ISA Server exam 70-227 typical type questions and examples. Tutorial B of Exam 70-227.
This is not a brain dump and you will not find these exact questions in the exam. The questions here are similar type questions and have content and the information similar to what you have to learn in order to pass the question. I have done this to protect the integrity of the exam and those who have worked hard to pass the exam. However if you read the tutorials carefully you will pass the exam but you would have learnt the relevant information to do your job in the real world also. When I say ‘learn to do this’ the required information can be found within ISA server itself, in other Authors tutorials at www.isaserver.org and in this tutorial. Read carefully.
It is Important to note that the exam has a lot of emphasis on the way multiple ISA servers interact with each other and how they function as a group. Learn how the caching works in an array and what must be done so that you don’t have multiple instances of the same object being cached on all of the caching ISA servers in your array. There are quite a few questions to this regard and the questions are at times not clear about what they are asking so it is important that you know this process well.
It is also important to know how to use the browser locally on the ISA server itself and how it interacts with the caching mechanisms of ISA learn both of the ways that you can use your browser both when you would like to use the browser to cache on the ISA server and also when you would like to browse on the ISA server and not use the caching. I find this type of question quite appropriate as there are instances in the real world when this type of action is needed and not many people use it because they don’t know what to do, but if you have to study it for your exam then it will be quite useful to you when you apply this technique in the real world.
I found the exam to have about 5 contradictory questions. I marked these questions and then after the exam I wrote a letter to the vendor telling them how I thought what the right answers should be and why I put down what I did. To uphold the integrity of the exam I will not mention those questions here, even if I did we would most probably get them wrong anyway because I know that they have some catch or twisted meaning that only the examiner can understand.
But that’s only 5 questions of 55 so don’t worry if you know your work you will defiantly score over 90%.
I found the scenario questions to be quite amusing at times as you could clearly see that the examiner had really thought about how to ask the question in a tricky way. Be very careful when answering questions with time schedules involved make sure that you look to see when people are allowed to use the internet if its during working hours and if this complies to what the question is asking. I looked at some questions and I saw that the people were allowed to use the internet at all hours and the question specifically stated only during working hours. This defiantly happens in the real world and I commend the examiner on this type of question excellent job. (I was warned by a colleague and even after the warning I missed it but luckily on the second time round of reading the question I saw the fault) Read your questions carefully.
I saw quite a few questions on LAT. Remember that on a LAT only Local addresses should be in it. Note that a DMZ should not be in your LAT.
Application filters are also important. Make sure that the application filter that the question is asking about is enabled.
SMTP filters are also asked about, learn what you need to do if you keep getting mail from a specific domain and you do not want your users to receive mail from this domain. This is a good question as there is a real world need for this when you are the administrator of the domain. I can give you an example. Sometimes a user has been to an unsolicited web site that the user should have not visited, and the user also gave his/her e-mail address out to this website. Now the user is receiving e-mail from this website and the user wants it to stop. When asking him where the website people got his e-mail address from the user profusely denies ever visiting Ihavebeenverynaughty.com, when looking at the logs you can see that the user was on the site the whole day J Now you need to make ISA reject mail from that domain learn how to do this as there are questions in the exam pertaining to this.
Installing ISA server as part of an array and what the benefits are is one of the things they asks you a lot about in the exam. Learn why you would do this and how you would do this and also the benefits of installing ISA in its own array if it is at a branch office and making the server send all of its outbound requests to the ISA server at the HQ and also how the caching works in this scenario. There are a few questions on this learn this part well. If you are an enterprise administrator in the real world then this knowledge is invaluable so I feel that asking questions on this is a very appropriate thing to do.
Upgrading a proxy 2.0 server to ISA server I also something they ask about and also again I know that in the real world it is a relevant thing to know this as it is widely done in the industry. Know how to backup a proxy 2.0 server and also know that you need to remove it from the array before upgrading the operating system to windows 2000 so that you can install ISA over the proxy installation. In most Microsoft exams the examiner always asks an upgrade or migration question, this is because somewhere along the line you will have to do it and if you study this it really does make your life so much easier and less frustrating.
Outbound and inbound. Understand when publishing a server the rule will be inbound because traffic from the internet will be traveling into your network and that means Inbound. Also note that when a you publish a server ISA treats that server as a secure Nat Client and that you do not need any files residing on your machine for firewall clients or proxy clients. Secure Nat means that you have to point the default gateway of your published machine to the internal NIC (network interface card) of your ISA server.
Read the questions properly as when they present the multiple choice questions to you will see that they give you two questions that look exactly the same but the direction of the traffic is swapped out, I.E. outbound/inbound.
ISA Server hosting roles. Know when to use web publishing rules and also when to use server publishing rules this makes a big difference when answering a question pertaining to this as you can quickly rule out the ones that have the wrong roles. Remember that a Web Publishing rule is used when publishing IIS based machines that are hosting websites, FTP or web related protocols. Server publishing rules are used when you are publishing Application servers like Microsoft Exchange, SQL etc. This quick method I have just described gives you the edge on hosting role type of questions and because you can tell the difference you can answer the questions correctly.
H.323 Gatekeeper there are questions on this also remember whenever net meeting or video conferencing is mentioned it has something to do with the H.323 standard. Also know that you need to manually add a DNS service location record for the Q931 service on TCP port 1720. If you forget this you will have trouble when people outside your organization try to access people inside your organization.
Proxy Error 502 Is Returned by ISA Server under Heavy Stress (Q294722) or there is a software error or if no protocol rule has been configured yet. This error has also been known to occur when there is an error when bridging and chaining in a specific type of configuration. For more Info search the Microsoft.com website for Q294722.
Routing there are quite a few routing questions learn what routing does and how it affects ISA servers in arrays.
Do caching after work hours: In order not to affect bandwidth during working hours do active caching after hours.
VPN wizards learn how and where to use these as they are asked in the exam. Learn how to operate them remotely and the details about this type of function.
Configure the client computer's Web browser to use ISA Server as an HTTP proxy. Learn this well know that if you want ISA to use caching when browsing on the ISA machine you must first set the proxy settings in Microsoft Internet explorer to the internal address of the ISA’s NIC (network interface card). If you don’t want to use caching on ISA you must create a dynamic local port ad a static remote port 80.
Trusts: If you cannot use trusts between branch offices then you need to enable your ISA servers to be able to authenticate with each other for the requests to be passed to the bridgehead (the ISA server directly connected to the internet) ISA server.
Firewall clients: Know that firewall clients can only be installed on windows machines (not windows 3.11) and that Firewall clients are a good way of limiting and controlling groups of users. So if a question says that only a specific group of users can access a specific resource expect to use a firewall client to do this.
Caching repeats and routing rules: If you find that repeat requests are being cached at branch offices make sure that you remove the backup connection from the routing rules at your branch offices and that responses from your upstream ISA server are cached.
Policy rules: to have the same policy rules across all of your branch offices you need to do the following, Run the ISA enterprise initialization tool then promote each stand-alone ISA Server at the branch offices to a separate array and then you need to apply an Internet access enterprise policy to all ISA Server computers.
Summary: This concludes tutorial B. I have covered a lot that you need to know for the exam but that’s not all there is more to come. I have more questions to add and will add them in the upcoming tutorial C.