam, and not somebody else, sent the message, Sam can use Sam's own private key to encrypt the message. After Toby receives it, Toby needs to use Sam's public key to decrypt the message. If it decrypts properly, Toby can be certain that Sam's private key was used to encrypt it and that the message hadn't changed since Sam sent it. Of course, encryption takes a great deal of processing power, so Sam would probably choose to encrypt a short hash of the message instead of the entire message, and append the hash onto the end of the message. That would be sufficient to prove that Sam sent the message and that it hadn't been modified in transit. NS0-201 70-643 70-631

Group Policy 70-290 117-201 MB2-632 70-649
Group Policy objects can be configured to automatically install Windows Installer packages on computers. Service packs include a Windows Installer package, making it simple to use a Group Policy object to deploy a service pack.
Service packs, more than any other type of update, require extensive testing and pilot deployments because of the extensive changes they make. Although SUS is an excellent way to distribute frequently released security updates to a large number of client computers, you cannot use a single SUS server to stage a pilot deployment to a small number of computers in your organization. Fortunately, you can use Group Policy objects to distribute service packs directly.
Off the Record As of the time of this writing, the current version of SUS does not provide any ability to control which clients receive updates. However, you could create separate SUS servers for pilot and production deployments, and approve updates on the production SUS server only after they have been proven on the pilot SUS server. You could then use Group Policy objects to point different clients at the production and pilot SUS servers.
There are some distinct advantages to using a Group Policy object rather than the Automatic Updates client to distribute service packs. Specifically, by using Group Policy objects, you can deploy a service pack only to computers in specific sites, domains, and organizational units. Additionally, you can use permissions and Windows Management Instrumentation (WMI) filtering to control which computers can apply a GPO on an even more granular level.
After you assign the service pack package, Windows Installer installs the service pack automatically when users start their computers. Users are not presented with a choice to install the service pack. Only a network administrator or someone who is logged on to a local computer as a member of the Administrators group on that computer can remove the assigned software.
After a package has been added to the Software Installation node of a GPO, you can choose to remove or deploy it for troubleshooting purposes. If a service pack installation fails to deploy successfully, you can redeploy it by right-clicking the package, clicking All Tasks, and then clicking Redeploy Application. 70-293 70-431 70-236 642-373
You can remove the package from the GPO by right-clicking the package, clicking All Tasks, and then clicking Remove. The Remove Software dialog box will appear. To uninstall the service pack, click Immediately Uninstall The Software From Users And Computers. To leave the service pack installed on computers that have already received it, click Allow Users To Continue To Use The Software, But Prevent New Installations. Microsoft updates support a standard set of command-line parameters to simplify the deployment of updates by using scripts. Use the /quiet (formerly /q) parameter to install an update silently. When chaining updates, use the /norestart (formerly /z) parameter to prevent the computer from automatically restarting.
The Automatic Updates client can be configured by using GPOs linked to Active Directory, to the local GPO, or to the registry.
SUS requires that IIS be installed on the local computer, and that the Web site be configured to use the default port 80.
Both SUS and the Automatic Updates client store event information in the System event log.
Service packs include a Windows Installer package that can be used to deploy the service pack by using a GPO. This provides a simple way to install the service pack on a limited number of computers during a pilot deployment.

Assessing Patch Levels 70-441 350-001 350-018
Auditing is one of security's core concepts. Without auditing, security degrades over time. Updating is certainly no exception to this; even if you configure an airtight updating infrastructure, at some point a computer on your network will go unpatched. This can happen when a mobile computer is disconnected from the network for an extended period, when a user changes a computer's configuration settings, and when the installation process of an update is interrupted.

MBSA is a powerful tool that you can use to assess the patch levels on your network. If and when a computer fails to install an update, MBSA can detect it. If there are rogue computers on your network that are not participating in your patching infrastructure, MBSA can find them. You can even schedule MBSA to scan your network for unpatched computers at night, so you can review the reports in the morning without waiting for the scan to occur.

MBSACLI
Scanning a large network should be done on a regular basis to find computers that have not been properly updated. However, scanning a large network is a time-consuming process. While the MBSA console is the most efficient way to interactively scan a network, the Microsoft Baseline Security Analyzer command-line interface (MBSACLI) provides a way to script an analysis. By using scripts, you can schedule scanning to occur automatically, without your intervention. In this way, you can have MBSACLI generate a report that you can refer to on demand.

Security Alert It's convenient to schedule MBSACLI scans after business hours so you don't consume network resources during working hours; however, if you do this, you won't scan computers that users take home with them. It's a good idea to schedule scans at various times during the day.


Another good reason to schedule scans by using MBSACLI is to scan from multiple points on your network. For example, if your organization has five remote offices, it is more efficient to scan each remote office by using a computer located in that office. This improves performance, reduces the bandwidth used on your wide area network, and allows you to scan computers even if a perimeter firewall blocks the ports that MBSACLI uses to scan.

MBSACLI runs in one of two modes: MBSA and HFNetChk. MBSA mode provides similar functionality to that of the graphical MBSA console. HFNetChk mode provides backward compatibility with earlier versions of the tool, and also provides additional functionality not supported in MBSA mode. Some of the additional features provided by HFNetChk mode are connecting to network resources as another user, specifying an XML data source, and scanning a set of computers specified in a text file. HFNetChk mode scans only for missing updates; it will not scan for other types of vulnerabilities, such as weak configuration settings. 640-801 70-291 1D0-510 MB6-508

Analyzing the Existing DNS Implementation 350-001 156-915.65 642-642
Unless you are tasked with building a network infrastructure from the ground up, most
network administrators have to understand and work with DNS infrastructures that are
already in place. This lesson includes an overview of the DNS components and discusses
some of the terminology you will need to understand before you can design
and implement a DNS strategy for your company.
The first step in analyzing a company’s network infrastructure is to perform an analysis
of the company itself. As discussed in Chapter 2, understanding how a company works
and how its information flows lays a critical foundation for the rest of your network
design. In this lesson, you learn to gather information regarding the DNS infrastructure
that is in place.
DNS Overview
Most human beings do not like working with numbers or having to memorize Internet
Protocol (IP) addresses to connect to a resource on the network. It’s a lot easier to
memorize www.microsoft.com as an address than 172.16.45.67. When a Fully Qualified
Domain Name (FQDN) such as www.microsoft.com is entered by a user on a network,
there must be a method or component that takes that name and resolves it to an IP
number. DNS does exactly that. As you saw in Chapter 1, this name resolution process
can be quite involved. In this section, you will look at the various components that
make it all happen.
Components of DNS
Because you have already gathered all of the information pertaining to the physical
locations of the various departments and divisions of your company, and have created
network diagrams of the present infrastructure, you are almost ready to analyze the
DNS structure of the company. The diagrams you have created illustrate where all
servers, routers, switches, and so on are located. This information, combined with the
locations and total amount of hosts, subnets, and routers, will help you to understand
how the present DNS infrastructure is configured.
DNS Zones
A zone is defined as a contiguous portion of a DNS tree that is administered as a
separate entity by a DNS server. It can store information about one or more domains.
A zone contains resource records associated with a particular domain. For example,
Contoso’s DNS namespace for the domain contoso.com may have originally been
configured as a single zone, but as the domain grows and many subdomains are
added—such as ftp.contoso.com, www.contoso.com, marketing.contoso.com, and so
on—you can assign different zones to each subdomain.
Windows Server 2003 allows you to choose between several different zone types (as
shown in Figure 6-1).
Primary zone Contains a local copy of the DNS zone where resource records
are created and updated. VCP-310 640-802 190-848
Secondary zone A read-only copy of a DNS zone. It can be updated only through
replication from a primary zone, and is used for redundancy and load balancing.
Active Directory integrated zone A primary zone stored in Active Directory.
Stub zone A copy of a zone that contains only the resource records needed to
identify authoritative DNS servers, thereby simplifying DNS administration and
improving name resolution.

WINS Database 70-299 70-541 XK0-002 70-536
The WINS database uses the Extensible Storage Engine (ESE) to operate. This is the
same engine used by Active Directory directory service, Microsoft Exchange, and many
other Windows components. ESE is built on JET (Joint Engine Technology). Most database
programs such as Microsoft SQL Server, Oracle, and Sybase allow transactions to
first be written to a log file before being written to the database file. This improves
performance because input/output (IO) to a file can be done quickly; subsequent
transactions can be written to the area of the database where the data should be stored.
ESE also separates log files and transactions to optimize performance.
For example, if a WINS-enabled client is booted, the client will register its name and IP
number to the WINS server. The WINS server will write this transaction to a log file
immediately. Later, when the processor is idle, transactions will be permanently written
directly to the database. There are a couple of advantages to this methodology:
Improved performance 646-230 642-533
Fault tolerance 70-272 70-284 220-602
The improved performance has already been demonstrated, but how is fault tolerance
gained in this example? Because all transactions are written to a log file first, a harddisk
crash of the database file could easily be restored from a backup tape combined
with the log files you have stored on a different drive or tape. This would allow you to
bring the server back to the point of failure. That is, transactions could be restored right
up to the point when the crash occurred if you restored your WINS database backup
and the current log files.
Now that you have had a lesson in how most databases work, let’s look at the WINS
database.
WINS Database Files
WINS uses the JET database format to store data in five different file types:
Log Files As you learned earlier, transactions are stored in log files. These files
begin with the letter “J” followed by a decimal number if the log file is a new
transaction, for instance, J10.log. If a log file becomes full, it is renamed with a
hexadecimal number appended to the previous name, such as J100000F.log. Then,
a new log file with the original filename is created.
Log files can grow quickly. As you learned in your earlier brief database lesson,
writing to log files increases speed and efficiency of data storage as well as providing
for recovery in case of a failure or crash. Log files should not be deleted
until a backup of the WINS database has occurred.
After all, once the database has been backed up, there is no reason to keep a copy
of the log files because the transactions have already been posted to the database
and backed up to tape or another media. If, however, the database crashes and
there is no backup of the log files, losing the database would mean losing the files
to recover. If you do not have a software or hardware redundant array of independent
disks (RAID) system in place, you would be able to return the system only to
the point of your last backup. All transactions that occurred between that backup
and the crash would be lost.
Checkpoint files Checkpoint files are used during a recovery process. These
files indicate the location of the information that was successfully written from the
transaction log files to the database file.
Wins.mdb The WINS server database file contains two tables: the IP address-toowner
ID mapping table and the name-to-IP address mapping table.
Winstmp.mdb This is a temporary file created by the WINS server service to aid
in index maintenance. 70-630 640-801 70-297
Res# .log Reserved log files are used if your server runs out of disk space and
cannot create additional transaction log files. The server places outstanding transactions
into these reserved log files, and the WINS service shuts down and logs an
event to Event Viewer.

ToolStrip controls can host a wide range of functionality. ToolStripItems duplicate the functionality of several other Windows Forms controls as well as combine some Windows Forms functionality with menu functionality.000-297 ex0-103 190-801
Tool strips support rafting, merging, rearrangement of controls, and overflow of controls.
MenuStrip controls are used to create menus for forms and host ToolStripMenu-Item controls, which represent menu entries and commands.
The ContextMenuStrip control is used for creating context menus. You can associate a context menu with a control by setting the ContextMenuStrip property.
The Properties window can be used to create default event handlers or to assign preexisting methods to handle events.
A variety of mouse and keyboard events are raised in response to user actions. The MouseEventArgs parameter in many of the mouse events provides detailed information regarding the state of the mouse, and the KeyEventArgs and KeyPressEvent-Args parameters provide information regarding the state of the keyboard.
Event handlers can be created at run time and used to dynamically associate events with methods.
Typically, most real-world applications use databases as a store for the data in that application. For example, inventory systems, contact management systems, and airline reservation systems store data in a database and then retrieve the necessary records into the application as needed. In other words, the data used by an application is stored in a database external to the actual application, and it is retrieved into the application as required by the program.
When creating applications that work with data, the Microsoft .NET Framework provides many classes that aid in the process. The classes that you use for common data tasks such as communicating, storing, fetching, and updating data are all located in the System.Data namespace. The classes in the System.Data namespace make up the core data access objects in the .NET Framework. These data access classes are collectively known as ADO.NET.
Before you can begin working with data in an application, you must first establish and open a connection and communicate with the desired data source. This chapter describes how to create the various connection objects that are used to connect applications to different data sources and sets the basis for working with data in the following chapters. After learning to establish connections to databases in this chapter, we will move on to Chapter 6, “Working with Data in a Connected Environment,” which provides instructions for running queries, saving data, and creating database objects directly between your application and a database. Chapter 7, “Create, Add, Delete, and Edit Data in a Disconnected Environment,” describes how to create DataSet and DataTable objects that allow you to temporarily store data while it is being used in a running application. Finally, Chapter 8, “Implementing Data-Bound Controls,” provides information on binding data to be displayed and worked with in Windows Forms controls.
Typically, data sources are relational databases such as Microsoft SQL Server and Oracle, but, additionally, you can connect to data in files such as Microsoft Office Access (.mdb) and SQL Server (.mdf) database files. The connection object you use is based on the type of data source your application needs to communicate with. 190-712 640-553 190-623

The ToolStrip control is a host for ToolStripMenuItem controls that can be used to create toolbar-style functionality for your forms. Toolbars provide support for item reordering, rafting, and overflow of items onto the overflow button.646-204 225-030 000-253

Many tool strip items duplicate functionality of full-size Windows Forms controls such as ToolStripLabel, ToolStripButton, ToolStripTextBox, ToolStripComboBox, and ToolStripProgressBar. Tool strip controls that do not have analogous Windows Forms controls include ToolStripSeparator, ToolStripDropDownButton, and Tool-StripSplitButton.
You can display images on the ToolStripItems control with the Image property.
The ToolStripContainer control allows you to create forms that include support for rafting toolbars.

The ToolStripManager class is a static class that exposes methods for tool strip management. You can use the ToolStripManager.Merge method to merge tool strips.
Lesson Review
You can use the following questions to test your knowledge of the information in this lesson. The questions are also available on the companion CD if you prefer to review them in electronic form.

Creating and Configuring Menus 190-803 BI0-122 640-863
Menus have always been a part of Windows Forms applications. They give the user quick and easy access to important application commands in an easy-to-understand, easy-to-browse interface. The .NET Framework version 2.0 introduced MenuStrips, which allow the rapid creation of Forms menus as well as context menus (also known as shortcut menus, which appear when the user right-clicks an object). In this lesson, you will learn how to create menus and context menus and configure them for use in your application.

Creating Access Keys
Access keys enable you to access menu items by defining keys that, when pressed in combination with the Alt key, will execute the menu command. For example, if a File menu defines the F key as an access key, when Alt+F is pressed, the File menu will open. Menus that contain sub-menus open when the access key combination is pressed, and menus that invoke commands will invoke those commands. Note that the menu item must be visible for the access key to function. Thus, if you define an access key for an Open menu item that exists in the File sub-menu, the File menu must be opened first for the access key combination to function.
You can create an access key for a menu by preceding the letter you want to define the access key for with an ampersand (&) symbol. For example, to create an Alt+F access key combination for the File menu, you would set the FileToolStripMenuItem’s Text property to &File.
Creating Shortcut Keys
Unlike access keys, shortcut keys are a combination of keystrokes that allow direct invocation of a menu item whether the menu item is visible or not. For example, you might define the Ctrl+E key combination to be a shortcut key for the Exit menu command in the File menu. Even if the File menu is not open, Ctrl+E will cause the Exit menu command to be executed. Also, unlike access keys, you cannot create shortcut keys for top-level menus—you can create them only for items in sub-menus. 000-731 ex0-100 70-620
You can create a shortcut key at design time by setting the ShortcutKeys property in the Properties window. Clicking the ShortcutKeys property launches a visual interface than enables you to define a key combination. This interface is shown in Figure 4-5.
If you want to display the shortcut key combination next to the menu item, you can set the ShowShortcutKeys property of the ToolStripMenuItem control to True. You can also define a custom text to be shown instead of the key combination. If you want to define a custom text, you can set it in the ShortcutKeyDisplayString property.

Product Description

Exam Number/Code: 190-720
Exam Name: IBM Lotus Notes Domino 7 SysAdmin Operating Fundamentals
"IBM Lotus Notes Domino 7 SysAdmin Operating Fundamentals", also known as 190-720 exam, is a Lotus certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 90 questions to your 190-720 Exam preparation. In the 190-720 exam resources, you will cover every field and category in CLP helping to ready you for your successful Lotus Certification.


Exam Number/Code: 646-976
Exam Name: Data Center Networking Sales Specialist
"Data Center Networking Sales Specialist", also known as 646-976 exam, is a Cisco certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 80 Q&As to your 646-976 Exam preparation. In the 646-976 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.

Exam Number/Code: 646-223
Exam Name: Unified Communications Express AM
"Unified Communications Express AM", also known as 646-223 exam, is a Cisco certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 101 Q&As to your 646-223 Exam preparation. In the 646-223 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.


Exam Number/Code: 70-638
Exam Name: TS:MS Office Communications Server 2007, Configuring
"TS:MS Office Communications Server 2007, Configuring", also known as 70-638 exam, is a Microsoft certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 60 Q&As to your 70-638 Exam preparation. In the 70-638 exam resources, you will cover every field and category in TS helping to ready you for your successful Microsoft Certification.

Network Access Server
A network access server is 70-291 a server that functions as a gateway to a network for remote
clients. Routing and Remote Access service can be used to configure a Windows Server
2003 server as a remote access server, which will enable remote clients to create dialup
connections, or as a VPN server.
Remote access  MCDBA  servers authenticate clients as they attempt to connect, or a centralized
authentication server may be configured if there is a need for multiple remote access
servers. IAS Server, which is Microsoft’s implementation of RADIUS, is such a server.
RADIUS is covered in Lesson 3. In configuring your remote access server, you are able
to:
 Restrict remote clients’ access to only the remote access 70-649 server or to the entire network.
With this option, you can allow certain users to access only what is on the
remote access server. For example, you can have job announcements listed in a
shared folder located on the remote access server that you want potential employees
outside of your organization to have access to. However, you do not want
these users to be able to access any other resources located on other servers on
your network. By 70-297 restricting users to only the remote access server, you have less
chance of an attacker penetrating your local area network.

Choose the authentication methods that will be used by the server. Authentication
is the validation of a user’s credentials when he or she attempts to log on to the
remote access server. In other words: “Are you who you say you are? Does your
password match the one in my database?” A good analogy is the situation of an
out-of-towner trying to pay a bill in a fancy restaurant with a personal check. The
waiter or manager of the restaurant needs to 70-291 authenticate the person writing the
check, usually by asking for two forms of a picture ID (credentials).
Authentication should not be confused with authorization. Authorization is the
verification of the user’s right to be where he or she is. That is: “Yes, you are who
you say you are (authentication), but you are not allowed access (authorized) to
the CEO’s bank account records.” Authorization occurs after a user has logged on
and has been authenticated.

 Configure Point-to-Point Protocol (PPP) options. Point-to-Point Protocol is an
industry-standard protocol that replaced Serial Line Internet Protocol (SLIP)
because of SLIP’s limitation of only 70-646 supporting Internet Protocol (IP). PPP works
with multiple protocols and also has better security features, such as encryption,
mutual authentication, callback, and caller-ID.
Configure event-logging preferences. A network access server supports three
types of logging:
 Event logging, which is the recording of events in the system event log. There
are four levels of event logging available:
Log errors only
Log errors and warnings (the default)
Log the maximum amount of information
Disable event logging
 Local Authentication and accounting logging, which enables you to track
remote access usage and authentication-attempt information.
RADIUS-based authentication and 70-270 account logging, which enables you to
track remote access usage and authentication attempts from multiple remote
access servers. RADIUS is a centralized auditing- and accounting-based server
usually used by most Internet Service Providers.
Authentication Methods for Remote Access
After the remote client, remote server, and network infrastructure are configured, a
method must be implemented to authenticate the clients who will be connecting to the
remote access server and gaining access to your company’s network resources. After
all, you do not want unauthorized access to your company’s resources to occur onyour network. Table 10-3 illustrates the various methods of 70-294 authentication available for
remote access clients, including wireless access clients.

VPN Client
A VPN client TS connects to a network using the Internet or public network as its backbone.
It uses Transmission Control Protocol/Internet Protocol (TCP/IP ) protocols and
tunneling, covered later in this lesson, as a means of securing and encrypting the data
as it traverses the public network.
Wireless Client
Wireless clients connect to a network by using radio frequencies ranging from 2.4 GHz
to 5.0 GHz, depending on which 802.11  70-649   wireless standard is being followed (see Table
10-2 for some of the wireless standards). Infrared (IR) frequencies use the frequency a
little below visible light and spread-spectrum signals to send data over multiple frequencies.
Bluetooth is another popular wireless standard for smaller, short-distance
devices such as Personal Digital Assistants (PDAs), and is supported on Microsoft
Windows XP service pack 1 and later.For a wireless client to connect to a remote access server, a couple of components are
required:
¡ö Wireless network interface card (NIC) on the client computer The wireless
NIC translates the workstation’s digital signals into radio signals that are sent to a
transceiver located in the same area as the wireless client workstation. There can
be multiple transceivers spread MCSA  over a large area, if necessary, as discussed in
Lesson 2.
¡ö Access point (AP) The access point is the transceiver that receives signals from
the wireless client. The AP is connected to the local area network (LAN) segment,
which subsequently sends the data it receives from the wireless client to the
remote access server.
In designing your wireless network, you must determine where to locate the wireless
APs based on the location of your wireless users. You should create a network diagram
that shows the locations within a building that require wireless coverage, or you can
enable wireless coverage for an entire building. You should also document any devices
that can interfere with your wireless network, such as: 70-297

How Many APs Do I Need?
So far, you have included fault tolerance and redundancy in your network design.
Wireless networking should be no exception. Having only one access point in your
wireless design is not only risky, it will also have an adverse affect if a wireless remote
client is not located close enough to the receiver. The indoor range of most devices is
about a 150-foot radius.
You should have an idea of how many wireless clients will be accessing your network.
In your design phase you should try to estimate the throughput the average wireless
client will use. You can multiply this number by the total number of users and get a
good idea of the wireless bandwidth requirement you will need. This will help you
determine the total number of APs for your 70-646 remote access infrastructure. If there are
too many users accessing an AP, the effective data transmission rate will be lower and
the available bandwidth for each user will be reduced.

Product Description

Exam Number/Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory. Configuring

"TS: Windows Server 2008 Active Directory. Configuring", also known as 70-640 exam, is a Microsoft certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 126 Q&As to your 70-640 Exam preparation. In the 70-640 exam resources, you will cover every field and category in TS helping to ready you for your successful Microsoft Certification.


Exam Number/Code: 70-647
Exam Name: Pro:Windows Server 2008, Enterprise Administrator

"Pro:Windows Server 2008, Enterprise Administrator", also known as 70-647 exam, is a Microsoft certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 172 Q&As to your 70-647 Exam preparation. In the 70-647 exam resources, you will cover every field and category in MCITP helping to ready you for your successful Microsoft Certification.

Exam Number/Code: 920-221
Exam Name:Nortel Convered Campus ERS Installation & Configuration

"Nortel Convered Campus ERS Installation & Configuration", also known as 920-221 exam, is a Nortel certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 59 Q&As to your 920-221 Exam preparation. In the 920-221 exam resources, you will cover every field and category in NCSS helping to ready you for your successful Nortel Certification.

Understanding SQL Server 2005 Editions
A major part of the installation planning process is determining the SQL Server 2005
edition you need to use. 70-541 70-630 SQL Server 2005 offers five editions—two of which come in
either 32-bit or 64-bit versions—each designed for a specific environment. Determining
the proper edition to install is critical for meeting the functionality needs of your
current environment as well as any future needs you might expect. Here is a description
of each edition:
SQL Server 2005 Enterprise Edition (32-bit and 64-bit) Enterprise Edition is
designed to support the largest enterprise online transaction processing (OLTP)
environments, highly complex data-analysis requirements, data-warehousing
systems, and active Web sites. DBAs designing large database installations
should consider only Enterprise Edition.
SQL Server 2005 Standard Edition 70-640 70-647 MB2-631 (32-bit and 64-bit) Standard Edition includes
the essential functionality needed for e-commerce, data warehousing, and lineof-
business solutions that most small- and medium-sized organizations use.
Organizations with databases that will contain large amounts of data but do not
need installations with all the features of Enterprise Edition might want to consider
Standard Edition.
SQL Server 2005 Workgroup Edition (32-bit only) Workgroup Edition is the datamanagement
solution for small organizations that need a database that has no
limits on size or number of users and has the capability to serve as a back end to
small Web servers and departmental or branch-office operations. DBAs working
with small amounts of data on smaller servers might want to consider using
Workgroup Edition.
SQL Server 2005 Developer Edition (32-bit and 64-bit) Developer Edition includes
all the functionality of SQL Server 2005 Enterprise Edition, but it is licensed for
use as a development and test system, not as a production server. Developer Edition
is suited for developers in larger companies who need to develop applications
that will use Enterprise Edition but who do not want to install Enterprise
Edition on development or test servers.
SQL Server 2005 MB2-633 1Y0-259 Express Edition (32-bit only) SQL Server Express is a free, easyto-
use, and simple-to-manage database that can be redistributed to function as
the client database as well as a basic server database. Express Edition is usually
suited only for very small data sets. Developers who are developing applications
that require a small data store should consider using Express Edition. Express
Edition also makes a suitable replacement for Microsoft Access databases.
Lesson Summary
SQL Server 2005 includes five editions: Enterprise Edition, Developer Edition,
Standard Edition, Workgroup Edition, and Express Edition.
Enterprise Edition has no limitations and contains all features and functionality.
Developer Edition has no limitations and contains all features and functionality,
but it is not licensed for production.
Standard Edition has features and functionality suited for larger data sets, but it
is limited in the number of nodes it supports for clustering as well as in its capability
to use system resources, online indexing, indexed views, fast recovery,
online restores, and data partitioning.
Native Support 1Y0-731 1Z0-042 220-602
for Web Services
(Service Oriented
Architectures)
Yes
(Reporting
Services
only)
Yes (Reporting
Services
only)
Yes Yes
Analysis Services No No Yes Yes
Table 1-1 Feature Set by SQL Server 2005 Edition (Developer Edition has the same
feature set as Enterprise Edition)
Feature/Functionality
Express Workgroup Standard Enterprise
8 Chapter 1 Installing SQL Server 2005
Workgroup Edition does not include the features and functionality needed to
operate large databases and is restricted in its capability to support mid-size and
large companies. 640-801 640-822
Express Edition is useful for small application-installed databases that need to
be distributed free of charge. It is not suited for organization-wide databases.

Introduction
This training kit is designed for information technology (IT) professionals who plan
to take Microsoft Certified Technical Specialist (MCTS) exam XK0-002 , as well as for SY0-101 IT professionals who need to know how to implement and maintain Microsoft SQL
Server 2005 databases. We assume that before you begin using this kit you have a
working knowledge of Microsoft Windows, network technologies, relational databases
and their design, Transact-SQL, and the SQL Server 2005 client tools.
By using this training kit, you’ll learn how to
Install and configure SQL Server 2005.
Create and implement database objects.
Implement high availability and disaster recovery.
Maintain databases.
Support data consumers.
Monitor and troubleshoot SQL Server performance.
Hardware Requirements
We recommend that you use a computer that is not your primary workstation to do
the practice exercises in this book because you will make changes to the operating system
and application configuration. The following hardware is required to complete
the practice exercises:
Personal computer with a N10-003 MB2-633 600 MHz Pentium III–compatible or faster processor;
1 GHz or faster processor recommended
512 MB of RAM or more; 1GB or more recommended
8 GB of available hard disk space
NOTE Four volumes necessary for some practice exercises
To complete some of the practice exercises in this book, you will need four volumes on your
computer. We recommend that you make the C volume the largest, and then use volume
sizes of 650 MB for the D, E, and F volumes.
DVD-ROM drive
Super VGA (1,024 x 768) or higher resolution video adapter and monitor
Keyboard and Microsoft mouse, or compatible pointing device
Software Requirements
The following software is required to complete the practice exercises:
One of the following operating systems:
? Microsoft Windows MB2-631 HP0-S132000 Server with Service Pack (SP) 4 or later
? Windows 2000 Professional with SP 4 or later
? Windows XP with SP 2 or later
? Windows Server 2003 Standard Edition, Enterprise Edition, or Datacenter
Edition with SP 1 or later
? Microsoft Windows Small Business Server 2003 with SP 1 or later
? Microsoft Windows Server 2003 Standard x64 Edition, Enterprise x64 Edition,
or Datacenter x64 Edition with SP 1 or later
? Windows XP Professional x64 Edition or later running in Windows on
Windows
SQL Server 2005 (A 180-day evaluation edition of Microsoft SQL Server 2005 9L0-402 920-221
Enterprise Edition is included on DVD with this book)
CAUTION Networked computers
If your computer is part of a larger network, verify with your network administrator that the
SQL Server instances installed will not interfere with network operations. All instances configured
for exercises within this book should be set to allow local connections only to ensure
that they will not interact with other resources on your network.
Microsoft Internet Explorer 6.0 SP 1 or later

Chapter 3: Lesson Review Answers
Lesson 1
1. Which of the following properties and methods can be used to find the index of
a selected item in a ListBox control? (Choose all that apply.) 642-445
A. ListBox.IndexOf
B. ListBox.SelectedIndex
C. ListBox.SelectedIndices
D. ListBox.Select
1. Correct Answers: B and C
A. Incorrect. The IndexOf method returns the index of an object to which you
have a reference but does not detect selected objects.
B. Correct. The SelectedIndex property will return the selected index. Note that
if more than one item is selected, this property might return any of them.
C. Correct. The SelectedIndices property will return all selected indexes.
D. Incorrect. The Select method will programmatically select an object in the
ListBox but does not detect which index is selected. 642-456 642-513

2. Which of the following methods cannot be used to add an item to the Items col-
lection of a ComboBox, ListBox, or CheckedListBox control?
A. Items.Add
B. Items.Insert
C. Items.AddRange
D. Items.Contains
2. Correct Answer: D
A. Incorrect. The Items.Add method adds a specified item to the Items collec-
tion.
B. Incorrect. The Items.Insert method adds a specified item to the Items collec-
tion at a specified index. 642-523 642-812
C. Incorrect. The Items.AddRange method can be used to add an array of
objects to the Items collection.
D. Correct. The Items.Contains method is used to determine if a collection
contains a specified item, not to add items to a collection.

3. Which of the following is NOT a valid setting for the View property of the List-
View control?
A. LargeIcon
B. Details
C. Tree
D. SmallIcon
3. Correct Answer: C
A. Incorrect. Setting the View property to LargeIcon displays the ListViewItems
with their associated large icons.
B. Incorrect. Setting the View property to Details will display the ListViewItems
with its associated SubItems. 642-811 642-642
C. Correct. The ListView property cannot be used for displaying hierarchical
data. For items with a tree structure, use the TreeView control.
D. Incorrect. Setting the View property to SmallIcon displays the ListViewItems
with their associated small icons.

Lesson 2
1. Which of the following are possible values for the Checked property of a Check-
Box control? (Choose all that apply.)
A. Checked
B. False
C. Indeterminate
D. Unchecked
E. True
F. NotChecked
1. Correct Answers: B and E
A. Incorrect. The Checked property is a Boolean value and can be only True or
False. The CheckState property can be set to Checked, however.
B. Correct. The Checked property is a Boolean value and can be only True or
False. 642-611 642-587
C. Incorrect. The Checked property is a Boolean value and can be only True or
False. The CheckState property can be set to Indeterminate, however.
D. Incorrect. The Checked property is a Boolean value and can be only True or
False. The CheckState property can be set to Unchecked, however.
E. Correct. The Checked property is a Boolean value and can be only True or
False.
F. Incorrect. The Checked property is a Boolean value and can be only True or
False. No property of the CheckBox control can be set to NotChecked.

2. You are designing an application that asks the user to select a period ranging
from one day to seven days in a given month. Which of the following configura-
tions for a MonthCalendar control are best choices to facilitate this functionality?
(Choose all that apply.)
A. Set the MaxSelectionCount property to 7.
B. Set the SelectionRange property to the first and last days of the month in
question.
C. Set the MaxDate property to the last day of the month in question.
D. Set the MinDate property to the first day of the month in question.
2. Correct Answers: A, C, and D
A. Correct. The MaxSelectionCount property determines the number of days
that can be chosen in the SelectionRange property. 642-533
B. Incorrect. The SelectionRange property will be set to a new value when the
user chooses dates, so setting it at design time will not facilitate this scenario.
C. Correct. The MinDate property determines the earliest date that can be
chosen, so setting it to the first day of the month in question will prevent
the user from choosing any date before this day.
D. Correct. The MaxDate property determines the latest date that can be cho-
sen, so setting it to the last day of the month in question will prevent the
user from choosing any date after this day.

3. Which of the following code examples correctly associates an image from an
ImageList component with a Button control? Assume an ImageList component
named ImageList1 and a Button control named Button1. (Choose all that apply.)
A. ' VB
Button1.Image = ImageList1
// C#
button1.Image = imageList1;
B. ' VB
Button1.ImageList = ImageList1
Button1.ImageKey = ImageList1.Images(0)
// C#
button1.ImageList1 = imageList1;
button1.ImageKey = imageList1.Images(0);
C. ' VB
Button1.ImageList = ImageList1
Button1.ImageIndex = 0
// C#
button1.ImageList = imageList1;
button1.ImageIndex = 0;
D. ' VB 642-811
Button1.ImageList = ImageList1
Button1.ImageKey = "myImage"
// C#
button1.ImageIndex = imageList1;

button1.ImageKey = "myImage";
3. Correct Answers: C and D
A. Incorrect. The Image property directly sets an image for the control and
cannot be set to an ImageList.
B. Incorrect. The ImageKey property takes a string and indicates the key for
the image in the associated ImageList component. You cannot set the
ImageKey property to a value of Image.
C. Correct. You can set the ImageList property of the control to the ImageList
in question and set the ImageIndex property to the index of the image in the
ImageList.Items collection.
D. Correct. You can set the ImageList property of the control to the ImageList
in question and set the ImageKey property to the key of the image in the
ImageList.Items collection. 642-611

Lesson 3
1. Which of the following methods can be used to print the current document in a
WebBrowser control? (Choose all that apply.)
A. WebBrowser.Print
B. WebBrowser.ShowPrintDialog
C. WebBrowser.ShowPrintPreviewDialog
D. WebBrowser.ShowPropertiesDialog
1. Correct Answers: A, B, and C
A. Correct. The Print method prints the current document.
B. Correct. The ShowPrintDialog method displays the print dialog box and
allows the user to set options before printing.
C. Correct. The ShowPrintPreview method displays the print preview dialog
box and allows the user to preview the document before printing.
D. Incorrect. The ShowPropertiesDialog method displays the properties for the
current document but does not facilitate printing.

2. You are designing an application that runs in the background and want to
enable the application to notify the user when a severe error occurs. Which of
the following properties of the NotifyIcon component can facilitate this function-
ality? (Choose all that apply.) 642-587
A. BalloonTipIcon
B. BalloonTipText
C. BalloonTipTitle
D. Text
2. Correct Answers: A, B, and C
A. Correct. The BalloonTipIcon property can be set to Error, Warning, or Info,
which can set the level of warning for the BalloonTip.
B. Correct. The BalloonTipText property can provide detailed information
about the problem to the user and suggest a possible remedy.
C. Correct. The BalloonTipTitle property can provide a clear indication of the
problem to the user.
D. Incorrect. The Text property is displayed when the user mouses over the
NotifyIcon in the system tray and should not be used for displaying critical
information.

3. Which of the following are required to create an access key for a control without
using an associated label? (Choose all that apply.) 642-432
A. The Enabled property must be set to True.
B. The control must have a Text property.
C. The UseMnemonic property must be set to True.
D. The control must be of a type that is able to receive the focus.
3. Correct Answers: B, C, and D
A. Incorrect. Although the access key will not function if the control is not
enabled, setting the Enabled property to False does not prevent the creation
of an access key at design time.
B. Correct. The Text property allows the user to define the key that is to be the
access key.
C. Correct. The UseMnemonic property indicates that the control should use
the key preceded by the ampersand (&) symbol in the Text property as the
access key.
D. Correct. If the control cannot inherently receive the focus, you cannot cre-
ate an access key for it. 642-587

Chapter 3: Case Scenario Answers
Case Scenario 1: Incorporating List-Based Controls into the User Interface
Humongous Insurance has grown so large that they need some help keeping track of
their employees. You have been put on the team that will design the new human
resources application. Other developers will supply a programmatic representation of
the organization chart and a database of information about the employees. Your job is to
create a user interface that allows the organization chart to be browsed by the user and
allows additional information about each employee to be displayed in the user interface.
Questions
Answer the following questions for your manager: 642-432
1. What is your suggested control layout for the user interface? How will you be
able to display the organization chart in a compact, easy-to-browse format?
How can we display photos of our employees as part of this application?

The primary control of this user interface would be the TreeView control, which can be
used to display hierarchical information, such as an organization chart, to the user.
Individual nodes in the organization can be expanded or collapsed, and the user can
easily browse the interface. You can use other controls to display detailed information
about a selected employee.
You can create an ImageList that contains icon photos of each employee and set the
ImageList property of the TreeView to read these images. By setting the ImageKey or
ImageIndex property of each TreeNode, an individual icon will be displayed in the Tree-
View. In the details view, you can use the PictureBox control to display a full-size image. 642-587

Case Scenario 2: Working with Files and Background Processes
As part of their document backup plan, Humongous Insurance has created an auto-
mated program that reads their electronic documents in a variety of different formats
(such as .doc, .txt, and .htm), saves them to a backup location, and prints a hard copy
on a high-throughput printer. For the most part, this application works fine without
user interaction and displays no user interface. Occasionally, however, a problem
occurs with a document that requires user intervention. You have been put in charge
of designing the user interface for the rare occasions that do arise.
Technical Requirements
¡ö The user interface must display only when there is a problem, and cannot be
launched without action by a user. 642-426
The user must be able to examine the document and manually save and print it.
Questions
Answer the following questions for your manager:
1. How can we warn the user of a problem without displaying the user interface at
all times? How will we allow the user to launch a user interface when there is a
problem?
2. When there is a problem, how can we design the user interface so that the user
is able to examine, print, and save individual files?

The NotifyIcon component can be used to inform the user without creating an obtru-
sive user interface. An icon in the system tray will let the user know the application is
running. If there is a problem, this can be communicated to the user through the bal-
loon tip. The BalloonTipIcon property can be set to the appropriate level (Error, Warn-
ing, or Info), and additional information can be provided to the user through the
BalloonTipText. 642-425
If launching the user interface is required, we can enable that by associating a Context-
MenuStrip with the NotifyIcon. The user can right-click the NotifyIcon and choose a
command from the context menu.
The WebBrowser component contains all of the functionality necessary to examine,
print, and save files. We can design the interface so that the user can view the file in
the WebBrowser and then call the WebBrowser.Print or WebBrowser.ShowSaveAsDialog
methods as necessary to print and save the document.

Lesson 3: Creating Windows Services
1. Which account type should you choose to minimize security risks? 642-444
A. LocalService
B. NetworkService
C. LocalSystem
D. User
1. Correct Answer: A
A.Correct: LocalService causes your service to run in the context of an
account that acts as a nonprivileged user on the local computer, and it pre-
sents anonymous credentials to any remote server. Using LocalService is the
best way to minimize security risks because it limits the damage a service
can do if successfully exploited. 642-446
B.Incorrect: NetworkService can present authentication credentials to remote
computers, which could be a security risk, though minimal.
C.Incorrect: LocalSystem has almost unlimited privileges on the local com-
puter, which enables a successful exploit of the service to perform almost
any action on the computer.
D.Incorrect: User causes the system to prompt for a valid user name and pass-
word when the service is installed. While this user account could have
restricted privileges, the risk is likely to be greater than using LocalService.
2. Which account type should you choose to minimize the possibility of problems
caused by overly restrictive permissions on the local computer?
A. LocalService
B. NetworkService
C. LocalSystem
D. User 642-453
2. Correct Answer: C
A.Incorrect: LocalService causes your service to run in the context of an
account that acts as a nonprivileged user on the local computer. Using
LocalService is the best way to minimize security risks, but it can cause secu-
rity problems when performing common tasks such as writing to the file
system.
B.Incorrect: NetworkService should be used when the service needs to
authenticate to remote computers. It is not recommended for services that
need access only to the local computer.
C.Correct: LocalSystem has almost unlimited privileges on the local com-
puter, which enables a service to take almost any action. You should use
LocalSystem only when security is not a concern. 642-481
D.Incorrect: User causes the system to prompt for a valid user name and pass-
word when the service is installed. While this user account could have suf-
ficient privileges, LocalSystem guarantees that you will have unlimited
privileges on the local computer.

3. Which of the following are valid ways to install a service on a computer? (Choose
all that apply.)
A. Add a shortcut to your assembly to the users Startup group
B. Use InstallUtil to install your service.
C. Configure Scheduled Tasks to launch your assembly upon startup.
D. Use Visual Studio to create an installer for your service.
3. Correct Answers: B and D
A.Incorrect: While you could launch an assembly automatically by adding it
to the Startup group, you cannot launch a service this way. 642-503
B.Correct: You can use the InstallUtil command-line tool to install a service
manually.
C.Incorrect: While you could launch an assembly automatically by adding it
to Scheduled Tasks, you cannot launch a service this way.
D.Correct: The most user-friendly way to install a service is to use Visual Stu-
dio to create an installer for your service.
4. Which tools can you use to change the user account for a service after the service
is installed?
A. My Computer
B. Computer Management
C. Net
D. Microsoft .NET Framework 2.0 Configuration
4. Correct Answer: B
A.Incorrect: My Computer does not contain a tool to configure user accounts
for services. 642-552
B.Correct: Computer Management contains the Services snap-in, which you
can use to configure user accounts for services.
C.Incorrect: While you can use the Net command-line tool to start, stop,
pause, and continue service, you cannot use Net to configure user accounts
for services.
D.Incorrect: The Microsoft .NET Framework 0 Configuration tool does not
contain a tool to configure user accounts for services.

Case Scenario 1: Creating a Testing Tool
At a high level, describe how you would create the application.
1. You should create an application that prompts the user to select a zone and an
assembly. Based on their selections, you should launch the assembly in an appli-
cation domain with evidence that would cause it to be assigned to the code
group corresponding to the selected zone
2. Create an application that creates an application domain and launches the
CASDemands assembly in the new application domain using Internet zone
Permissions 642-586
2. Although several techniques would work, the simplest way to do this is to assign
Internet zone evidence to the assembly, as the following code demonstrates:
' VB
Dim hostEvidence As Object() = {New Zone (SecurityZone.Internet)}
Dim internetEvidence As Evidence = New Evidence (hostEvidence, Nothing)

Dim myDomain As AppDomain = AppDomain.CreateDomain("QADomain")
myDomain.ExecuteAssembly("C:\path\CASDemands.exe", internetEvidence)

Answers 975
// C#
object [] hostEvidence = {new Zone(SecurityZone.Internet)};
Evidence internetEvidence = new Evidence(hostEvidence, null);

AppDomain myDomain = AppDomain.CreateDomain("QADomain"); 642-591
myDomain.ExecuteAssembly(@"C:\path\CASDemands.exe", internetEvidence);
When the CASDemand application runs, the runtime should warn you that the
application is running in a partially trusted context. If you do not receive this
warning, you have not successfully restricted the assemblys permissions

Case Scenario 2: Monitoring a File
What type of application will you create to address the IT departments need
1. You should create a Windows Service.
2. How will you address the need to deploy the application using an MSI file?
2. You will need to create a setup project for the service. The setup project will gen-
erate an MSI file that IT can distribute by using Systems Management Server
(SMS).
What startup type will you specify?
3. You should set the startup type to Automatic.
4. What account type will you specify? 642-661
4. You should specify the User account type, and ask the IT department to create a
user account that has only privileges to read the configuration file and add
events. LocalService would not have sufficient privileges, and LocalSystem would
have excessive privileges.Chapter 9 Installing and Configuring Applications

Lesson 3
1. What method of the ThreadPool class is used to have the ThreadPool run some
specified code on threads from the pool? (Choose all that apply.) 642-845
A. ThreadPool.RegisterWaitForSingleObject
B. ThreadPool.QueueUserWorkItem
C. ThreadPool.UnsafeRegisterWaitForSingleObject
D. ThreadPool.UnsafeQueueUserWorkItem
1. Correct Answers: B and D
A.Incorrect: RegisterWaitForSingleObject is used to wait for WaitHandles to be
signaled.
B.Correct: QueueUserWorkItem is used to have a pool thread run code.
C.Incorrect: UnsafeRegisterWaitForSingleObject is used to wait for WaitHan-
dles to be signaled.
D.Correct: UnsafeQueueUserWorkItem is used to have a pool thread run code.
2. How do you temporarily stop a Timer from firing? 642-973
A. Call Dispose on the Timer.
B. Call Timer.Change, and set the time values to Timeout.Infinite.
C. Let the Timer object go out of scope.
D. Call Timer.Change, and set the time values to zero.
2. Correct Answer: B
A.Incorrect: Disposing the Timer will stop the timer, and you will not be able
to restart it.
B.Correct: Using Timer.Change and Timeout.Infinite is correct.
C.Incorrect: Allowing the Timer object to go out of scope will not stop the
Timer from firing until garbage is collected, which could be anywhere from
immediately to a long time down the road.
D.Incorrect: Setting the timeout to zero will cause the timer to continue to
fire as often as possible, the exact opposite of the requested result.
Case Scenario 1: Improving Server Processing
Why is the current application not using all the CPUs? 646-363
1. The current application is single threaded, so only the main thread is running
any code.
How do you plan to solve the performance issue?
2. Make the application multithreaded to use equally well both the CPU that is cur-
rently being used and all available CPUs.
3. How do you know that your application wont use too many threads and brin
a machine to a halt?
3. Use the ThreadPool, which scales up the number of available threads based on
the number of CPUs on a machine.

Case Scenario 2: Multiple Application 646-588
How can you synchronize the applications to access the interface one at a time?
1. Use a named Mutex to make sure only one application can get to the interface at
a time.
How will this impact the performance of the applications?
2. The Mutex is an operating-system-level object (a kernel object), so there is a per-
formance impact, but in this case the performance should be plenty fast.

Chapter 6 Graphics
Lesson 1: Drawing Graphics
1. Which of the following methods would you use to draw a square with a solid
color? 642-415
A. Graphics.DrawLines
B. Graphics.DrawRectangle
C. Graphics.DrawPolygon
D. Graphics.DrawEllipse
E. Graphics.FillRectangle
F. Graphics.FillPolygon
G. Graphics.FillEllipse
1. Correct Answer: E
A.Incorrect: Graphics.DrawLines draws multiple, connected lines. This method
can be used to draw a square, but it cannot be used to draw a filled square.
B.Incorrect: Graphics.DrawRectangle would be the most efficient way to draw
an empty square. However, it cannot be used to draw a filled square.
C.Incorrect: Graphics.DrawPolygon could be used to draw an empty square.
However, it cannot be used to draw a filled square. 642-373
D.Incorrect: Graphics.DrawEllipse is used to draw oval shapes and cannot be
used to draw a filled square.
E.Correct: Graphics.FillRectangle is used to draw filled squares or rectangles.
F.Incorrect: Graphics.FillPolygon could be used to draw a filled square. How-
ever, it is not as efficient as using FillRectangle.
G.Incorrect: Graphics.FillEllipse is used to draw oval shapes and cannot be
used to draw a square.
2. Which of the following methods would you use to draw an empty triangle?
A. Graphics.DrawLines
B. Graphics.DrawRectangle
C. Graphics.DrawPolygon
D. Graphics.DrawEllipse
E. Graphics.FillRectangle
F. Graphics.FillPolygon
G. Graphics.FillEllipse 642-164
2. Correct Answer: C
A.Incorrect: Graphics.DrawLines draws multiple, connected lines. This
method can be used to draw an empty triangle, but it is not the most effi-
cient way.
B.Incorrect: Graphics.DrawRectangle draws empty squares or rectangles.
However, it cannot be used to draw a triangle.
C.Correct: Graphics.DrawPolygon is the most efficient way to draw an empty
triangle.
D.Incorrect: Graphics.DrawEllipse is used to draw oval shapes and cannot be
used to draw an empty triangle.
E.Incorrect: Graphics.FillRectangle is used to draw filled squares or rectangles
and cannot be used to draw an empty triangle.
F.Incorrect: Graphics.FillPolygon could be used to draw a filled triangle. How-
ever, it cannot be used to draw an empty triangle.
G.Incorrect: Graphics.FillEllipse is used to draw oval shapes and cannot be
used to draw an empty triangle.
3. Which of the following classes is required to draw an empty circle? (Choose all
that apply.) 642-144
A. System.Drawing.Graphics
B. System.Drawing.Pen
C. System.Drawing.Brush
D. System.Drawing.Bitmap
3. Correct Answers: A and B
A.Correct: To draw a circle, call the Graphics.DrawEllipse method using an
instance of the Graphics class.
B.Correct: To call the Graphics.DrawEllipse method, you must provide an
instance of the Pen class.
C.Incorrect: System.Drawing.Brush is used to draw filled shapes, not empty
shapes.
D.Incorrect: You can create a Graphics object from System.Drawing.Bitmap;
however, there are many better ways to create a Graphics class.
4. Which of the following brush classes would you use to create a solid rectangle
that is red at the top and gradually fades to white towards the bottom? 640-861
A. System.Drawing.Drawing2D.HatchBrush
B. System.Drawing.Drawing2D.LinearGradientBrush
C. System.Drawing.Drawing2D.PathGradientBrush
D. System.Drawing.SolidBrush
E. System.Drawing.TextureBrush
4. Correct Answer: B
A.Incorrect: HatchBrush defines a rectangular brush with a hatch style, fore-
ground color, and background color.
B.Correct: LinearGradientBrush can be used to fill objects with a color that
gradually fades to a second color.
C.Incorrect: PathGradientBrush can be used to fill objects with a color that
gradually fades to a second color; however, LinearGradientBrush is more
efficient.
D.Incorrect: SolidBrush fills objects with only a single color.
E.Incorrect: TextureBrush is used to fill objects with an image.
5. What type of line would the following code sample draw? 640-802
‘VB
DimgAsGraphics=Me.CreateGraphics
DimpAsPen=NewPen(Color.Red,10)

p.StartCap=LineCap.Flat
p.EndCap=LineCap.ArrowAnchor
g.DrawLine(p,50,50,400,50)

//C#
Graphicsg=this.CreateGraphics();
Penp=newPen(Color.Red,10);

p.StartCap=LineCap.Flat;
p.EndCap=LineCap.ArrowAnchor;
g.DrawLine(p,50,50,400,50);
A. An arrow pointing up 640-801
B. An arrow pointing down
C. An arrow pointing left
D. An arrow pointing right
5. Correct Answer: D
A.Incorrect: The arrow points to the right.
B.Incorrect: The arrow points to the right.
C.Incorrect: The arrow points to the right.
D.Correct: The arrow points to the right.
Lesson 2: Working with Images
1. Which of the following classes could you use to display a JPEG image from an
existing file in a form? (Choose all that apply.)
A. System.Drawing.Image
B. System.Drawing.Bitmap
C. System.Drawing.Imaging.Metafile
D. System.Windows.Forms.PictureBox
1. Correct Answers: A and B
A.Correct: You can load a picture from a file using the Image constructor, and
then call Graphics.DrawImage to display the picture in the form.
B.Correct: The Bitmap class inherits from the Image class and can be used in
most places where the Image class is used. 350-030
C.Incorrect: You cannot use the MetaFile class to load a JPEG image.
D.Incorrect: The PictureBox class is used to display pictures in a form, but it
does not include a method to load a picture from a file.
2. How can you draw a black border around a JPEG image that you have saved to
disk, and then save the updated image back to the disk?
A. Create a Graphics object by loading the JPEG image from disk. Draw the
border by calling Graphics.DrawRectangle. Finally, save the updated image
by calling Graphics.Save.
B. Create a Bitmap object by loading the JPEG image from disk. Draw the bor-
der by calling Bitmap.DrawRectangle. Finally, save the updated image by
calling Bitmap.Save.
C. Create a Bitmap object by loading the JPEG image from disk. Create a
Graphics object by calling Graphics.FromImage. Draw the border by calling
Graphics.DrawRectangle. Finally, save the updated image by calling Bit-
map.Save. 350-018
D. Create a Bitmap object by loading the JPEG image from disk. Create a
Graphics object by calling Bitmap.CreateGraphics. Draw the border by call-
ing Graphics.DrawRectangle. Finally, save the updated image by calling Bit-
map.Save.
2. Correct Answer: C
A.Incorrect: You cannot directly create a Graphics object from a picture saved
to the disk.
B.Incorrect: The Bitmap class does not have methods for drawing graphics.
C.Correct: You must first create a Bitmap object, and then create a Graphics
object from the Bitmap before saving it.
D.Incorrect: There is no Bitmap.CreateGraphics method. Instead, you must
call Graphics.FromImage to create a Graphics object.
3. Which format should you choose to save a photograph that could be opened by
a wide variety of applications? 350-001-Lab
A. ImageFormat.Bmp
B. ImageFormat.Gif
C. ImageFormat.Jpeg
D. ImageFormat.Png
3. Correct Answer: C
A.Incorrect: You can use the BMP format to store photographs; however, the
JPEG format uses much less space.
B.Incorrect: The GIF format is not ideal for storing photographs.
C.Correct: The JPEG format offers excellent quality and compression for
photographs with almost universal application support.
D.Incorrect: The PNG format is very efficient; however, it is not as universally
compatible as GIF and JPEG.
4. Which format should you choose to save a pie chart that could be opened by a
wide variety of applications?
A. ImageFormat.Bmp
B. ImageFormat.Gif
C. ImageFormat.Jpeg
D. ImageFormat.Png
4. Correct Answer: B 350-001
A.Incorrect: You can use the BMP format to store charts; however, the GIF
format uses much less space.
B.Correct: The GIF format is ideal for storing charts.
C.Incorrect: You can use the JPEG format to store charts; however, the results
may not be as clear as the GIF format.
D.Incorrect: The PNG format is very efficient; however, it is not as universally
compatible as GIF and JPEG.