Poll: Professional IT/IS people, how would you interprete this ICS question?

[The_Tao_s_Revenge]

In case it isn’t obvious I fubared this question, and some others along similar lines. I wanna see if it’s the way I looked it at, or if it’s a case of “right answer, wrong answer, book answer”, or I was just plain wrong.

Just read the question, answer it how you feel is accurate, then open the spoiler to see if you’d like to join me in sharing an aneurysm.

*Which of the following sentences about Internet Connection Sharing is true?
(Choose all that apply.)

A. It provides a protective boundary between your network and the Internet.
B. It uses one connection to the Internet
C. It monitors all aspects of communications that cross it’s path.
D. It sets restrictions on what information enters a private network*

[spoiler]If you picked anything but B you just got a goose egg, zip, zero, nada por tu. I picked A, B, and D as ICS is a windows implementation of a NAT layer. Being a NAT it adds a layer of isolation between network computers and the internet (A), and unless explicit access for inbound connections is setup (port forwarding) it prevents any inbound connections to network machines (D).

However the book hasn’t yet covered NAT, if it does at all, and ICS so far has only had a paragraph description that amounted to “ICS can share your internet connection, and it’s part of windows”. Just using what the book says, in hindsight, B would be the only answer. [/spoiler]

The class is part of a college certification I’m getting, and it also seems to be a prep course for the MCDST (Microsoft Certified Desktop Support Technician) test. Is the actual MCDST tricky like that?

If so I’ll be back in a few minutes, need to get some alcohol to take up a drinking problem.

[Valgard]

I’m an IT professional and when I read that question I picked the right answer as the only answer.

[spoiler]For those MS certification tests you really need to be careful about how you answer them; they will often provide options (like A, C and D) that might be available given that you’re doing ICS, but ICS doesn’t explicitly do those things.

I don’t use ICS but if memory serves, ICS lets multiple machines share one internet connection. That’s all that it does. It does not provide any protection (although you could put all kinds of protection on the machine that shares the link out), it doesn’t monitor all aspects of the traffic over the link (although you could make the machine do that) and it doesn’t restrict what information goes over the link (although you could certainly set the machine up to act as a filter). Once ICS is in use you could slap all kinds of utilities on the machine and pretty much turn it into a firewall but that’s not the function that ICS performs.[/spoiler]

If it’s any consolation, I’ve taken a bunch of the MS certs and while some of the questions and scenarios have been tricky or obscure, I’ve never found something that I said “That’s just an unfair question”.

[The_Tao_s_Revenge]

Valgard, it’s good there’s a logic to it at least. I think I need to make a mental model of the way a successfully testing MS person would interpret the questions and use that to understand what they’re really asking. Thanks for you response, it’ll be useful for understanding better how to do that.

[spoiler]These spoilers and hidden text make discussing ICS seem like it’s so full of intrigue.

I don’t have any professional experience with ICS, but I have gobs of home experience. For many years all I could get was dialup and ICS, or IPTables on Linux, is about the only way to share a dialup connection on a network. Then upgraded to cellular EDGE, which was USB, and therefore also used ICS for network sharing. ICS just works as a network gateway, like IPTables on Linux (although IPTables can additionally be configured as a firewall IIRC).

In hindsight you’re right I probably should have thought about the questions along what the book discussed, and what ICS is aimed at. I’ll remember that for the future. However I also think anyone working with an ICS, or otherwise NATed, network gateway would need to know it has properties A, and D if they wanted to setup network servers in the NATed area, that’d be exposed to outside world.[/spoiler]

[Valgard]

The_Tao_s_Revenge:

Valgard, it’s good there’s a logic to it at least. I think I need to make a mental model of the way a successfully testing MS person would interpret the questions and use that to understand what they’re really asking. Thanks for you response, it’ll be useful for understanding better how to do that.

I would highly recommend a bunch of the various “exam cram” type books and flashcards, sample tests and whatnot. At first you may find questions that seem off the wall but you’ll see that there is a logic to them - it’s often a very firm, fixed line of reasoning that allows for very little deviation and that can be the gotcha.

Sure, when you turn on Service X you always enable Service Y and Service Z, shut off Protocol Q and the end result is that nobody in their right mind would attempt Action 4 under this setup because it’s totally cumbersome in the real world. However, and this is a big however, that does not mean that Service X enables Y and Z, disables Q and makes 4 impossible. If you were to get this question on an MS exam you’d have to know the difference between what X actually does from a technical standpoint and how one might commonly implement it.

[SlickRoenick]

I picked B since that is all i knew it did. It’s probably been 5 years since i last heard mention about ICS.

[The_Tao_s_Revenge]

Valgard:

I would highly recommend a bunch of the various “exam cram” type books and flashcards, sample tests and whatnot. At first you may find questions that seem off the wall but you’ll see that there is a logic to them - it’s often a very firm, fixed line of reasoning that allows for very little deviation and that can be the gotcha.

Sure, when you turn on Service X you always enable Service Y and Service Z, shut off Protocol Q and the end result is that nobody in their right mind would attempt Action 4 under this setup because it’s totally cumbersome in the real world. However, and this is a big however, that does not mean that Service X enables Y and Z, disables Q and makes 4 impossible. If you were to get this question on an MS exam you’d have to know the difference between what X actually does from a technical standpoint and how one might commonly implement it.

Okay I think I get the wisdom of this. You’re saying something should be only be counted to do what it’s intended to do, because unintended things could change. ICS uses a NAT do to technical limitations (internet IP address are precious these days), not by design. Therefor a version of ICS using networking technology without those limitations (say IPv6 with internet IP addresses actually more common then dirt) wouldn’t have that technical limitation and couldn’t be counted on to do A and D. Where as a dedicated firewall designed to do A and D could.

[LSLGuy]

SlickRoenick:

I picked B since that is all i knew it did. It’s probably been 5 years since i last heard mention about ICS.

Ditto.

[Digital_Stimulus]

I chose B only, based on what I remember from the last time I set up a Windows98 box.

[Quartz]

The one thing you need to remember is that they’re not after the ‘right’ answer, they’re after the Microsoft (or Cisco, or Novell, or whoever) answer.

[Projammer]

Also picked B.

It’s the only function that’s inherent to ICS. All others are optional.

A is enabled by default because it’s just really a good idea and there are only a few circumstances which justify it being disabled.

C & D are available, but have to be activated and configured before use. And C is usually better implemented through a 3rd party app.

(Note: It’s been a few years so the IMHO portions may be dated.)