|
|
 |
|
Introduction to the Microsoft 70-214 Exam
|
 |
By Jason Zandri
Welcome to this introductory article on the new Implementing and Administering Security in a Microsoft Windows
2000 Network Exam 70-214.
Microsoft, as part of their Secure
Computing initiative which goes beyond revamping the way they write code, has
released to beta their newest certification exam centered directly on Security.
The 70-214 beta exam was recently
available (October 10-17, 2002, while it was in beta it was referred to as
71-214) and is due to go live in January 2003.
[NOTES FROM THE FIELD] -
Once the exam goes live you can
register for it by going to the Prometric or VUE websites or by telephoning
them:
Prometric: (800) 755-EXAM
(800-755-3926). For more information on how to register for Your MCP Exam with
Prometric you can take a look at their link
on the Microsoft Website.
VUE:
800 TEST Registration (800-837-8734). For more information on how to register
for Your MCP Exam with VUE you can take a look at their link on the
Microsoft Website.
The new 70-214 Exam from Microsoft is geared towards administrators who work in
medium to very large computing environments that use Windows 2000 domains in an
Active Directory forest. Client operating systems in these environments usually
include Windows NT Workstation 4.0 at a minimum, and normally include Windows
2000 Professional and Windows XP Professional clients.
Candidates should have at least a minimum of one year's experience in
implementing and administering security and network infrastructures in
environments that support from 200 to more than 26,000 users in different
locations and sites, encompassing LAN, WAN, and wireless network
infrastructures. Microsoft is also recommending that individuals that wish to
attempt this certification should take a look at the Six Steps to
Certification guide to get started, especially if they have not taken a
Microsoft exam or have not taken one in the past year.
[NOTES FROM THE FIELD] -
The Six Steps to
Certification guide describes the six-step approach to planning and
preparing for an MCP exam.
Some of the typical network services
and applications in these environments would normally include some or all of
the following; file and print, database, messaging, proxy server and firewall,
public key infrastructure, remote access, desktop management, and Web hosting.
The exam measures your ability to implement and administer security and network
infrastructures in a Windows 2000 Active Directory environment.
When you pass the 70-214
Implementing and Administering Security in a Microsoft Windows 2000 Network
exam, you achieve Microsoft
Certified Professional (MCP) status and earn credit toward the following
certifications:
Elective credit toward Microsoft
Certified Systems Administrator (MCSA) on Microsoft Windows 2000 certification
Elective credit toward Microsoft Certified Systems
Engineer (MCSE) on Microsoft Windows 2000 certification
[NOTES FROM THE FIELD] -
There has been some speculation that
Microsoft might create a secondary certification credential such as
MCSE+Security as they did back in NT4 with MCP+Internet and MCSE+Internet.
At this time this is still just speculation, but anything is possible and with Microsoft's current security
drive it wouldn't surprise me if they did end up doing this.
Microsoft is also recommending that
individuals that wish to attempt this certification should consider taking a
class at a Microsoft
Certified Technical Education Centers (CTECs), which are full-service
technical training companies qualified by Microsoft to deliver high-quality
training such as the Microsoft
Official Curriculum (MOC) courses designed by Microsoft product groups.
[NOTES FROM THE FIELD] -
The Microsoft
Certified Technical Education Centers (CTECs), may also deliver additional
or alternate training which may include portions of the Microsoft Official
Curriculum (MOC) courses or an entire different design of training
material. Depending on the education center this can vary the material by
adding to it in a very positive way. It can also detract greatly from the
learning process at hand.
Whenever possible you should try to
stick to centers that are going to be delivering certified training material,
or are accredited in some way.
While no training program is
complete and none should make you the promise of passing an exam, as they are
designed with teaching the material at hand, you should always stick as close
to Microsoft
Official Curriculum (MOC) courses as you can.
The Microsoft Official
Curriculum (MOC) courses designed by Microsoft to assist you in preparing
for this exam are as follows:
- Course 2150:
Designing a Secure Microsoft Windows 2000 Network
- Course 2153:
Implementing a Microsoft Windows 2000 Network Infrastructure
- Course 2800:
Microsoft Security Clinic
There are also self-paced study
guides and test-readiness solutions for Microsoft Certified Professional exams
from accredited vendors such as Microsoft Press and Sybex books, as well as practice test software
included in the texts as well as from third party testing developers such as BOSON Software as well as
the Microsoft Certified Practice Test Providers (PTPs) MeasureUp and Self Test
Software.
The skills measured by exam 70-214
include the following:
Configure security templates.
- Configure registry and file system permissions.
- Configure account policies.
- Configure audit policies.
- Configure user rights assignment.
- Configure security options.
- Configure system services.
- Configure restricted groups.
- Configure event logs.
|
| Deploy security templates. Deployment methods include using Group Policy and scripting.
|
| Troubleshoot security template problems. Considerations include Group Policy, upgraded operating systems, and mixed client-computer operating systems.
|
| Configure additional security based on computer roles. Computer roles include Microsoft SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Access Service (IAS) server, Internet Information Services (IIS) server, and mobile client computer.
|
| Configure additional security for client-computer operating systems by using Group Policy.
|
| Determine the current status of service packs and security updates. Tools include MBSA and HFNetChk.
|
Install service packs and security updates. Consideration include slipstreaming and using Remote Installation Services (RIS), custom scripts, and isolated networks.
- Install service packs and security updates on new client computers and servers. Considerations include slipstreaming and using RIS, custom scripts, and isolated networks.
|
Manage service packs and security updates. Considerations include server computers and remote client computers. Tools include Microsoft Software Update Service, Automatic Updates, and SMS.
|
| Troubleshoot the deployment of service packs and security updates. Typical issues include third-party application compatibility, permissions, and version conflicts.
|
Configure IPSec to secure communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers.
- Configure IPSec authentication.
- Configure appropriate encryption levels.
- Configure the appropriate IPSec protocol. Protocols include AH and ESP.
- Deploy and manage IPSec certificates. Considerations include renewing certificates.
|
| Troubleshoot IPSec. Typical issues include IPSec rule configurations, firewall configurations, routers, and authentication.
|
Implement security for wireless networks.
- Configure public and private wireless LANs.
- Configure wireless encryption levels. Levels include WEP and 802.1x.
- Configure wireless network connection settings on client computers. Client-computer operating systems include Windows 2000 Professional, Windows XP Professional, and Windows CE 3.0.
|
| Configure Server Message Block (SMB) signing to support packet authentication and integrity.
|
Deploy and manage SSL certificates. Considerations include renewing certificates and obtaining self-issued certificates versus public-issued certificates.
- Obtain public and private certificates.
- Install certificates for SSL.
- Renew certificates.
|
| Configure SSL to secure communication channels. Communication channels include client computer to Web server, Web server to SQL Server computer, client computer to Active Directory domain controller, and e-mail server to client computer.
|
Configure and troubleshoot authentication.
- Configure authentication protocols to support mixed Windows client-computer environments.
- Configure the interoperability of Kerberos authentication with UNIX computers.
- Configure authentication for extranet scenarios.
- Configure trust relationships.
- Configure authentication for members of non-trusted domain authentication.
|
| Configure and troubleshoot authentication for Web users. Authentication types include Basic, Integrated Windows, anonymous, digest, and client certificate mapping.
|
Configure authentication for secure remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and Multi-factor authentication with smart cards and EAP.
|
| Configure and troubleshoot virtual private network (VPN) protocols. Considerations include Internet service provider (ISP), client-computer operating system, Network Address Translation (NAT) devices, Routing and Remote Access server, and firewall server.
|
| Manage client-computer configuration for remote access security. Tools include remote access policy and Connection Manager Administration Kit.
|
Install and configure Certificate Authority (CA) hierarchies. Considerations include enterprise, standalone, and third-party.
- Install and configure the root, intermediate, and issuing CA. Considerations include renewals and hierarchy.
- Configure certificate templates. Considerations include LDAP queries, HTTP queries, and third-party CAs.
- Configure the publication of Certificate Revocation Lists (CRLs).
- Configure public key Group Policy.
- Configure certificate renewal and enrollment.
- Deploy certificates to users, computers, and CAs.
|
Manage Certificate Authorities (CAs). Considerations include enterprise, stand-alone, and third-party.
- Enroll and renew certificates.
- Revoke certificates.
- Manage and troubleshoot Certificate Revocation Lists (CRLs). Considerations include publishing the CRL.
- Back up and restore the CA.
|
Manage client-computer and server certificates. Considerations include SMIME, EFS, exporting, and storage.
- Publish certificates through Active Directory.
- Issue certificates using MMC, Web enrollment, programmatic, or auto enrollment using Windows XP.
- Recover KMS-issued keys.
|
| Manage and troubleshoot EFS. Considerations include domain members, workgroup members, and client-computer operating systems.
|
Configure and manage auditing. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Network Monitor Log, and RAS log files.
- Manage audit log retention.
- Manage distributed audit logs by using EventComb.
|
| Analyze security events. Considerations include reviewing logs and events.
|
Respond to security incidents. Incidents include hackers, viruses, denial-of-service (DoS) attacks, natural disasters, and maintaining chains of evidence.
- Isolate and contain the incident. Considerations include preserving the chain of evidence.
- Implement counter measures.
- Restore services.
|
Best of luck in your studies and
please feel free to contact me with any questions on my articles and remember,
“Weak passwords trump strong security.”
Jason Zandri
|
|
|
|
 |
|
 CareerAcademy
Certification training videos with private instructors. Topics
cover Microsoft MCSE, CompTIA, CISSP & Cisco exams. Courses also come with official practice exams with 7x24 mentors.
more products...
Netwind Learning
Free Demo. Certification Training for A+, MCSE, MCTS Microsoft.NET, Cisco CCNA, CCNP, CCVP, CCSP, Java, Oracle, Linux, PMP and 100's of other courses.
more products...
EDULEARN
Certification Training on CD-ROMs & Videos: Microsoft MCSE Training, A+ Certification, Windows 2003, & Free demos. MCSE certification training includes videos and labs.
more products...
Training Planet
Nationwide Computer Training Boot Camp Classes and also CD based training courses A+ Certification, Cisco Training, MCSE, CISSP, Autocad, Office, PMP, SOX, PC Diagnostics
more products...
|
|
