| MCSE Certification - Guide for Exam
70-298 |
| Designing Security
for a Microsoft Windows Server 2003 Network |
| |
| |
| Exam News |
| Exam 70-298 became available
December 9, 2003. |
| Audience Profile |
| |
The Microsoft Certified Systems Engineer
(MCSE) on Windows Server™ 2003 credential is intended for IT
professionals
who work in the typically complex computing environment of medium
to large companies. An MCSE candidate should
have at least one year of experience implementing and administering
a network operating system in environments
that have the following characteristics: |
- 250 to 5,000 or more users
- Three or more physical locations
- Three or more domain controllers
- Network services and resources such as messaging, database,
file and print, proxy server, firewall, public key infrastructure
(PKI), Internet, intranet, remote access, and client computer
management
- Connectivity requirements such as connecting branch
offices and individual users in remote locations to the
corporate network and connecting corporate networks to the
Internet
|
| |
| In addition, an MCSE candidate
should have at least one year of experience in the following
areas: |
- Designing a network infrastructure
- Implementing and administering a desktop operating
system
|
| Credit Toward Certification |
| When you pass the Implementing and Administering
Security in a Microsoft Windows Server 2003 Network exam, you
achieve Microsoft
Certified Professional (MCP) status. You also earn credit
toward the following certifications: |
|
| |
| Preparation Tools and Resources |
| We make a wealth of preparation
tools and resources available to you, including courses, books,
practice tests, and Microsoft Web sites. When you are ready
to prepare for this exam, heres where you should start. |
| |
| Instructor-led Courses for This
Exam |
| Course 2823: Implementing and Administering
Security in a Microsoft Windows Server 2003 Network |
| |
Skills Being Measured This certification
exam measures your ability to implement, manage, maintain, and
troubleshoot security in a Windows Server 2003 network infrastructure
and also plan and configure a Windows Server 2003 PKI. Before
taking the exam, you
should be proficient in the job skills listed in the following
matrix. The matrix shows which Official Microsoft Learning
Products may help you reach competency in the skills being tested
in the exam. |
| |
| Key to the matrix: |
 |
The course includes material
to prepare you for this task. |
 |
The course includes
some material to prepare you for this task. You will
need to supplement the course with additional work. |
 |
The course provides
a general introductory overview of this task. You will
need to supplement the course with additional work. |
|
| Skills measured by
exam 70-298 |
Course
2830 |
| Implementing,
Managing, and Troubleshooting Security Policies |
|
| Creating the Conceptual Design for
Network Infrastructure Security by Gathering and Analyzing
Business and Technical Requirements |
|
Analyze business requirements for
designing security. Considerations include existing policies
and procedures, sensitivity of data, cost, legal requirements,
end-user impact, interoperability, maintainability, scalability,
and risk.
- Analyze existing security policies and procedures.
- Analyze the organizational requirements for securing
data.
- Analyze the security requirements of different types
of data.
- Analyze risks to security within the current IT
administration structure and security practices.
|
|
Design a framework for designing
and implementing security. The framework should include
prevention, detection, isolation, and recovery.
- Predict threats to your network from internal and
external sources.
- Design a process for responding to incidents.
- Design segmented networks.
- Design a process for recovering services.
|
|
Analyze technical constraints when
designing security.
- Identify capabilities of the existing infrastructure.
- Identify technology limitations.
- Analyze interoperability constraints.
|
|
| Creating the Logical
Design for Network Infrastructure Security |
|
Design a public key infrastructure
(PKI) that uses Certificate Services.
- Design a certification authority (CA) hierarchy
implementation. Types include geographical, organizational,
and trusted.
- Design enrollment and distribution processes.
- Establish renewal, revocation and auditing processes.
- Design security for CA servers.
|
|
Design a logical authentication strategy.
- Design certificate distribution.
- Design forest and domain trust models.
- Design security that meets interoperability requirements.
- Establish account and password requirements for
security.
|
|
Design security for network management.
- Manage the risk of managing networks.
- Design the administration of servers by using common
administration tools. Tools include Microsoft Management
Console (MMC), Terminal Server, Remote Desktop for
Administration, Remote Assistance, and Telnet.
- Design security for Emergency Management Services.
|
|
Design a security update infrastructure.
- Design a Software Update Services
(SUS) infrastructure.
- Design Group Policy to deploy software updates.
- Design a strategy for identifying computers that
are not at the current patch level.
|
|
| Creating the Physical
Design for Network Infrastructure Security |
|
Design network infrastructure security.
- Specify the required protocols for a firewall configuration.
- Design IP filtering.
- Design an IPSec policy.
- Secure a DNS implementation.
- Design security for data transmission.
|
|
Design security for wireless networks.
- Design public and private wireless LANs.
- Design 802.1x authentication for wireless networks.
|
|
Design security for Internet Information
Services (IIS).
- Design security for Web sites that have different
technical requirements by enabling only the minimum
required services.
- Design a monitoring strategy for IIS.
- Design an IIS baseline that is based on business
requirements.
- Design a content management strategy for updating
an IIS server.
|
|
Design security for communication
between networks.
- Select protocols for VPN access.
- Design VPN connectivity.
- Design demand-dial routing between internal networks.
|
|
Design security for communication
with external organizations.
- Design an extranet infrastructure.
- Design a strategy for cross-certification of Certificate
Services.
|
|
Design security for servers that
have specific roles. Roles include domain controller,
network infrastructure server, file server, IIS server,
terminal server, and POP3 mail server.
- Define a baseline security template for all systems.
- Create a plan to modify baseline security templates
according to role.
|
|
| Designing an Access
Control Strategy for Data |
|
Design an access control strategy
for directory services.
- Create a delegation strategy.
- Analyze auditing requirements.
- Design the appropriate group strategy for accessing
resources.
- Design a permission structure for directory service
objects.
|
|
Design an access control strategy
for files and folders.
- Design a strategy for the encryption and decryption
of files and folders.
- Design a permission structure for files and folders.
- Design security for a backup and recovery strategy.
- Analyze auditing requirements.
|
|
Design an access control strategy
for the registry.
- Design a permission structure for registry objects.
- Analyze auditing requirements.
|
|
| Creating the Physical
Design for Client Infrastructure Security |
|
Design a client authentication strategy.
- Analyze authentication requirements.
- Establish account and password security requirements.
|
|
Design a security strategy for client
remote access.
- Design remote access policies.
- Design access to internal resources.
- Design an authentication provider and accounting
strategy for remote network access by using Internet
Authentication Service (IAS).
|
|
Design a strategy for securing client
computers. Considerations include desktop and portable
computers.
- Design a strategy for hardening client operating
systems.
- Design a strategy for restricting user access to
operating system features.
|
|
| |
|
|
