Get free 70-214, MCSE Training, cheatsheats, braindumps, cheatsheat
70-214

Microsoft Certified System Engineer
 
70-214 Braindumps

Preparation Guide for Exam 70-214

Implementing and Administering Security in a Microsoft Windows 2000 Network

Click here to access Exam 70-214 Practice Tests

 
Content Updated: February 20, 2003

This preparation guide includes information about:

Exam News

Exam 70-214 became available January 15, 2003.

To top of page

Audience Profile

Candidates for this exam operate in medium to very large computing environments that use Windows 2000 and Active Directory®. Operating systems on client computers might include Windows NT® Workstation 4.0, Windows 2000 Professional, and Windows XP Professional.

Candidates have a minimum of one year's experience in implementing and administering security and network infrastructures in environments that have the following characteristics:

  • Supported users range from 200 to more than 26,000.
  • Physical locations range from five to more than 150.
  • Infrastructures include LAN, WAN, and wireless networks.
  • Typical network services and applications include file and print, database, messaging, proxy server and firewall, public key infrastructure, remote access, desktop management, and Web hosting.
  • Connectivity scenarios include connecting individual offices and users at remote locations to the corporate network and connecting corporate networks to other networks and the Internet.

To top of page

Skills Being Measured

This certification exam measures your ability to implement and administer security and network infrastructures that use Windows 2000 and Active Directory. Before taking the exam, you should be proficient in the job skills listed in the following matrix. The matrix shows which Official Microsoft Learning Products may help you reach competency in the skills being tested in the exam.

Skills measured by exam 70-214
Implementing, Managing, and Troubleshooting Baseline Security
Configure security templates.
  • Configure registry and file system permissions.
  • Configure account policies.
  • Configure audit policies.
  • Configure user rights assignment.
  • Configure security options.
  • Configure system services.
  • Configure restricted groups.
  • Configure event logs.
Deploy security templates. Deployment methods include using Group Policy and scripting.
Troubleshoot security template problems. Considerations include Group Policy, upgraded operating systems, and mixed client-computer operating systems.
Configure additional security based on computer roles. Computer roles include Microsoft SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, Internet Information Services (IIS) server, and mobile client computer.
Configure additional security for client-computer operating systems by using Group Policy.
Implementing, Managing, and Troubleshooting Service Packs and Security Updates
Determine the current status of service packs and security updates. Tools include MBSA and HFNetChk.
Install service packs and security updates. Consideration include slipstreaming and using Remote Installation Services (RIS), custom scripts, and isolated networks.
  • Install service packs and security updates on new client computers and servers. Considerations include slipstreaming and using RIS, custom scripts, and isolated networks.
Manage service packs and security updates. Considerations include server computers and remote client computers. Tools include Microsoft Software Update Service, Automatic Updates, and SMS.
Troubleshoot the deployment of service packs and security updates. Typical issues include third-party application compatibility, permissions, and version conflicts.
Implementing, Managing, and Troubleshooting Security-Enhanced Communication Channels
Configure IPSec to help protect communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers.
  • Configure IPSec authentication.
  • Configure appropriate encryption levels.
  • Configure the appropriate IPSec protocol. Protocols include AH and ESP.
  • Deploy and manage IPSec certificates. Considerations include renewing certificates.
Troubleshoot IPSec. Typical issues include IPSec rule configurations, firewall configurations, routers, and authentication.
Implement security for wireless networks.
  • Configure public and private wireless LANs.
  • Configure wireless encryption levels. Levels include WEP and 802.1x.
  • Configure wireless network connection settings on client computers. Client-computer operating systems include Windows 2000 Professional, Windows XP Professional, and Windows CE 3.0.
Configure Server Message Block (SMB) signing to support packet authentication and integrity.
Deploy and manage SSL certificates. Considerations include renewing certificates and obtaining self-issued certificates versus public-issued certificates.
  • Obtain public and private certificates.
  • Install certificates for SSL.
  • Renew certificates.
Configure SSL to help protect communication channels. Communication channels include client computer to Web server, Web server to SQL Server computer, client computer to Active Directory domain controller, and e-mail server to client computer.
Configuring, Managing, and Troubleshooting Authentication and Remote Access Security
Configure and troubleshoot authentication.
  • Configure authentication protocols to support mixed Windows client-computer environments.
  • Configure the interoperability of Kerberos authentication with UNIX computers.
  • Configure authentication for extranet scenarios.
  • Configure trust relationships.
  • Configure authentication for members of non-trusted domain authentication.
Configure and troubleshoot authentication for Web users. Authentication types include Basic, Integrated Windows, anonymous, digest, and client certificate mapping.
Configure authentication for security-enhanced remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and Multi-factor authentication with smart cards and EAP.
Configure and troubleshoot virtual private network (VPN) protocols. Considerations include Internet service provider (ISP), client-computer operating system, Network Address Translation (NAT) devices, Routing and Remote Access server, and firewall server.
Manage client-computer configuration for remote access security. Tools include remote access policy and Connection Manager Administration Kit.
Implementing and Managing a Public Key Infrastructure (PKI) and Encrypting File System (EFS)
Install and configure Certificate Authority (CA) hierarchies. Considerations include enterprise, standalone, and third-party.
  • Install and configure the root, intermediate, and issuing CA. Considerations include renewals and hierarchy.
  • Configure certificate templates. Considerations include LDAP queries, HTTP queries, and third-party CAs.
  • Configure the publication of Certificate Revocation Lists (CRLs).
  • Configure public key Group Policy.
  • Configure certificate renewal and enrollment.
  • Deploy certificates to users, computers, and CAs.
Manage Certificate Authorities (CAs). Considerations include enterprise, stand-alone, and third-party.
  • Enroll and renew certificates.
  • Revoke certificates.
  • Manage and troubleshoot Certificate Revocation Lists (CRLs). Considerations include publishing the CRL.
  • Back up and restore the CA.
Manage client-computer and server certificates. Considerations include SMIME, EFS, exporting, and storage.
  • Publish certificates through Active Directory.
  • Issue certificates using MMC, Web enrollment, programmatic, or auto enrollment using Windows XP.
  • Recover KMS-issued keys.
Manage and troubleshoot EFS. Considerations include domain members, workgroup members, and client-computer operating systems.
Monitoring and Responding to Security Incidents
Configure and manage auditing. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Network Monitor Log, and RAS log files.
  • Manage audit log retention.
  • Manage distributed audit logs by using EventComb.
Analyze security events. Considerations include reviewing logs and events.
Respond to security incidents. Incidents include hackers, viruses, denial-of-service (DoS) attacks, natural disasters, and maintaining chains of evidence.
  • Isolate and contain the incident. Considerations include preserving the chain of evidence.
  • Implement counter measures.
  • Restore services.

Note: This preparation guide is subject to change at any time without prior notice and at Microsoft's sole discretion. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use the exam objectives listed in this preparation guide to prepare for the exam, regardless of its format.


To top of page
 

You will PASS your Exam 70-214 in your FIRST try! With only 20-30 hours study of our guides. GUARANTEED!
 

index

CORE: 70-210  |  70-215  |  70-216  |  70-217  |  70-270

ELECTIVE: 70-019  | 70-028  |  70-029  |  70-086  |  70-214  |  70-218  |  70-219  |  70-220  |  70-221  |  70-222  |  70-223  |  70-224  |  70-225  |

70-226  |  70-227  |  70-228  |  70-229  |  70-230  |  70-232  |  70-234  |  70-244  |  70-297  |  70-298
 

MCAD  |  MCDBA  |  MCDST  |  MCP  |  MCSA  |  MCSA2000  |  MCSA Server 2003  |  MCSA New To IT

Update MCSA 2000  |  MCSA 2000 Security  |  MCSA 2003 Messaging  |  MCSA 2003 Security  |  MCSD.Net

MCSE 2000 Messaging  |  MCSE 2000 Security  |  MCSE 2003  |  MCSE for NT  |  MCSE Training  |  MOS