(1)What is an IP address?

Ans:- Every device connected to the public Internet is assigned a unique number known as an Internet Protocol (IP) address. IP addresses consist of four numbers separated by periods (also called a 'dotted-quad') and look something like 127.0.0.1. (2) What is a subnet mask? Ans:- A subnet mask allows you to identify which part of an IP address is reserved for the network, and which part is available for host use. If you look at the IP address alone, especially now with classless inter-domain routing, you can't tell which part of the address is which. Adding the subnet mask, or netmask, gives you all the information you need to calculate network and host portions of the address with ease. In summary, knowing the subnet mask can allow you to easily calculate whether IP addresses are on the same subnet, or not. (3)What is ARP? Ans:- ARP is the Address Resolution Protocol. To reduce the number of ARP requests, every system which implements the ARP protocol keeps a cache of recent mappings. (4) What is ARP Cache Poisoning? Ans:- same(3) (5) What is the ANDing process? Ans:- When a source host attempts to communicate with a destination host, the source host uses its subnet mask to determine whether the destination host is on the local network or a remote network. This is known as the ANDing process. (6) What is a default gateway? What happens if I don't have one? Ans:- In general, a gateway is a device on a network that acts as an entrance to another network. In more technical terms, a gateway is a routing device that knows how to pass traffic between different subnets and networks. A computer will know some routes (a route is the address of each node a packet must go through on the Internet to reach a specific destination), but not the routes to every address on the Internet. It won't even know all the routes on the nearest subnets. A gateway will not have this information either, but will at least know the addresses of other gateways it can hand the traffic off to. Your default gateway is on the same subnet as your computer, and is the gateway your computer relies on when it doesn't know how to route traffic. (7) Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway? (8) What is a subnet? Ans:- A subnet is a logical organization of network address ranges used to separate hosts and network devices from each other to serve a design purpose. In many cases subnets are created to mirror physical or geographical separations, such as you find between cities, buildings, floors or rooms. Most modern subnet definitions are created specifically with a concern of how many hosts will need to exist on the subnet now and in the future, what security controls are needed between networks, and the performance required for communications between hosts.

(9) What is APIPA? Ans:- A Windows-based computer that is configured to use DHCP can automatically
assign itself an Internet Protocol (IP) address if a DHCP server is not available. For example, this could occur on a network without a DHCP server, or on a network if a DHCP server is temporarily down for maintenance.

(10) What is an RFC? Name a few if possible (not necessarily the numbers, just the ideas behind them) Ans:- Request for comments (RFCs) are documents that are the working notes of the Internet research and development community. An RFC document may be on essentially any topic related to computer communication, and may be anything from a meeting report to the specification of a protocol standard. (11) What is CIDR? Ans:- CIDR (Classless Inter-Domain Routing, sometimes known as supernetting) is a way to allocate and specify the Internet addresses used in inter-domain routing more flexibly than with the original system of Internet Protocol (IP) address classes. As a result, the number of available Internet addresses has been greatly increased. CIDR is now the routing system used by virtually all gateway hosts on the Internet's backbone network. The Internet's regulating authorities now expect every Internet service provider (ISP) to use it for routing. (12) You have the following Network ID: 192.115.103.64/27. What is the IP range for your network? Ans:(13) You have the following Network ID: 131.112.0.0. You need at least 500 hosts per network. How many networks can you create? What subnet mask will you use? Ans:(14) You need to view at network traffic. What will you use? Name a few tools

Ans:- SNMP Tools: AdventNet SNMP API can be used to build system management, application management and network management applications and applets. It includes class libraries and Java beans for Java SNMP development, as well as a complete MibBrowser for interacting with SNMP enabled devices. The AdventNet Agent Toolkit Java Edition provides a complete GUI-based development environment to build standalone SNMP agents, Multi-Protocol agents, and standalone TL1 agents. Also see AdventNet ManageEngine JMX Studio a 100% Java-based development environment that provides Java, J2EE, and EAI middleware application developers, the ability to build JMX and SNMPbased manageability for their applications. It also comes with options for other protocol adaptors like HTML, RMI, CORBA, SOAP, and AMI adaptor for plugging into different types of management consoles.

(15) How do I know the path that a packet takes to the destination? Ans:(16) What is DHCP? What are the benefits and drawbacks of using it? Ans:- DHCP is Dynamic Host Configuration Protocol. In a networked environment it is a method to assign an 'address' to a computer when it boots up. Benefit: A system administrator need not worry about computers being able to access networked resources. Disadvantages: (I'm still looking for it) (17) What is the DHCPNACK and when do I get one? Name 2 scenarios. Ans:- DHCP server will issue a NAK to the client ONLY IF it is sure that the client, on the local subnet, is asking for an address that doesnt exist on that subnet.The server will send a NAK EXCEPT in the following scenarios:1. Requested address from possibly the same subnet but not in the address pool of the server:This can be the failover scenario in which 2 DHCP servers are serving the same subnet so that when one goes down, the other should not NAK to clients which got an IP from the first server. 2. Requested address on a different subnet If the Address is from the same superscope to which the subnet belongs, DHCP server will ACK the REQUEST. Server to client indicating client's notion of network address is incorrect (e.g., client has moved to new subnet) or client's lease as expired

(18) What ports are used by DHCP and the DHCP clients? Ans:- DHCP clients are identified by their MAC addresses. The DHCP protocol utilizes UDP ports 67 and 68, which are the same ports used by BOOTP (19) Describe the process of installing a DHCP server in an AD infrastructure Ans:(20) What is DHCPINFORM? Ans:- DHCPInform is a DHCP message used by DHCP clients to obtain DHCP options. While PPP remote access clients do not use DHCP to obtain IP addresses for the remote

access connection, Windows 2000 and Windows 98 remote access clients use the DHCPInform message to obtain DNS server IP addresses, WINS server IP addresses, and a DNS domain name. The DHCPInform message is sent after the IPCP negotiation is concluded. The DHCPInform message received by the remote access server is then forwarded to a DHCP server. The remote access server forwards DHCPInform messages only if it has been configured with the DHCP Relay Agent.. (21) Describe the integration between DHCP and DNS Ans:- Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly, changing authorization rights for a particular user on a group of devices has meant visiting each one and making configuration changes. DHCP integration with DNS allows the aggregation of these tasks across devices, enabling a company's network services to scale in step with the growth of network users, devices, and policies, while reducing administrative operations and costs. This integration provides practical operational efficiencies that lower total cost of ownership. Creating a DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks required of network administrators. And integration of DNS and DHCP in the same database instance provides unmatched consistency between service and management views of IP address-centric network services data. (22) What options in DHCP do you regularly use for an MS network? Ans:- Automatic providing IP address ,Subnet mask ,DNS server ,Domain name Default getaway or router (23) What are User Classes and Vendor Classes in DHCP? Ans:- Windows 2000's (Win2K's) DHCP provides support for a host of new features. This week, I focus on the support for user-specified and vendor-specified DHCP options features that let administrators assign separate options to clients with similar configuration requirements. For example, if DHCP-aware clients in your human resources (HR) department require a different default gateway or DNS server than the rest of your clients, you can configure DHCP Class IDs to distribute these options to HR clients. The options that Class IDs provide override any scope or global default options that the DHCP server typically assigns. (24) Describe the importance of DNS to AD Ans:- When Microsoft began development on Active Directory, full compatibility with the domain name system (DNS) was a critical priority. Active Directory was built from the ground up not just to be fully compatible with DNS but to be so integrated with it that one cannot exist without the other. Microsoft's direction in this case did not just happen by chance, but because of the central role that DNS plays in Internet name resolution and Microsoft's desire to make its product lines embrace the Internet.

While fully conforming to the standards established for DNS, Active Directory can expand upon the standard feature set of DNS and offer some new capabilities such as AD-Integrated DNS, which greatly eases the administration required for DNS environments. In addition, Active Directory can easily adapt to exist in a foreign DNS environment, such as Unix BIND, as long as the BIND version is 8.2.x or higher. When Microsoft began development on Active Directory, full compatibility with the domain name system (DNS) was a critical priority. Active Directory was built from the ground up not just to be fully compatible with DNS but to be so integrated with it that one cannot exist without the other. Microsoft's direction in this case did not just happen by chance, but because of the central role that DNS plays in Internet name resolution and Microsoft's desire to make its product lines embrace the Internet. While fully conforming to the standards established for DNS, Active Directory can expand upon the standard feature set of DNS and offer some new capabilities such as AD-Integrated DNS, which greatly eases the administration required for DNS environments. In addition, Active Directory can easily adapt to exist in a foreign DNS environment, such as Unix BIND, as long as the BIND version is 8.2.x or higher. (25) What does "Disable Recursion" in DNS mean? Ans:- In the Windows 2000/2003 DNS console (dnsmgmt.msc), under a server's Properties -> Forwarders tab is the setting Do not use recursion for this domain. On the Advanced tab you will find the confusingly similar option Disable recursion (also disables forwarders). Recursion refers to the action of a DNS server querying additional DNS servers (e.g. local ISP DNS or the root DNS servers) to resolve queries that it cannot resolve from its own database. So what is the difference between these settings? The DNS server will attempt to resolve the name locally, then will forward requests to any DNS servers specified as forwarders. If Do not use recursion for this domain is enabled, the DNS server will pass the query on to forwarders, but will not recursively query any other DNS servers (e.g. external DNS servers) if the forwarders cannot resolve the query. If Disable recursion (also disables forwarders) is set, the server will attempt to resolve a query from its own database only. It will not query any additional servers. If neither of these options is set, the server will attempt to resolve queries normally: ... the local database is queried ... if an entry is not found, the request is passed to any forwarders that are set ... if no forwarders are set, the server will query servers on the Root Hints tab to resolve queries beginning at the root domains. (26) What is the real difference between NAT and PAT? Ans:- NAT (Network Address Translation) is just that - it translates network addresses. PAT (Port Address Translation) changes ports. Overloading is basically using PAT on a NAT'ed address.

They are not the same but generally used in conjunction with each other. For example you can have NAT without PAT and you can use PAT without NAT. PAT has the benefits of using only one public address for many connections. Each outbound connection is just given a different port assignment and this session data is kept in the firewall so the incoming traffic is directed to the correct host. With NAT only you need a lot more public addresses available to have simultaneous connections to the internet. With PAT, one will suffice for many connections. PAT also has the advantage of being able to map specific incoming ports to other ports. For example you want any incoming data directed to port 80 on your outside interface to be directed to a server using port 8080 on the inside. This can be done with PAT, but not with NAT. With NAT you would have to statically map the whole IP address and then it could not be used for anything else. Hope this help and doesnt confuse you more! (27) How do you configure NAT on Windows 2003? Ans:(28) How do you backup AD? Ans:- Several features in the windows server 2003 family make it easy to backup Active Directory. You can backup Active Directory while the server is online and other network function can continue to function. System state data on a domain controller includes the following components:

Active Directory system state data does not contain Active Directory unless the server, on which you are backing up the system state data, is a domain controller. Active Directory is present only on domain controllers. The SYSVOL shared folder: This shared folder contains Group policy templates and logon scripts. The SYSVOL shared folder is present only on domain controllers. The Registry: This database repository contains information about the computer's configuration. System startup files: Windows Server 2003 requires these files during its initial startup phase. They include the boot and system files that are under windows file protection and used by windows to load, configure, and run the operating system. The COM+ Class Registration database: The Class registration is a database of information about Component Services applications. The Certificate Services database: This database contains certificates that a server running Windows server 2003 uses to authenticate users. The Certificate Services database is present only if the server is operating as a certificate server.

Restoring Active Directory

In Windows Server 2003 family, you can restore the Active Directory database if it becomes corrupted or is destroyed because of hardware or software failures. You must restore the Active Directory database when objects in Active Directory are changed or deleted. Active Directory restore can be performed in several ways. Replication synchronizes the latest changes from every other replication partner. Once the replication is finished each partner has an updated version of Active Directory. There is another way to get these latest updates by Backup utility to restore replicated data from a backup copy. For this restore you don't need to configure again your domain controller or no need to install the operating system from scratch. Active Directory Restore Methods:Primary restore, Normal restore, Authoritative restore,

(29) What are administrative templates? Ans:-Administrative templates are a key management component of Group Policy on Windows 2000, Windows XP, and Windows Server 2003. Mitch Tulloch, author (30) How does SSL work? Ans:- Internet communication typically runs through multiple program layers on a server before getting to the requested data such as a web page or cgi scripts. The outer layer is the first to be hit by the request. This is the high level protocols such as HTTP (web server), IMAP (mail server), and FTP (file transfer). Determining which outer layer protocol will handle the request depends on the type of request made by the client. This high level protocol then processes the request through the Secure Sockets Layer. If the request is for a non-secure connection it passes through to the TCP/IP layer and the server application or data. If the client requested a secure connection the ssl layer initiates a handshake to begin the secure communication process. Depending on the SSL setup on the server, it may require that a secure connection be made before allowing communication to pass through to the TCP/IP layer in which case a non-secure request will send back an error asking for them to retry securely (or simply deny the non-secure connection). (31) How does IPSec work?

Ans:- IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle that is organized for transmission across a network, and it includes a header and payload (the data in the packet). IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit

(32) What is the "RAS and IAS" group in AD? Ans:-

(33) What are FMSO Roles? List them Related to answer number 2. Schema and Domain naming roles are forest wide PDC, INFRA & RID roles are domain wide
Ans:-

(34)What is the Drawback of DHCP? Ans:- some time ip may get by conflict (35) What is Kerberos? Which version is currently used by Windows? How does Kerberos work? Ans:- Kerberos is a type of an authentication protocol which is created my Massachusetts Institute of Technology (MIT) which helps users to communicate through an insecure network by proving their identity to one another. (36) What is the difference between Win2k Server and Win2k3? 1. In Windows 2000 server we cannot rename the Domain whereas in Windows 2003 server we can rename Domain. 2. In win2k3 we have concept of Volume shadow copy service which is used to create hard disk snap shot which is used in Disaster Recovery and win2k doesnt have this service. 3. In win2k we have cross domain trust relationship whereas in win2k3 we have cross forest trust relationship. 4. Win2k supports IPv4 only whereas Win2k3 supports IPv4 and IPv6. 5. Win2k supports of 8 processors and 64GB RAM (in Advanced
Ans:-

Server) whereas in Win2k3 supports up to 64 processors and max of 512GB RAM. 6. Win2k supports IIS5.0 whereas Win2k3 supports IIS6.0. 7. Win2k has basic concepts of DFS (Distributed File Systems) with defined roots whereas Win2k3 has enhanced DFS with multiple roots. 8. Win2k supports 4-node clustering and Win2k3 supports 8node clustering. 9. In win2k we can create 1 million users whereas in win2k3 we can create 1 billion users. 10. Win2k3 has a service called Windows Share Point Services (It is an integrated portfolio of collaboration and communication services designed to connect people, information, processes, and systems both within and beyond the organizational firewall). In Win2k there is no such service.

(37) Whats the difference between forward lookup and reverse lookup in DNS?
Ans:-

forward lookup zone: It will resolve domain name to ip address

Reverse zone: It will resolve ip address to domain name (38) How does SSL work? Ans:- Processing transactions securely on the web means that we need to be able to transmit information between the web site and the customer in a manner that makes it difficult for other people to intercept and read. SSL, or Secure Sockets Layer, takes care of this for us and it works through a combination of programs and encryption/decryption routines that exist on the web hosting computer and in browser programs (like Netscape and Internet Explorer) used by the internet public. See the left side panel for information on how shared secure certificates work. (39) How does IPSec work? Ans:- IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle that is organized for transmission across a network, and it includes a header and payload (the data in the packet). IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit.

(38) How intra site replication works..is it through KCC or RPC over IP Ans:- The KCC creates separate replication topologies to transfer Active Directory updates within a site and between all configured sites in the forest. The connections that are used for replication within sites are created automatically with no additional configuration. Intrasite replication takes advantage of LAN network speeds by providing replication as soon as changes occur, without the overhead of data compression, thus maximizing CPU efficiency. Intrasite replication connections form a ring topology with extra shortcut connections where needed to decrease latency. The fast replication of updates within sites facilitates timely updates of domain data. In deployments where large datacenters constitute hub sites for the centralization of mission-critical operations, directory consistency is critical. (40) What is the Global Catalog? Ans:- The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers. In addition to configuration and schema directory partition replicas, every domain controller in a Windows 2000 Server or Windows Server 2003 forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different domain would require the user or application to provide the domain of the requested object. The global catalog provides the ability to locate objects from any domain without having to know the domain name. A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server.

Ports Commonly Used by Global Catalog Servers

Service Name UDP TCP LDAP 3268 (global catalog) LDAP 3269 (global catalog SSL) LDAP 389 389 LDAP 636 (SSL) RPC/REPL 135(endpoint mapper) Kerberos 88 88(global catalog) DNS 53 53 SMB over IP 445 445

(41) What is Active Directory? Ans:(42)What is LDAP? Ans:- LDAP (Lightweight Directory Access Protocol) is a protocol for communications between LDAP servers and LDAP clients. LDAP servers store "directories" which are access by LDAP clients. LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP (Directory Access Protocol) defined in the OSI network protocol stack. LDAP servers store a hierarchical directory of information. In LDAP parlance, a fullyqualified name for a directory entry is called a Distinguished Name. Unlike DNS (Domain Name Service) FQDN's (Fully Qualified Domain Names ), LDAP DN's store the most significant data to the right. (43) What are GPOs? Ans:- Group Policy gives you administrative control over users and computers in your network. By using Group Policy, you can define the state of a user's work environment once, and then rely on Windows Server 2003 to continually force the Group Policy settings that you apply across an entire organization or to specific groups of users and computers. Group Policy Advantages You can assign group policy in domains, sites and organizational units. All users and computers get reflected by group policy settings in domain, site and organizational unit. No one in network has rights to change the settings of Group policy; by default only administrator has full privilege to change, so it is very secure. Policy settings can be removed and can further rewrite the changes.

Where GPO's store Group Policy Information Group Policy objects store their Group Policy information in two locations:

(44) What is the SYSVOL folder? Ans:- Sysvol is shared system volume folder Sysvol folder contains the copy of domain's public file which contain the security policies which contains of sysvol folder will be replicated to all domain controllers in domain and it must be located in NTFS volume. (45) How do you view all the GCs in the forest? Ans:- C:\>repadmin /showreps domain_controller OR You can use Replmon.exe for the same purpose. OR AD Sites and Services and nslookup gc._msdcs.%USERDNSDOMAIN% With too many DCs are configured to become the GC servers, it will cause the replication overhead between the DCs across the forest. (46) What is the Schema? Ans:- The schema is a blueprint of all the objects in a domain. When you create a new forest, a default schema contains definitions for users, computers, and domains. Because you cant have multiple definitions of an object, you can have only one schema per domain. The file schema.ini contains the default schemas definition, as well as the initial structure for the file ntds.dit (which stores directory data). The %systemroot %\ntds directory contains the file schema.ini. The file is in plain ASCII format so that you can type register schmmgmt.dll using this command c:\windows\system32>regsvr32 schmmgmt.dll Open mmc --> add snapin --> add Active directory schema name it as schema.msc Open administrative tool --> schema.msc

(47) What are the FSMO roles? For certain types of changes, Windows 2000/2003 incorporates methods to prevent conflicting Active Directory updates from occurring.
Ans:-

Windows 2000/2003 Single-Master Model To prevent conflicting updates in Windows 2000/2003, the Active Directory performs updates to certain objects in a single-master fashion. In a single-master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 4.0), in which the PDC is responsible for processing all updates in a given domain. In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are: Schema Master: The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest. Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in the whole forest. Infrastructure Master: When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a crossdomain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.

Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role. Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain. PDC Emulator: The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage. The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO

role holders follow the hierarchy of domains in the selection of their in-bound time partner. In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions: Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator. Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user. Account lockout is processed on the PDC emulator. Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share, unless configured not to do so by the administrator. The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients. This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest. (48) What is CIDR? Ans:- CIDR (Classless Inter-Domain Routing, sometimes known as supernetting) is a way to allocate and specify the Internet addresses used in inter-domain routing more flexibly than with the original system of Internet Protocol (IP) address classes. As a result, the number of available Internet addresses has been greatly increased. CIDR is now the routing system used by virtually all gateway hosts on the Internet's backbone network. The Internet's regulating authorities now expect every Internet service provider (ISP) to use it for routing (49) Describe the integration between DHCP and DNS? Ans:- Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly, changing authorization rights for a particular user on a group of devices has meant visiting each one and making configuration changes.

DHCP integration with DNS allows the aggregation of these tasks across devices, enabling a company's network services to scale in step with the growth of network users, devices, and policies, while reducing administrative operations and costs. This integration provides practical operational efficiencies that lower total cost of ownership. Creating a DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks required of network administrators. And integration of DNS and DHCP in the same database instance provides unmatched consistency between service and management views of IP address-centric network services data. (50) Describe the importance of DNS to AD Ans:- When you install Active Directory on a server, you promote the server to the role of a domain controller for a specified domain. When completing this process, you are prompted to specify a DNS domain name for the Active Directory domain for which you are joining and promoting the server.If during this process, a DNS server authoritative for the domain that you specified either cannot be located on the network or does not support the DNS dynamic update protocol, you are prompted with the option to install a DNS server. This option is provided because a DNS server is required to locate this server or other domain controllers for members of an Active Directory domain