MCSE:WindowsServer2003Network
SecurityDesignStudyGuide(Exam70298)
ISBN:0782143296
byBrianReismanandMitch
Ruebush
Sybex©2004(736pages)
Basedonpracticalexamplesandinsights
drawnfromreal-worldexperience,thisStudy
Guideprovidesunderstandableandsuccinct
informationondesigningasecureWindowsbasednetwork,andwillhelpyoupassthe
MCSEExam70-298.
TableofContents
MCSE—WindowsServer2003NetworkSecurityDesign
StudyGuide(Exam70-298)
Introduction
AnalyzingSecurityPolicies,Procedures,
Chapter1 andRequirements
IdentifyingandDesigningforPotential
Chapter2 SecurityThreats
Chapter3 - DesigningNetworkInfrastructureSecurity
DesigninganAuthenticationStrategyfor
Chapter4 ActiveDirectory
DesigninganAccessControlStrategyfor
Chapter5 NetworkResources
DesigningaPublicKeyInfrastructurewith
Chapter6 - CertificateServices
DesigningSecurityforInternet
InformationServices
DesigningSecurityforServerswith
Chapter8 SpecificRoles
DesigninganInfrastructureforUpdating
Chapter9 Computers
DesigningSecureNetworkManagement
Chapter10 Infrastructure
Glossary
Index
ListofFigures
ListofTables
ListofScenarios
ListofSidebars
Chapter7 -
MCSE:WindowsServer2003NetworkSecurity
DesignStudyGuide(Exam70-298)
BrianReisman
MitchRuebush
SYBEX
SanFrancisco•London
AssociatePublisher:NeilEdde
AcquisitionsEditor:MaureenAdams
DevelopmentalEditor:JeffKellum
ProductionEditor:ElizabethCampbell
TechnicalEditors:KevinLundy,WarrenWyrostek
Copyeditor:JudyFlynn
CompositorandGraphicIllustrator:HappenstanceType-O-Rama
CDCoordinator:DanMummert
CDTechnician:KevinLy
Proofreaders:LaurieO’Connell,NancyRiddiough
Indexer:LynnzeeElze
BookDesigners:BillGibsonandJudyFung
CoverDesigner:ArcherDesign
CoverPhotographer:PhotodiscandVictorArre
Copyright©2004SYBEXInc.,1151MarinaVillageParkway,Alameda,
CA94501.
Worldrightsreserved.Nopartofthispublicationmaybestoredina
retrievalsystem,transmitted,orreproducedinanyway,includingbutnot
limitedtophotocopy,photograph,magnetic,orotherrecord,withoutthe
prioragreementandwrittenpermissionofthepublisher.
LibraryofCongressCardNumber:2003115675
ISBN:0782143296
ScreenreproductionsproducedwithFullShot99.FullShot99©19911999InbitIncorporated.Allrightsreserved.
FullShotisatrademarkofInbitIncorporated.
TheCDinterfacewascreatedusingMacromediaDirector,COPYRIGHT
1994,1997-1999MacromediaInc.FormoreinformationonMacromedia
andMacromediaDirector,visit.
Microsoft®InternetExplorer©1996MicrosoftCorporation.Allrights
reserved.Microsoft,theMicrosoftInternetExplorerlogo,Windows,
WindowsNT,andtheWindowslogoareeitherregisteredtrademarksor
trademarksofMicrosoftCorporationintheUnitedStatesand/orother
countries.
SYBEXisanindependententityfromMicrosoftCorporation,andnot
affiliatedwithMicrosoftCorporationinanymanner.Thispublicationmay
beusedinassistingstudentstoprepareforaMicrosoftCertified
ProfessionalExam.NeitherMicrosoftCorporation,itsdesignatedreview
company,norSYBEXwarrantsthatuseofthispublicationwillensure
passingtherelevantexam.Microsoftiseitheraregisteredtrademarkor
trademarkofMicrosoftCorporationintheUnitedStatesand/orother
countries.
TRADEMARKS:SYBEXhasattemptedthroughoutthisbookto
distinguishproprietarytrademarksfromdescriptivetermsbyfollowingthe
capitalizationstyleusedbythemanufacturer.
Theauthorandpublisherhavemadetheirbesteffortstopreparethis
book,andthecontentisbaseduponfinalreleasesoftwarewhenever
possible.Portionsofthemanuscriptmaybebaseduponpre-release
versionssuppliedbysoftwaremanufacturer(s).Theauthorandthe
publishermakenorepresentationorwarrantiesofanykindwithregardto
thecompletenessoraccuracyofthecontentshereinandacceptno
liabilityofanykindincludingbutnotlimitedtoperformance,
merchantability,fitnessforanyparticularpurpose,oranylossesor
damagesofanykindcausedorallegedtobecauseddirectlyorindirectly
fromthisbook.
ManufacturedintheUnitedStatesofAmerica
10987654321
Dedication
TomyFamily,supportingmeasalways:Tami,Thatcher,andCollinwhom
Icannotlivewithout.Iwouldalsoliketodedicatethisworktomyfather
fornevergivingupinhisfightwithcancer.
—Brian
Tomylovingwife,Jennifer,andmysonanddaughter,ElliottandAvery,
whomIadore.IloveyouandIamsureyouaredelightedtohaveme
back.
—Mitch
Acknowledgments
Iwouldliketoextendmyenormousappreciationforeveryonewho
workedonthisbook:ourAcquisitionsEditor:MaureenAdamsforputting
thiswholethingtogether,ourProductionEditor:ElizabethCampbellfor
keepingtheprojectrunningandbeingsounderstandingwithallofmy
"distractions"duringtheprocess,ourEditor:JudyFlynnwhomadeour
sentencescoherent,thefolkswhoputtogethertheCDtestengine:Dan
MummertandKevinLy,andlastandcertainlynotleastour
DevelopmentalEditor:JeffKellumwhohasbecomemorethananeditor
inmyeyes,ratherafriend.He’stoughwhenheneedstobeand
supportiveallofthetime.Idon’tthinkIcouldhavemadeitthroughallof
thiswithouthimalwaysthere…ThanksJeff!
Iwould,ofcourse,liketothankmyfriendsandfamilyforputtingup
with(out)meduringthemajorityoftheprocess:Tami,mywife,andthe
bravestwomanIknow,Thatcher,thesweetest5year-oldintheworld,
andhislittlebrotherCollinwhojustsatupthismorningforthefirsttime.
I’dalsoliketothankmyMomandDad,AliceandJoelReisman,who
wereveryunderstandingofallofthetimesIcouldn’tmakeitovertovisit,
Myin-laws,JimandKayFuglie,forjustbeingwonderfulpeopleand
grandparentsandalwaystheretohelp.
—BrianReisman
Wewouldliketoacknowledgeallthepeoplewithoutwhosehardwork
andpatiencethisbookwouldnothavebeenpossible.ThestaffatSybex,
includingJudyFlynn,MaureenAdams,ElizabethCampbell,JeffKellum
asourEditors.Wewouldalsoliketothankourtechnicaleditors,Kevin
LundyandWarrenWyrostek,whoreviewedthechaptersandprovided
valuablefeedbacktomakeitabetterbook.Wewouldalsoliketothank
DanMummertandKevinLyfortheirworkonvaluableCDresource
providedwiththisbook.
Iwouldliketothankmyfamily:mywifeJenn,whohasbeenvery
supportivebutsaysIshouldneverwriteabookagain.Mythreeyearold
sonElliott,whojustreallywantstoplay,andmy7montholddaughter,
Avery,whowantedtoparticipateandhelpedmewritesomeofthebook
(thesepartswerelatereditedout).Iloveyouall.
—MitchRuebush
ToOurValuedReaders:
ThankyouforlookingtoSybexforyourMicrosoftWindows2003
certificationexamprepneeds.WeatSybexareproudofthereputation
we’veestablishedforprovidingcertificationcandidateswiththepractical
knowledgeandskillsneededtosucceedinthehighlycompetitiveIT
marketplace.SybexisproudtohavehelpedthousandsofMicrosoft
certificationcandidatespreparefortheirexamsovertheyears,andwe
areexcitedabouttheopportunitytocontinuetoprovidecomputerand
networkingprofessionalswiththeskillsthey’llneedtosucceedinthe
highlycompetitiveITindustry.
WithitsreleaseofWindowsServer2003,andtherevisedMCSAand
MCSEtracks,MicrosofthasraisedthebarforITcertificationsyetagain.
ThenewprogramsbetterreflecttheskillsetdemandedofIT
administratorsintoday’smarketplaceandofferscandidatesaclearer
structureforacquiringtheskillsnecessarytoadvancetheircareers.
TheauthorsandeditorshaveworkedhardtoensurethattheStudy
Guideyouholdinyourhandiscomprehensive,in-depth,and
pedagogicallysound.We’reconfidentthatthisbookwillexceedthe
demandingstandardsofthecertificationmarketplaceandhelpyou,the
Microsoftcertificationcandidate,succeedinyourendeavors.
Asalways,yourfeedbackisimportanttous.Pleasesendcomments,
questions,orsuggestionsto<>.AtSybexwe’re
continuallystrivingtomeettheneedsofindividualspreparingforIT
certificationexams.
GoodluckinpursuitofyourMicrosoftcertification!
NeilEdde
AssociatePublisher—Certification
Sybex,Inc.
SoftwareLicenseAgreement:TermsandConditions
Themediaand/oranyonlinematerialsaccompanyingthisbookthatare
availablenoworinthefuturecontainprogramsand/ortextfiles(the
“Software”)tobeusedinconnectionwiththebook.SYBEXherebygrants
toyoualicensetousetheSoftware,subjecttothetermsthatfollow.Your
purchase,acceptance,oruseoftheSoftwarewillconstituteyour
acceptanceofsuchterms.TheSoftwarecompilationisthepropertyof
SYBEXunlessotherwiseindicatedandisprotectedbycopyrightto
SYBEXorothercopyrightowner(s)asindicatedinthemediafiles(the
“Owner(s)”).Youareherebygrantedasingle-userlicensetousethe
Softwareforyourpersonal,noncommercialuseonly.Youmaynot
reproduce,sell,distribute,publish,circulate,orcommerciallyexploitthe
Software,oranyportionthereof,withoutthewrittenconsentofSYBEX
andthespecificcopyrightowner(s)ofanycomponentsoftwareincluded
onthismedia.
IntheeventthattheSoftwareorcomponentsincludespecificlicense
requirementsorend-useragreements,statementsofcondition,
disclaimers,limitationsorwarranties(“End-UserLicense”),thoseEndUserLicensessupersedethetermsandconditionshereinastothat
particularSoftwarecomponent.Yourpurchase,acceptance,oruseofthe
SoftwarewillconstituteyouracceptanceofsuchEnd-UserLicenses.
Bypurchase,useoracceptanceoftheSoftwareyoufurtheragreeto
complywithallexportlawsandregulationsoftheUnitedStatesassuch
lawsandregulationsmayexistfromtimetotime.
SoftwareSupport
ComponentsofthesupplementalSoftwareandanyoffersassociated
withthemmaybesupportedbythespecificOwner(s)ofthatmaterial,but
theyarenotsupportedbySYBEX.Informationregardinganyavailable
supportmaybeobtainedfromtheOwner(s)usingtheinformation
providedintheappropriateread.mefilesorlistedelsewhereonthe
media.
Shouldthemanufacturer(s)orotherOwner(s)ceasetooffersupportor
declinetohonoranyoffer,SYBEXbearsnoresponsibility.Thisnotice
concerningsupportfortheSoftwareisprovidedforyourinformationonly.
SYBEXisnottheagentorprincipaloftheOwner(s),andSYBEXisinno
wayresponsibleforprovidinganysupportfortheSoftware,norisitliable
orresponsibleforanysupportprovided,ornotprovided,bytheOwner(s).
Warranty
SYBEXwarrantstheenclosedmediatobefreeofphysicaldefectsfora
periodofninety(90)daysafterpurchase.TheSoftwareisnotavailable
fromSYBEXinanyotherformormediathanthatenclosedhereinor
postedtowww.sybex.com.Ifyoudiscoveradefectinthemediaduring
thiswarrantyperiod,youmayobtainareplacementofidenticalformatat
nochargebysendingthedefectivemedia,postageprepaid,withproofof
purchaseto:
SYBEXInc.
ProductSupportDepartment
1151MarinaVillageParkway
Alameda,CA94501
Web:
Afterthe90-dayperiod,youcanobtainreplacementmediaofidentical
formatbysendingusthedefectivedisk,proofofpurchase,andacheck
ormoneyorderfor$10,payabletoSYBEX.
Disclaimer
SYBEXmakesnowarrantyorrepresentation,eitherexpressedor
implied,withrespecttotheSoftwareoritscontents,quality,performance,
merchantability,orfitnessforaparticularpurpose.Innoeventwill
SYBEX,itsdistributors,ordealersbeliabletoyouoranyotherpartyfor
direct,indirect,special,incidental,consequential,orotherdamages
arisingoutoftheuseoforinabilitytousetheSoftwareoritscontents
evenifadvisedofthepossibilityofsuchdamage.Intheeventthatthe
Softwareincludesanonlineupdatefeature,SYBEXfurtherdisclaimsany
obligationtoprovidethisfeatureforanyspecificdurationotherthanthe
initialposting.
Theexclusionofimpliedwarrantiesisnotpermittedbysomestates.
Therefore,theaboveexclusionmaynotapplytoyou.Thiswarranty
providesyouwithspecificlegalrights;theremaybeotherrightsthatyou
mayhavethatvaryfromstatetostate.Thepricingofthebookwiththe
SoftwarebySYBEXreflectstheallocationofriskandlimitationson
liabilitycontainedinthisagreementofTermsandConditions.
SharewareDistribution
ThisSoftwaremaycontainvariousprogramsthataredistributedas
shareware.Copyrightlawsapplytobothsharewareandordinary
commercialsoftware,andthecopyrightOwner(s)retainsallrights.Ifyou
tryasharewareprogramandcontinueusingit,youareexpectedto
registerit.Individualprogramsdifferondetailsoftrialperiods,
registration,andpayment.Pleaseobservetherequirementsstatedin
appropriatefiles.
CopyProtection
TheSoftwareinwholeorinpartmayormaynotbecopy-protectedor
encrypted.However,inallcases,resellingorredistributingthesefiles
withoutauthorizationisexpresslyforbiddenexceptasspecifically
providedforbytheOwner(s)therein.
Introduction
Microsoft’sMicrosoftCertifiedSystemsAdministrator(MCSA)and
MicrosoftCertifiedSystemsEngineer(MCSE)tracksforWindowsServer
2003arethepremiercertificationsforcomputerindustryprofessionals.
CoveringthecoretechnologiesaroundwhichMicrosoft’sfuturewillbe
built,thisprogramprovidespowerfulcredentialsforcareeradvancement.
Thisbookhasbeendevelopedtogiveyouthecriticalskillsand
knowledgeyouneedtoprepareforoneofthecoredesignrequirements
oftheMCSEcertificationintheWindowsServer2003track:Designing
SecurityforaMicrosoftWindowsServer2003Network(70-297).
TheMicrosoftCertifiedProfessionalProgram
Sincetheinceptionofitscertificationprogram,Microsofthascertified
almost1.5millionpeople.Asthecomputernetworkindustryincreasesin
bothsizeandcomplexity,thisnumberissuretogrow—andtheneedfor
provenabilitywillalsoincrease.Companiesrelyoncertificationstoverify
theskillsofprospectiveemployeesandcontractors.
MicrosofthasdevelopeditsMicrosoftCertifiedProfessional(MCP)
programtogiveyoucredentialsthatverifyyourabilitytoworkwith
Microsoftproductseffectivelyandprofessionally.ObtainingyourMCP
certificationrequiresthatyoupassanyoneMicrosoftcertificationexam.
Severallevelsofcertificationareavailablebasedonspecificsuitesof
exams.Dependingonyourareasofinterestorexperience,youcan
obtainanyofthefollowingMCPcredentials:
MicrosoftCertifiedDesktopSupportTechnician(MCDST)Thisisthe
mostrecentofferingbyMicrosoft.Theprogramtargetsindividualswith
verylittlecomputerexperience.TheonlyprerequisiteMicrosoft
recommendsisthatyouhaveexperienceusingapplicationsthatare
includedwithWindowsXP,includingMicrosoftInternetExplorerand
OutlookExpress.Youmustpassatotaloftwoexamstoobtainyour
MCDST.
MicrosoftCertifiedSystemsAdministrator(MCSA)onWindows
Server2003TheMCSAcertificationisthenewestadministrator
certificationtrackfromMicrosoft.Thiscertificationtargetssystemand
networkadministratorswithroughly6to12monthsofdesktopand
networkadministrationexperience.TheMCSAcanbeconsideredthe
entry-levelnetworkingcertification.Youmusttakeandpassatotaloffour
examstoobtainyourMCSA.Or,ifyouareanMCSAonWindows2000,
youcantakeoneUpgradeexamtoobtainyourMCSAonWindows
Server2003.
MicrosoftCertifiedSystemsEngineer(MCSE)onWindowsServer
2003Thiscertificationtrackisdesignedfornetworkandsystem
administrators,networkandsystemanalysts,andtechnicalconsultants
whoworkwithMicrosoftWindowsXPandServer2003software.You
musttakeandpasssevenexamstoobtainyourMCSE.Or,ifyouarean
MCSEonWindows2000,youcantaketwoUpgradeexamstoobtain
yourMCSEonWindowsServer2003.
MicrosoftCertifiedApplicationDeveloper(MCAD)Thistrackis
designedforapplicationdevelopersandtechnicalconsultantswho
primarilyuseMicrosoftdevelopmenttools.Currently,youcantakeexams
onVisualBasic.NETorVisualC#.NET.Youmusttakeandpassthree
examstoobtainyourMCSD.
MCSEversusMCSA
InanefforttoprovidethosejuststartingoffintheITworldachanceto
provetheirskills,MicrosoftintroduceditsMicrosoftCertifiedSystems
Administrator(MCSA)program.
Targetedatthosewithlessthanayear’sexperience,theMCSA
programfocusesprimarilyontheadministrationportionofanIT
professional’sduties.Therefore,therearecertainWindowsexamsthat
satisfybothMCSAandMCSErequirements,namelyexams70-270,
70-290,and70-291.
Ofcourse,itshouldbeanyMCSA’sgoaltoeventuallyobtainhisorher
MCSE.However,don’tassumethat,becausetheMCSAhastotake
threeexamsthatalsosatisfyanMCSErequirement,thetwoprograms
aresimilar.AnMCSEmustalsoknowhowtodesignanetwork.
Beyondthesethreeexams,theremainingMCSEexamsrequirethe
candidatetohavemuchmorehands-onexperience.
MicrosoftCertifiedSolutionDeveloper(MCSD)Thistrackisdesigned
forsoftwareengineersanddevelopersandtechnicalconsultantswho
primarilyuseMicrosoftdevelopmenttools.Asofthisprinting,youcanget
yourMCSDineitherVisualStudio6orVisualStudio.NET.InVisual
Studio6,youneedtotakeandpassthreeexams.InVisualStudio.NET,
youneedtotakeandpassfiveexamstoobtainyourMCSD.
MicrosoftCertifiedDatabaseAdministrator(MCDBA)Thistrackis
designedfordatabaseadministrators,developers,andanalystswho
workwithMicrosoftSQLServer.Asofthisprinting,youcantakeexams
oneitherSQLServer7orSQLServer2000.Youmusttakeandpassfour
examstoachieveMCDBAstatus.
MicrosoftCertifiedTrainer(MCT)TheMCTtrackisdesignedforanyIT
professionalwhodevelopsandteachesMicrosoft-approvedcourses.To
becomeanMCT,youmustfirstobtainyourMCSE,MCSD,orMCDBA,
thenyoumusttakeaclassatoneoftheCertifiedTechnicalTraining
Centers.Youwillalsoberequiredtoproveyourinstructionalability.You
candothisinvariousways:bytakingaskills-buildingortrain-the-trainer
class,byachievingcertificationasatrainerfromanyofseveralvendors,
orbybecomingaCertifiedTechnicalTrainerthroughCompTIA.Lastof
all,youwillneedtocompleteanMCTapplication.
Note Microsoftrecentlyannouncedtwonewcertificationtracksfor
Windows2000:MCSA:SecurityandMCSE:Messaging.In
additiontothecoreoperatingsystemrequirements,candidates
musttaketwosecurityspecializationcoreexams,oneofwhich
canbeCompTIA’sSecurity+exam.MCSE:Securitycandidates
mustalsotakeasecurityspecializationdesignexam.Asofthis
printing,noannouncementhadbeenmadeonthetrackfor
WindowsServer2003.CheckoutMicrosoft’swebsiteat
www.microsoft.com/traincert.comformoreinformation.
HowDoYouBecomeCertifiedonWindows
Server2003?
AttaininganMCSAorMCSEcertificationhasalwaysbeenachallenge.
Inthepast,studentshavebeenabletoacquiredetailedexaminformation
—evenmostoftheexamquestions—fromonline“braindumps”and
third-party“cram”booksorsoftwareproducts.Forthenewexams,thisis
simplynotthecase.
Microsofthastakenstrongstepstoprotectthesecurityandintegrityofits
certificationtracks.Nowprospectivecandidatesmustcompleteacourse
ofstudythatdevelopsdetailedknowledgeaboutawiderangeoftopics.It
suppliesthemwiththetrueskillsneeded,derivedfromworkingwith
WindowsXP,WindowsServer2003,andrelatedsoftwareproducts.
TheWindowsServer2003certificationprogramsareheavilyweighted
towardhands-onskillsandexperience.Microsofthasstatedthat“nearly
halfofthecorerequiredexams’contentdemandsthatthecandidate
havetroubleshootingskillsacquiredthroughhands-onexperienceand
workingknowledge.”
Fortunately,ifyouarewillingtodedicatethetimeandefforttolearn
WindowsXPandServer2003,youcanprepareyourselfwellforthe
examsbyusingthepropertools.Byworkingthroughthisbook,youcan
successfullymeettheexamrequirementstopasstheDesigningSecurity
foraMicrosoftWindowsServer2003Networkexam.
ThisbookispartofacompleteseriesofMCSEStudyGuides,published
bySybexInc.,thattogethercoverthecoreMCSErequirements,Please
visittheSybexwebsiteatwww.sybex.comforcompleteprogramand
productdetails.
MCSEExamRequirements
CandidatesforMCSEcertificationonWindowsServer2003mustpass
sevenexams,includingoneclientoperatingsystemexam,four
networkingoperatingsystemexams,onedesignexam,andanelective.
Note ForamoredetaileddescriptionoftheMicrosoftcertification
programs,visitMicrosoft’sTrainingandCertificationwebsiteat
www.microsoft.com/traincert.
Youmusttakeoneofthefollowingclientoperatingsystemexams:
Installing,Configuring,andAdministeringMicrosoftWindows
2000Professional(70-210)
Installing,Configuring,andAdministeringMicrosoftWindowsXP
Professional(70-270)
plusthefollowingnetworkingoperatingsystemexams:
ManagingandMaintainingaMicrosoftWindowsServer2003
Environment(70-290)
Implementing,Managing,andMaintainingaMicrosoftWindows
Server2003NetworkInfrastructure(70-291)
PlanningandMaintainingaMicrosoftWindowsServer2003
NetworkInfrastructure(70-293)
Planning,Implementing,andMaintainingaMicrosoftWindows
Server2003ActiveDirectoryInfrastructure(70-294)
plusoneofthefollowingdesignexams:
DesigningaMicrosoftWindowsServer2003ActiveDirectoryand
NetworkInfrastructure(70-297)
DesigningSecurityforaMicrosoftWindowsServer2003Network
plusoneofanumberofelectives,including:
ImplementingandSupportingMicrosoftSystemsManagement
Server2.0(70-086)
Installing,Configuring,andAdministeringMicrosoftInternet
SecurityandAcceleration(ISA)Server2000,EnterpriseEdition
(70-227)
Installing,Configuring,andAdministeringMicrosoftSQLServer
2000EnterpriseEdition(70-228)
DesigningandImplementingDatabaseswithMicrosoftSQL
Server2000EnterpriseEdition(70-229)
ImplementingandManagingMicrosoftExchangeServer2003
(70-284)
ImplementingandAdministeringSecurityinaMicrosoftWindows
Server2003Network(70-299)
Thedesignexamnottakenasarequirement
Also,ifyouareanMCSEonWindows2000,youcantaketwoUpgrade
exams:
ManagingandMaintainingaMicrosoftWindowsServer2003
EnvironmentforanMCSACertifiedonWindows2000(70-297)
Planning,Implementing,andMaintainingaMicrosoftWindows
Server2003EnvironmentforanMCSECertifiedonWindows
2000(70-294)
Inaddition,ifyouareanMCSEinWindowsNT,youdonothavetotake
theclientrequirement,butyoudohavetotakethenetworkingoperating
system,design,andanelectiveexam.
Windows2000andWindows2003Certification
MicrosoftrecentlyannouncedthatitwilldistinguishbetweenWindows
2000andWindowsServer2003certifications.Thosewhohavetheir
MCSAorMCSEcertificationinWindows2000willbereferredtoas
“certifiedonWindows2000.”ThosewhoobtainedtheirMCSAor
MCSEinWindowsServer2003willbereferredtoas“certifiedon
WindowsServer2003.”
MicrosoftalsointroducedamorecleardistinctionbetweentheMCSA
andMCSEcertificationsbymoresharplyfocusingeachcertification.In
thenewWindows2003track,theobjectivescoveredbytheMCSA
examsrelateprimarilytoadministrativetasks.Theexamsthatrelate
specificallytotheMCSE,however,dealmostlywithdesign-level
concepts.So,MCSAjobtasksareconsideredtobemorehands-on,
whiletheMCSEjobtasksinvolvemorestrategicconcernsofdesign
andplanning.
TheDesigningSecurityforaMicrosoftWindows
Server2003NetworkExam
TheDesigningSecurityforaMicrosoftWindowsServer2003Network
examcoversconceptsandskillsrelatedtodesigningasecureWindows
Server2003network.Itemphasizesthefollowingelements:
Creatingtheconceptualdesignfornetworkinfrastructuresecurity
bygatheringandanalyzingbusinessandtechnicalrequirements
Creatingthelogicaldesignfornetworkinfrastructuresecurity
Creatingthephysicaldesignfornetworkinfrastructuresecurity
Designinganaccesscontrolstrategyfordata
Creatingthephysicaldesignforclientinfrastructuresecurity
Thisexaminvolvesunderstandingthedesigndecisionsbehindthe
securityoptionsinWindowsServer2003.Youwillneedtounderstand
whatisimportanttothecompanyintheCaseStudyanddeterminethe
bestprocess,technology,andimplementationofthetechnologytohelp
solvethecompany’ssecurityissues.Thisexamisfocusedonwhat
technologytouseandwhereitshouldbeusedonthenetwork.Itisnot
focusedonhowtoadministerorspecificallyimplementasecurity
technology.Focusingonwhatthetechnologyis,whatproblemsitsolves,
andwhatelsemightberequiredtoimplementitismosthelpful.Careful
studyofthisbook,alongwithhands-onexperience,willhelpyouprepare
forthisexam.
Note Microsoftprovidesexamobjectivestogiveyouageneral
overviewofpossibleareasofcoverageontheMicrosoft
exams.Keepinmind,however,thatexamobjectivesare
subjecttochangeatanytimewithoutpriornoticeandat
Microsoft’ssolediscretion.PleasevisitMicrosoft’sTrainingand
Certificationwebsite(www.microsoft.com/traincert)forthemost
currentlistingofexamobjectives.
TypesofExamQuestions
Inanefforttobothrefinethetestingprocessandprotectthequalityofits
certifications,Microsofthasfocuseditsexamsonrealexperienceand
hands-onproficiency.Thereisagreateremphasisonyourpastworking
environmentsandresponsibilitiesandlessemphasisonhowwellyou
canmemorize.Infact,Microsoftsaysacertificationcandidateshould
haveatleastayear’sworthofhands-onexperience.
Microsoftwillregularlyaddandremovequestionsfromtheexams.Thisis
calleditemseeding.Itispartoftheefforttomakeitmoredifficultfor
individualstomerelymemorizeexamquestionsthatwerepassedalong
byprevioustest-takers.
Note Microsoftwillaccomplishitsgoalofprotectingtheexams’
integritybyregularlyaddingandremovingexamquestions,
limitingthenumberofquestionsthatanyindividualseesina
betaexam,andaddingnewexamelements.
Examquestionsmaybeinavarietyofformats:Dependingonwhich
examyoutake,you’llseemultiple-choicequestionsaswellasselectand-placeandprioritize-a-listquestions.SimulationsandCaseStudy–
basedformatsareincludedaswell.Let’stakealookatthetypesofexam
questionsandexaminetheadaptivetestingtechniquesoyou’llbe
preparedforallofthepossibilities.
Note Formoreinformationonthevariousexamquestiontypes,goto
www.microsoft.com/traincert/mcpexams/policies/innovations.asp
CaseStudy–BasedQuestions
CaseStudy–basedquestionsfirstappearedintheMCSDprogramand
areprominentinthedesign-focusedexams,includingDesigningSecurity
foraMicrosoftWindowsServer2003Network.Thesequestionspresent
ascenariowitharangeofrequirements.Basedontheinformation
provided,youansweraseriesofmultiple-choiceandselect-and-place
questions.TheinterfaceforCaseStudy–basedquestionshasanumber
ofbuttons,eachofwhichcontainsinformationaboutthescenario.
Multiple-ChoiceQuestions
Multiple-choicequestionscomeintwomainforms.Oneisa
straightforwardquestionfollowedbyseveralpossibleanswers,ofwhich
oneormoreiscorrect.Theothertypeofmultiple-choicequestionismore
complexandbasedonaspecificscenario.Thescenariomayfocuson
severalareasorobjectives.
Select-and-PlaceQuestions
Select-and-placeexamquestionsinvolvegraphicalelementsthatyou
mustmanipulatetosuccessfullyanswerthequestion.Forexample,you
mightseeadiagramofacomputernetwork,asshowninthefollowing
graphictakenfromtheselect-and-placedemodownloadedfrom
Microsoft’swebsite.
Atypicaldiagramwillshowcomputersandothercomponentsnextto
boxesthatcontainthetext“Placehere.”Thelabelsfortheboxes
representvariouscomputerrolesonanetwork,suchasaprintserver
andafileserver.Basedoninformationgivenforeachcomputer,youare
askedtoselecteachlabelandplaceitinthecorrectbox.Youneedto
placeallofthelabelscorrectly.Nocreditisgivenforthequestionifyou
correctlylabelonlysomeoftheboxes.
Inanotherselect-and-placeproblemyoumightbeaskedtoputaseries
ofstepsinorderbydraggingitemsfromboxesonthelefttoboxesonthe
rightandplacingtheminthecorrectorder.Oneothertyperequiresthat
youdraganitemfromtheleftandplaceitunderaniteminacolumnon
theright.
Simulations
Simulationsarethekindsofquestionsthatmostcloselyrepresentactual
situationsandtesttheskillsyouusewhileworkingwithMicrosoft
softwareinterfaces.Theseexamquestionsincludeamockinterfaceon
whichyouareaskedtoperformcertainactionsaccordingtoagiven
scenario.Thesimulatedinterfaceslooknearlyidenticaltowhatyousee
intheactualproduct,asshowninthisexample.
Becauseofthenumberofpossibleerrorsthatcanbemadeon
simulations,besuretoconsiderthefollowingrecommendationsfrom
Microsoft:
Donotchangeanysimulationsettingsthatdon’tpertaintothe
solutiondirectly.
Whenrelatedinformationhasnotbeenprovided,assumethatthe
defaultsettingsareused.
Makesurethatyourentriesarespelledcorrectly.
Closeallthesimulationapplicationwindowsaftercompletingthe
setoftasksinthesimulation.
Thebestwaytoprepareforsimulationquestionsistospendtime