Thanks for all the kind words guys, most appreciated!
If it helps I’ll list what materials and lab work I did rather than commenting too much on the exam.
Books and Resources:
MS Press 70-291 – Mackin\Mclean
The TCP/IP guide – Charles M. Kozierok
Cram Session 70-291 (pdf)
WSUS
http://www.microsoft.com/downloads/d...displaylang=en
Technet- to obtain more details on the command line features covered in the 70-291
Lab
2 domain controllers, one client, one JetDirect box and a Netgear firewall.
Going over the MS-Press book the following areas are covered DNS, DHCP, RRAS, TCP/IP, IPSec polices, Security Polices and maintaining\monitoring a network (WSUS).
DNS:
Set up server 1 to as a domain controller and also setup server 2 as a domain controller to get a better idea of how zone transfers work. I also configured other primary zones on server one and configured server 2 to host the secondary zones. I also set up IIS to host internal websites and therefore needed to configure A records for this to resolve on the client PC.
DHCP:
Configured a scope across both domain controllers and tested by switching off server 1 and made sure a lease would be issued from server 2. This also showed that server 2 could authenticate users and the DNS replication was working ok. I also configured the scope to point at server 1 and server 2 for DNS. I also configured a reservation for the Jet Direct box by using its MAC address.
RRAS:
I’ve used this in work a few times but I tested VPN polices and also using a Radius server (server 2) to authenticate clients from the RAS server (server 1).
TCP/IP:
Not too much lab work for this but spent loads of time trying to get my head around subnetting.
IPSec:
Locked down port 80 inbound on server 1 (where IIS is hosted) and tested access from the client PC. I then pushed out a Respond only policy (via group policy) so a secure connection could be established. Patched in my laptop (not on the domain) and without the IPSec policy the website could not be accessed.
Security Polices:
Copied one of the default policies and made some basic changes and then imported them into each server. Tested by analysing the server (in the db) and then applying the new settings. I then imported the template again and checked the server to make sure the template had been imported correctly (no red X against any of the values)
Monitoring and Maintaining:
Configured services to restart automatically etc and also used network monitor to check what traffic was travelling between the two servers.
WSUS. Installed WSUS on server one and synced it with Windows update, also setup server 2 (in replica mode) as another WSUS server. Pushed updates to the client PC to get a better idea of the reporting aspects of WSUS and also how updates can be managed.
Anyways as I’m sure most people will know that there is a big jump from 70-290 to 70-291. My mistake was underestimating how many WSUS questions were in the exam first time round.
Best of luck for anyone taking the exam!
