The Wikipedia pages on Domain Controllers and NetBIOS are pretty good.  And to add onto the Domain Controllers subject, I'd add Active Directory and the various roles to that.  Actually, the Wikipedia page on exploits is pretty good, too   As for exploiting vulnerabilities in a lab, I found it easy (as an introduction) to setup an OS that was unpatched and vulnerable, then used Metasploit to exploit it.  This really was my intro into it and honestly wasn't that long ago.  I'm following along with the Metasploit videos over at grmn00bs.com.  That gave me the hands-on experience with actually exploiting a vulnerability.

As for a domain vs a subnet, they are different.  A domain is a grouping of various network resources (users, computers, printers, servers, etc).  A domain will apply specific policies for these resources depending on how its configured by the administrators.  A subnet refers to IP addresses and how they're used in conjunction with subnet masks to form network segments.  (ie the IP address 192.168.1.1 with a default subnet mask of 255.255.255.0 means that the IP address is the 192.168.1.1 to 192.168.1.254 subnet).

I hope that makes sense.  Let me know if something needs more clarification and I'll do my best.  Or maybe somebody else has some good analogies to remember this stuff.  I've never been good with analogies haha.

Microsoft's TechNet has some more good information regarding Domain Controllers and Active Directory.

The funny look may have been part of the interview - seeing if you were sure about your answer or if you'd backtrack haha