Microsoft Exam 70-298

Microsoft Exam 70-298: Designing Security for a Windows Server 2003 Network

Microsoft exam 70-298 based on concepts related to security.. That included local physical, remote. Network security of resources & their access..

• Credits for this certification:

When you pass Microsoft exam 70-298 you became Microsoft Certified Professional (MCP)

Microsoft exam 70-298 is also one of the exams requiring achieve following group certifications

Certificate MCSE on win server 2003... = core exam

Certificate MCSE Security on win server 2003... = core exam

• Program of study for Microsoft exam 70-298

You will need to acquire a solid understanding of Windows 2003 Security concepts... & some business concepts that will allow you to configure security to enhance your company’s business objectives. & importantly need to focus on various components of Windows 2000 security, like the different types of protocols and their implementations.

• Analyze business requirements for designing security.

Study about:

existing security policies and procedures

requirements for securing data, sensitivity of data

flaws in current administration structure and security practices

cost & risks in implementing new strategies

• Design a framework for designing and implementing security

Study about:

detection of threats to your network from internal and external sources

segmented networks

process for recovering services

• Technical constraints for security

Study about:

capabilities of the existing infrastructure

technology availability

Analyze interoperability constraints

• Network Infrastructure Security

Study about:

public key infrastructure (PKI)

certification authority (CA) hierarchy implementation

enrollment and distribution processes

security for CA servers

• logical authentication strategy

study about:

certificate distribution

forest and domain trust models

account and password requirements for security

• security for network management

study about:

risk of managing networks

Microsoft Management Console (MMC)

Terminal Server

Remote Desktop for Administration

Remote Assistance

Telnet

Emergency Management Services

• Security update infrastructure

Study about:

Software Update Services (SUS)

Deploy software updates by Group Policies

Strategy for identifying computers those are not at the current patch level

• Physical Design for Network Infrastructure Security

Study about:

IP filtering

IPSec policy

DNS implementation

Security for data transmission

• security for wireless networks

study about:

public and private wireless LANs

802.1x authentication for wireless networks

• authentication for Internet Information Services (IIS)

study about:

user authentication for a Web site by using IIS authentication

RADIUS for IIS authentication

strategy for IIS

strategy for updating an IIS server

• security for communication between networks

study about:

protocols for VPN access

VPN connectivity

demand-dial routing between internal networks

• communication with external organizations

study about:

extranet infrastructure

cross-certification of Certificate Services

• Assigning server roles

study about:

domain controller

network infrastructure server

file server

IIS server

terminal server

POP3 mail server

security template for systems

• access control for directory services

study about:

auditing

group permission to resources

permission structure for directory service objects

• security for files & folders

study about:

encryption and decryption of files and folders

permission for files and folders

backup and recovery of files and folders

• permission for registry objects

• client authentication strategy

study about:

account and password of clients

remote access policies

access to internal resources

authentication by using Internet Authentication Service (IAS) for remote users

• securing client computers

study about:

desktop and portable computers

hardening client operating systems

restricting user access to operating system features

these all point must be covered before giving Microsoft exam 70-298

Microsoft warns that preparation guide can be change at any time without any notice... well they change exam structure suddenly... so prepare for all concepts that related to security of win 2003 server & you don’t have to worry about Microsoft exam 70-298.

Microsoft Exam 70-297

Microsoft Exam 70-297:Designing a Windows Server 2003 Active Directory and Network Infrastructure

As title suggest Microsoft exam 70-297 based on Active Directory & network infrastructure of win server 2003. Study includes learning from creating logical design for active directory & network services infrastructure to plan physical deign for active directory & network infrastructure.

• Credits for this certification:

When you pass Microsoft exam 70-297 you became Microsoft Certified Professional (MCP)

Microsoft exam 70-297 is also one of the exams which require achieving following group certifications:

Certificate MCSE on Windows Server 2003 certification... = core exam

• Program of study for Microsoft exam 70-297

Microsoft exam 70-297 is regarding to planning... n planning what active directory.. n network infrastructure...

So you must aware of all terms about active directory.. Like OUs Policies etc...

& about network infrastructure... like.. start from DNS DHCP... to IP Addressing, TCP/IP etc...

• Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Hardware and software requirements

Interoperability requirements

Current level of service within an existing technical environment

Current network administration model

Network requirements

Current DNS infrastructure

Analyze the current namespace

Existing domain model

Number and location of domain controllers on the network

Configuration details of all servers on the network. Server types might include primary domain controllers, backup domain controllers, file servers, print servers, and Web servers.

Analyze current security policies, standards, and procedures

Active Directory on the current security infrastructure

Existing trust relationships

Design the envisioned administration model

Create the conceptual design of the Active Directory forest structure

Create the conceptual design of the Active Directory domain structure

Design the Active Directory replication strategy

Create the conceptual design of the organizational unit (OU) structure

Create the conceptual design of the DNS infrastructure

Create the conceptual design of the WINS infrastructure

Create the conceptual design of the DHCP infrastructure

Create the conceptual design of the remote access infrastructure

Constraints in the current network infrastructure

Interpret current baseline performance requirements for each major subsystem.

• Creating the Logical Design for an Active Directory Infrastructure

Identify the Group Policy requirements for the OU structure

Design an OU structure for the purpose of delegating authority

Design a security group strategy

Define the scope of a security group to meet requirements

Define resource access requirements

Define administrative access requirements

Define user roles

Common authentication requirements

Select authentication mechanisms

Optimize authentication by using shortcut trust relationships

Specify account policy requirements

Specify account requirements for users

Computers, administrators, and services

Design an Active Directory naming strategy

Internet domain name registration requirements

Use of hierarchical namespace within Active Directory

NetBIOS naming requirements

Design migration paths to Active Directory

Define whether the migration will include an in-place upgrade, domain restructuring, or migration to a new Active Directory environment

Strategy for Group Policy implementation

Administration of Group Policy objects (GPOs)

Deployment strategy of GPOs

Strategy for configuring the user environment with Group Policy

Strategy for configuring the computer environment with Group Policy

Design sites

Site links

• Creating the Logical Design for a Network Services Infrastructure

DNS name resolution strategy

Create the namespace design

DNS interoperability with Active Directory, WINS, and DHCP

Zone requirements

DNS security

A DNS strategy for interoperability with UNIX Berkeley Internet Name Domain (BIND) to support Active Directory

Design a NetBIOS name resolution strategy

Design a WINS replication strategy

Security for remote access users

Security host requirements

Authentication and accounting provider

Remote access policies

Specify logging and auditing settings

DNS service implementation

Strategy for DNS zone storage

Use of DNS server options

Registration requirements of specific DNS records

Design a remote access strategy

Specify the remote access method

Specify the authentication method for remote access

Design an IP address assignment strategy

Specify DHCP integration with DNS infrastructure

Specify DHCP interoperability with client types

• Creating the Physical Design for an Active Directory and Network Infrastructure

DNS service placement

An Active Directory implementation plan

Placement of domain controllers and global catalog servers

Placement of flexible operations master roles

Domain controller creation process

Specify the server specifications to meet system requirements

Internet connectivity for a company

Network and routing topology for a company

TCP/IP addressing scheme through the use of IP subnets

The placement of routers

IP address assignment by using DHCP

Design a perimeter network

Design the remote access infrastructure

Plan capacity

Ascertain network settings required to access resources

Design for availability, redundancy, and survivability

Before taking Microsoft exam 70-297 ensure that you have gone through all topics mention above.

Microsoft Exam 70-293

Microsoft Exam 70-293:
Planning and Maintaining a Windows Server 2003 Network Infrastructure

Microsoft Exam 70-293 is related to designing a network infrastructure of Win server 2003 with other network devices & software.

• Credits for this certification:

When you pass Microsoft exam 70-293 you became Microsoft Certified Professional (MCP)

Microsoft exam 70-293 is also one of the exams which require achieving following group certifications:

Certificate MCSE on Windows Server 2003 certification... = core exam

Certificate MCDBA on Microsoft SQL Server 2000 certification... = elective exam

• Program of study for Microsoft exam 70-293

This certification study includes planning and maintaining various services & protocols featured by a Windows Server 2003 in its network infrastructure.

• Planning and Implementing Server Roles and Server Security

Study about:

Configure security for servers

Assign specific roles to servers

Secure baseline installation

Enforce system default security settings on new systems

Default security settings for Identify client operating system

Default security settings for Identify all server operating system

• Assign specific roles to servers.

Study about:

Domain controllers

Web servers

Database servers

Mail servers

• Deploy the security configuration for servers that are assigned specific roles.

Study about:

Security templates based on server roles

Evaluate and select the operating system to install on computers in an enterprise

Identify the minimum configuration to satisfy security requirements

• Planning, Implementing, and Maintaining a Network Infrastructure:

Study about:

TCP/IP network infrastructure strategy

IP addressing requirements

IP routing solution

IP subnet scheme

• Plan and modify a network topology:

Study about:

Physical placement of network resources

Network protocols required

Internet connectivity strategy

• Plan network traffic monitoring

Study about:

Network Monitor

System Monitor

• Connectivity to the Internet

Study about:

Network Address Translation (NAT)

Name resolution cache information

Internet client configuration

Troubleshoot TCP/IP addressing

DHCP server address assignment

Host name resolution strategy

DNS namespace design

Zone replication requirements

DNS forwarding configuration

DNS security

• Interoperability of DNS with third-party DNS solutions:

Study about:

NetBIOS name resolution strategy

WINS replication strategy

NetBIOS name resolution by using the Lmhosts file

Host name resolution

Client computer configuration

• Planning, Implementing, and Maintaining Routing and Remote Access

Study about:

Plan a routing strategy

Routing protocols for specified environment

Routing for IP multicast traffic

Security for remote access users

Remote access policies

Protocol security

Authentication methods for remote access clients

• Implement secure access between private networks

Study about:

IPSec policy

Troubleshoot TCP/IP routing

Commands: route, tracert, ping, pathping, and netsh

Network Monitor

• Planning, Implementing, and Maintaining Server Availability

Study about:

Services for high availability

Clustering services

Network Load Balancing

System bottlenecks

Memory, processor, disk, and network related bottlenecks

• Implement a cluster server:

Study about:

Recover from cluster node failure

Network Load Balancing Tools:

Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in

WLBS cluster control utility

• Plan a backup and recovery strategy

Study about:

Backup types

Back up Methods: full, incremental, and differential

Volume shadow copy

Automated System Recovery (ASR) planning

• Planning and Maintaining Network Security

Study about:

Network protocol security

Protocol security in a heterogeneous client computer environment

Configure protocol security by using IPSec policies

Configure security for data transmission:

IPSec policy settings

Plan for network protocol security:

Ports and protocols for specified services

IPSec policy for secure network communications

Secure network administration methods

Remote Assistance to client computers

Remote administration by using Terminal Services

Security for wireless networks

Security for data transmission

Secure data transmission between client computers

Secure data transmission by using IPSec

IP Security Monitor MMC snap-in

Resultant Set of Policy (RSoP) MMC snap-in

• Planning, Implementing, and Maintaining Security Infrastructure

Study about:

Active Directory service for certificate publication

Public key infrastructure (PKI)

Certificate authority to support certificate issuance requirements

Enrollment and distribution of certificates

Smart card authentication

• Plan a framework for planning and implementing security:

Study about:

Security monitoring

Management framework for security

Security update infrastructure

Microsoft Baseline Security Analyzer and Microsoft Software Update Services

Microsoft Exam 70-293

Microsoft Exam 70-291

Microsoft Exam 70-291:
Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure

This exam related to networking factors regarding to win server 2003 platform.

• Credits for this certification

When you pass Microsoft exam 70-291 you became Microsoft Certified Professional (MCP)

Microsoft exam 70-291 is also one of the exams which require to achieve following group certifications:

MCSA on Windows Server 2003 certification... = core exam

MCSE on Windows Server 2003 certification... = core exam

MCDBA on Microsoft SQL Server 2000 certification... = core exam

• Program of study for Microsoft exam 70-291

This certification study includes implement, manage, and maintain a Windows Server 2003 network infrastructure.

• Implementing, Managing, and Maintaining IP Addressing

Study about:

TCP/IP addressing

DHCP

DHCP clients and leases

DHCP Relay Agent

DHCP databases

DHCP scope

• Manage reservations and reserved clients.

Study about:

Troubleshoot TCP/IP addressing.

Automatic Private IP Addressing (APIPA)

TCP/IP configuration

Troubleshoot DHCP

DHCP authorization

DHCP reservation configuration

System event log & DHCP server audit log files

Configuration of DHCP server and scope options

DHCP Relay Agent

Database integrity

• Implementing, Managing, and Maintaining Name Resolution

Study about:

DNS Server service

DNS server options

DNS zone

DNS forwarding

DNS record settings

Manage DNS.

• Tools for monitoring DNS

Study about:

System Monitor

Event Viewer

Replication Monitor

DNS debug logs

• Implementing, Managing, and Maintaining Network Security

Study about:

Secure network administration procedures

Security baseline settings

Audit security settings

Security templates

Principle of least privilege

• Install and configure software update infrastructure.

Study about:

Software update services

Automatic client update

Software updates on earlier operating systems

• Monitor network protocol security.

Study about:

IP Security Monitor Microsoft Management Console (MMC) snap-in

Kerberos support tools

Troubleshoot network protocol security

Network Monitor

• Implementing, Managing, and Maintaining Routing and Remote Access

Study about:

Routing and Remote Access user authentication

Remote access authentication protocols

Configure Internet Authentication Service (IAS) to provide authentication for Routing and Remote Access clients.

Routing and Remote Access policies

• Remote access management:

Study about:

Packet filters

Routing and Remote Access routing interfaces

Devices and ports

Routing and Remote Access clients

• Routing protocols

Study about:

TCP/IP routing

Routing tables

Routing ports

• Secure access between private networks

Study about:

Troubleshoot user access to remote access services

Remote access VPNs

Remote access connection

User access to resources beyond the remote access server

Troubleshoot Routing and Remote Access routing

Demand-dial routing

Router-to-router VPNs

• Maintaining a Network Infrastructure

Study about:

Network traffic

Network Monitor

System Monitor

Connectivity to the Internet

Server services

Service dependency

Service recovery options