Sybex MCSE windows server 2003 network security design study guide exam 70298 may 2004 ISBN 0782143296
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (5.94 MB, 783 trang )
MCSE:WindowsServer2003Network
SecurityDesignStudyGuide(Exam70298)
ISBN:0782143296
byBrianReismanandMitch
Ruebush
Sybex©2004(736pages)
Basedonpracticalexamplesandinsights
drawnfromreal-worldexperience,thisStudy
Guideprovidesunderstandableandsuccinct
informationondesigningasecureWindowsbasednetwork,andwillhelpyoupassthe
MCSEExam70-298.
TableofContents
MCSE—WindowsServer2003NetworkSecurityDesign
StudyGuide(Exam70-298)
Introduction
AnalyzingSecurityPolicies,Procedures,
Chapter1 andRequirements
IdentifyingandDesigningforPotential
Chapter2 SecurityThreats
Chapter3 - DesigningNetworkInfrastructureSecurity
DesigninganAuthenticationStrategyfor
Chapter4 ActiveDirectory
DesigninganAccessControlStrategyfor
Chapter5 NetworkResources
DesigningaPublicKeyInfrastructurewith
Chapter6 - CertificateServices
DesigningSecurityforInternet
InformationServices
DesigningSecurityforServerswith
Chapter8 SpecificRoles
DesigninganInfrastructureforUpdating
Chapter9 Computers
DesigningSecureNetworkManagement
Chapter10 Infrastructure
Glossary
Index
ListofFigures
ListofTables
ListofScenarios
ListofSidebars
Chapter7 -
MCSE:WindowsServer2003NetworkSecurity
DesignStudyGuide(Exam70-298)
BrianReisman
MitchRuebush
SYBEX
SanFrancisco•London
AssociatePublisher:NeilEdde
AcquisitionsEditor:MaureenAdams
DevelopmentalEditor:JeffKellum
ProductionEditor:ElizabethCampbell
TechnicalEditors:KevinLundy,WarrenWyrostek
Copyeditor:JudyFlynn
CompositorandGraphicIllustrator:HappenstanceType-O-Rama
CDCoordinator:DanMummert
CDTechnician:KevinLy
Proofreaders:LaurieO’Connell,NancyRiddiough
Indexer:LynnzeeElze
BookDesigners:BillGibsonandJudyFung
CoverDesigner:ArcherDesign
CoverPhotographer:PhotodiscandVictorArre
Copyright©2004SYBEXInc.,1151MarinaVillageParkway,Alameda,
CA94501.
Worldrightsreserved.Nopartofthispublicationmaybestoredina
retrievalsystem,transmitted,orreproducedinanyway,includingbutnot
limitedtophotocopy,photograph,magnetic,orotherrecord,withoutthe
prioragreementandwrittenpermissionofthepublisher.
LibraryofCongressCardNumber:2003115675
ISBN:0782143296
ScreenreproductionsproducedwithFullShot99.FullShot99©19911999InbitIncorporated.Allrightsreserved.
FullShotisatrademarkofInbitIncorporated.
TheCDinterfacewascreatedusingMacromediaDirector,COPYRIGHT
1994,1997-1999MacromediaInc.FormoreinformationonMacromedia
andMacromediaDirector,visit.
Microsoft®InternetExplorer©1996MicrosoftCorporation.Allrights
reserved.Microsoft,theMicrosoftInternetExplorerlogo,Windows,
WindowsNT,andtheWindowslogoareeitherregisteredtrademarksor
trademarksofMicrosoftCorporationintheUnitedStatesand/orother
countries.
SYBEXisanindependententityfromMicrosoftCorporation,andnot
affiliatedwithMicrosoftCorporationinanymanner.Thispublicationmay
beusedinassistingstudentstoprepareforaMicrosoftCertified
ProfessionalExam.NeitherMicrosoftCorporation,itsdesignatedreview
company,norSYBEXwarrantsthatuseofthispublicationwillensure
passingtherelevantexam.Microsoftiseitheraregisteredtrademarkor
trademarkofMicrosoftCorporationintheUnitedStatesand/orother
countries.
TRADEMARKS:SYBEXhasattemptedthroughoutthisbookto
distinguishproprietarytrademarksfromdescriptivetermsbyfollowingthe
capitalizationstyleusedbythemanufacturer.
Theauthorandpublisherhavemadetheirbesteffortstopreparethis
book,andthecontentisbaseduponfinalreleasesoftwarewhenever
possible.Portionsofthemanuscriptmaybebaseduponpre-release
versionssuppliedbysoftwaremanufacturer(s).Theauthorandthe
publishermakenorepresentationorwarrantiesofanykindwithregardto
thecompletenessoraccuracyofthecontentshereinandacceptno
liabilityofanykindincludingbutnotlimitedtoperformance,
merchantability,fitnessforanyparticularpurpose,oranylossesor
damagesofanykindcausedorallegedtobecauseddirectlyorindirectly
fromthisbook.
ManufacturedintheUnitedStatesofAmerica
10987654321
Dedication
TomyFamily,supportingmeasalways:Tami,Thatcher,andCollinwhom
Icannotlivewithout.Iwouldalsoliketodedicatethisworktomyfather
fornevergivingupinhisfightwithcancer.
—Brian
Tomylovingwife,Jennifer,andmysonanddaughter,ElliottandAvery,
whomIadore.IloveyouandIamsureyouaredelightedtohaveme
back.
—Mitch
Acknowledgments
Iwouldliketoextendmyenormousappreciationforeveryonewho
workedonthisbook:ourAcquisitionsEditor:MaureenAdamsforputting
thiswholethingtogether,ourProductionEditor:ElizabethCampbellfor
keepingtheprojectrunningandbeingsounderstandingwithallofmy
"distractions"duringtheprocess,ourEditor:JudyFlynnwhomadeour
sentencescoherent,thefolkswhoputtogethertheCDtestengine:Dan
MummertandKevinLy,andlastandcertainlynotleastour
DevelopmentalEditor:JeffKellumwhohasbecomemorethananeditor
inmyeyes,ratherafriend.He’stoughwhenheneedstobeand
supportiveallofthetime.Idon’tthinkIcouldhavemadeitthroughallof
thiswithouthimalwaysthere…ThanksJeff!
Iwould,ofcourse,liketothankmyfriendsandfamilyforputtingup
with(out)meduringthemajorityoftheprocess:Tami,mywife,andthe
bravestwomanIknow,Thatcher,thesweetest5year-oldintheworld,
andhislittlebrotherCollinwhojustsatupthismorningforthefirsttime.
I’dalsoliketothankmyMomandDad,AliceandJoelReisman,who
wereveryunderstandingofallofthetimesIcouldn’tmakeitovertovisit,
Myin-laws,JimandKayFuglie,forjustbeingwonderfulpeopleand
grandparentsandalwaystheretohelp.
—BrianReisman
Wewouldliketoacknowledgeallthepeoplewithoutwhosehardwork
andpatiencethisbookwouldnothavebeenpossible.ThestaffatSybex,
includingJudyFlynn,MaureenAdams,ElizabethCampbell,JeffKellum
asourEditors.Wewouldalsoliketothankourtechnicaleditors,Kevin
LundyandWarrenWyrostek,whoreviewedthechaptersandprovided
valuablefeedbacktomakeitabetterbook.Wewouldalsoliketothank
DanMummertandKevinLyfortheirworkonvaluableCDresource
providedwiththisbook.
Iwouldliketothankmyfamily:mywifeJenn,whohasbeenvery
supportivebutsaysIshouldneverwriteabookagain.Mythreeyearold
sonElliott,whojustreallywantstoplay,andmy7montholddaughter,
Avery,whowantedtoparticipateandhelpedmewritesomeofthebook
(thesepartswerelatereditedout).Iloveyouall.
—MitchRuebush
ToOurValuedReaders:
ThankyouforlookingtoSybexforyourMicrosoftWindows2003
certificationexamprepneeds.WeatSybexareproudofthereputation
we’veestablishedforprovidingcertificationcandidateswiththepractical
knowledgeandskillsneededtosucceedinthehighlycompetitiveIT
marketplace.SybexisproudtohavehelpedthousandsofMicrosoft
certificationcandidatespreparefortheirexamsovertheyears,andwe
areexcitedabouttheopportunitytocontinuetoprovidecomputerand
networkingprofessionalswiththeskillsthey’llneedtosucceedinthe
highlycompetitiveITindustry.
WithitsreleaseofWindowsServer2003,andtherevisedMCSAand
MCSEtracks,MicrosofthasraisedthebarforITcertificationsyetagain.
ThenewprogramsbetterreflecttheskillsetdemandedofIT
administratorsintoday’smarketplaceandofferscandidatesaclearer
structureforacquiringtheskillsnecessarytoadvancetheircareers.
TheauthorsandeditorshaveworkedhardtoensurethattheStudy
Guideyouholdinyourhandiscomprehensive,in-depth,and
pedagogicallysound.We’reconfidentthatthisbookwillexceedthe
demandingstandardsofthecertificationmarketplaceandhelpyou,the
Microsoftcertificationcandidate,succeedinyourendeavors.
Asalways,yourfeedbackisimportanttous.Pleasesendcomments,
questions,orsuggestionsto<>.AtSybexwe’re
continuallystrivingtomeettheneedsofindividualspreparingforIT
certificationexams.
GoodluckinpursuitofyourMicrosoftcertification!
NeilEdde
AssociatePublisher—Certification
Sybex,Inc.
SoftwareLicenseAgreement:TermsandConditions
Themediaand/oranyonlinematerialsaccompanyingthisbookthatare
availablenoworinthefuturecontainprogramsand/ortextfiles(the
“Software”)tobeusedinconnectionwiththebook.SYBEXherebygrants
toyoualicensetousetheSoftware,subjecttothetermsthatfollow.Your
purchase,acceptance,oruseoftheSoftwarewillconstituteyour
acceptanceofsuchterms.TheSoftwarecompilationisthepropertyof
SYBEXunlessotherwiseindicatedandisprotectedbycopyrightto
SYBEXorothercopyrightowner(s)asindicatedinthemediafiles(the
“Owner(s)”).Youareherebygrantedasingle-userlicensetousethe
Softwareforyourpersonal,noncommercialuseonly.Youmaynot
reproduce,sell,distribute,publish,circulate,orcommerciallyexploitthe
Software,oranyportionthereof,withoutthewrittenconsentofSYBEX
andthespecificcopyrightowner(s)ofanycomponentsoftwareincluded
onthismedia.
IntheeventthattheSoftwareorcomponentsincludespecificlicense
requirementsorend-useragreements,statementsofcondition,
disclaimers,limitationsorwarranties(“End-UserLicense”),thoseEndUserLicensessupersedethetermsandconditionshereinastothat
particularSoftwarecomponent.Yourpurchase,acceptance,oruseofthe
SoftwarewillconstituteyouracceptanceofsuchEnd-UserLicenses.
Bypurchase,useoracceptanceoftheSoftwareyoufurtheragreeto
complywithallexportlawsandregulationsoftheUnitedStatesassuch
lawsandregulationsmayexistfromtimetotime.
SoftwareSupport
ComponentsofthesupplementalSoftwareandanyoffersassociated
withthemmaybesupportedbythespecificOwner(s)ofthatmaterial,but
theyarenotsupportedbySYBEX.Informationregardinganyavailable
supportmaybeobtainedfromtheOwner(s)usingtheinformation
providedintheappropriateread.mefilesorlistedelsewhereonthe
media.
Shouldthemanufacturer(s)orotherOwner(s)ceasetooffersupportor
declinetohonoranyoffer,SYBEXbearsnoresponsibility.Thisnotice
concerningsupportfortheSoftwareisprovidedforyourinformationonly.
SYBEXisnottheagentorprincipaloftheOwner(s),andSYBEXisinno
wayresponsibleforprovidinganysupportfortheSoftware,norisitliable
orresponsibleforanysupportprovided,ornotprovided,bytheOwner(s).
Warranty
SYBEXwarrantstheenclosedmediatobefreeofphysicaldefectsfora
periodofninety(90)daysafterpurchase.TheSoftwareisnotavailable
fromSYBEXinanyotherformormediathanthatenclosedhereinor
postedtowww.sybex.com.Ifyoudiscoveradefectinthemediaduring
thiswarrantyperiod,youmayobtainareplacementofidenticalformatat
nochargebysendingthedefectivemedia,postageprepaid,withproofof
purchaseto:
SYBEXInc.
ProductSupportDepartment
1151MarinaVillageParkway
Alameda,CA94501
Web:
Afterthe90-dayperiod,youcanobtainreplacementmediaofidentical
formatbysendingusthedefectivedisk,proofofpurchase,andacheck
ormoneyorderfor$10,payabletoSYBEX.
Disclaimer
SYBEXmakesnowarrantyorrepresentation,eitherexpressedor
implied,withrespecttotheSoftwareoritscontents,quality,performance,
merchantability,orfitnessforaparticularpurpose.Innoeventwill
SYBEX,itsdistributors,ordealersbeliabletoyouoranyotherpartyfor
direct,indirect,special,incidental,consequential,orotherdamages
arisingoutoftheuseoforinabilitytousetheSoftwareoritscontents
evenifadvisedofthepossibilityofsuchdamage.Intheeventthatthe
Softwareincludesanonlineupdatefeature,SYBEXfurtherdisclaimsany
obligationtoprovidethisfeatureforanyspecificdurationotherthanthe
initialposting.
Theexclusionofimpliedwarrantiesisnotpermittedbysomestates.
Therefore,theaboveexclusionmaynotapplytoyou.Thiswarranty
providesyouwithspecificlegalrights;theremaybeotherrightsthatyou
mayhavethatvaryfromstatetostate.Thepricingofthebookwiththe
SoftwarebySYBEXreflectstheallocationofriskandlimitationson
liabilitycontainedinthisagreementofTermsandConditions.
SharewareDistribution
ThisSoftwaremaycontainvariousprogramsthataredistributedas
shareware.Copyrightlawsapplytobothsharewareandordinary
commercialsoftware,andthecopyrightOwner(s)retainsallrights.Ifyou
tryasharewareprogramandcontinueusingit,youareexpectedto
registerit.Individualprogramsdifferondetailsoftrialperiods,
registration,andpayment.Pleaseobservetherequirementsstatedin
appropriatefiles.
CopyProtection
TheSoftwareinwholeorinpartmayormaynotbecopy-protectedor
encrypted.However,inallcases,resellingorredistributingthesefiles
withoutauthorizationisexpresslyforbiddenexceptasspecifically
providedforbytheOwner(s)therein.
Introduction
Microsoft’sMicrosoftCertifiedSystemsAdministrator(MCSA)and
MicrosoftCertifiedSystemsEngineer(MCSE)tracksforWindowsServer
2003arethepremiercertificationsforcomputerindustryprofessionals.
CoveringthecoretechnologiesaroundwhichMicrosoft’sfuturewillbe
built,thisprogramprovidespowerfulcredentialsforcareeradvancement.
Thisbookhasbeendevelopedtogiveyouthecriticalskillsand
knowledgeyouneedtoprepareforoneofthecoredesignrequirements
oftheMCSEcertificationintheWindowsServer2003track:Designing
SecurityforaMicrosoftWindowsServer2003Network(70-297).
TheMicrosoftCertifiedProfessionalProgram
Sincetheinceptionofitscertificationprogram,Microsofthascertified
almost1.5millionpeople.Asthecomputernetworkindustryincreasesin
bothsizeandcomplexity,thisnumberissuretogrow—andtheneedfor
provenabilitywillalsoincrease.Companiesrelyoncertificationstoverify
theskillsofprospectiveemployeesandcontractors.
MicrosofthasdevelopeditsMicrosoftCertifiedProfessional(MCP)
programtogiveyoucredentialsthatverifyyourabilitytoworkwith
Microsoftproductseffectivelyandprofessionally.ObtainingyourMCP
certificationrequiresthatyoupassanyoneMicrosoftcertificationexam.
Severallevelsofcertificationareavailablebasedonspecificsuitesof
exams.Dependingonyourareasofinterestorexperience,youcan
obtainanyofthefollowingMCPcredentials:
MicrosoftCertifiedDesktopSupportTechnician(MCDST)Thisisthe
mostrecentofferingbyMicrosoft.Theprogramtargetsindividualswith
verylittlecomputerexperience.TheonlyprerequisiteMicrosoft
recommendsisthatyouhaveexperienceusingapplicationsthatare
includedwithWindowsXP,includingMicrosoftInternetExplorerand
OutlookExpress.Youmustpassatotaloftwoexamstoobtainyour
MCDST.
MicrosoftCertifiedSystemsAdministrator(MCSA)onWindows
Server2003TheMCSAcertificationisthenewestadministrator
certificationtrackfromMicrosoft.Thiscertificationtargetssystemand
networkadministratorswithroughly6to12monthsofdesktopand
networkadministrationexperience.TheMCSAcanbeconsideredthe
entry-levelnetworkingcertification.Youmusttakeandpassatotaloffour
examstoobtainyourMCSA.Or,ifyouareanMCSAonWindows2000,
youcantakeoneUpgradeexamtoobtainyourMCSAonWindows
Server2003.
MicrosoftCertifiedSystemsEngineer(MCSE)onWindowsServer
2003Thiscertificationtrackisdesignedfornetworkandsystem
administrators,networkandsystemanalysts,andtechnicalconsultants
whoworkwithMicrosoftWindowsXPandServer2003software.You
musttakeandpasssevenexamstoobtainyourMCSE.Or,ifyouarean
MCSEonWindows2000,youcantaketwoUpgradeexamstoobtain
yourMCSEonWindowsServer2003.
MicrosoftCertifiedApplicationDeveloper(MCAD)Thistrackis
designedforapplicationdevelopersandtechnicalconsultantswho
primarilyuseMicrosoftdevelopmenttools.Currently,youcantakeexams
onVisualBasic.NETorVisualC#.NET.Youmusttakeandpassthree
examstoobtainyourMCSD.
MCSEversusMCSA
InanefforttoprovidethosejuststartingoffintheITworldachanceto
provetheirskills,MicrosoftintroduceditsMicrosoftCertifiedSystems
Administrator(MCSA)program.
Targetedatthosewithlessthanayear’sexperience,theMCSA
programfocusesprimarilyontheadministrationportionofanIT
professional’sduties.Therefore,therearecertainWindowsexamsthat
satisfybothMCSAandMCSErequirements,namelyexams70-270,
70-290,and70-291.
Ofcourse,itshouldbeanyMCSA’sgoaltoeventuallyobtainhisorher
MCSE.However,don’tassumethat,becausetheMCSAhastotake
threeexamsthatalsosatisfyanMCSErequirement,thetwoprograms
aresimilar.AnMCSEmustalsoknowhowtodesignanetwork.
Beyondthesethreeexams,theremainingMCSEexamsrequirethe
candidatetohavemuchmorehands-onexperience.
MicrosoftCertifiedSolutionDeveloper(MCSD)Thistrackisdesigned
forsoftwareengineersanddevelopersandtechnicalconsultantswho
primarilyuseMicrosoftdevelopmenttools.Asofthisprinting,youcanget
yourMCSDineitherVisualStudio6orVisualStudio.NET.InVisual
Studio6,youneedtotakeandpassthreeexams.InVisualStudio.NET,
youneedtotakeandpassfiveexamstoobtainyourMCSD.
MicrosoftCertifiedDatabaseAdministrator(MCDBA)Thistrackis
designedfordatabaseadministrators,developers,andanalystswho
workwithMicrosoftSQLServer.Asofthisprinting,youcantakeexams
oneitherSQLServer7orSQLServer2000.Youmusttakeandpassfour
examstoachieveMCDBAstatus.
MicrosoftCertifiedTrainer(MCT)TheMCTtrackisdesignedforanyIT
professionalwhodevelopsandteachesMicrosoft-approvedcourses.To
becomeanMCT,youmustfirstobtainyourMCSE,MCSD,orMCDBA,
thenyoumusttakeaclassatoneoftheCertifiedTechnicalTraining
Centers.Youwillalsoberequiredtoproveyourinstructionalability.You
candothisinvariousways:bytakingaskills-buildingortrain-the-trainer
class,byachievingcertificationasatrainerfromanyofseveralvendors,
orbybecomingaCertifiedTechnicalTrainerthroughCompTIA.Lastof
all,youwillneedtocompleteanMCTapplication.
Note Microsoftrecentlyannouncedtwonewcertificationtracksfor
Windows2000:MCSA:SecurityandMCSE:Messaging.In
additiontothecoreoperatingsystemrequirements,candidates
musttaketwosecurityspecializationcoreexams,oneofwhich
canbeCompTIA’sSecurity+exam.MCSE:Securitycandidates
mustalsotakeasecurityspecializationdesignexam.Asofthis
printing,noannouncementhadbeenmadeonthetrackfor
WindowsServer2003.CheckoutMicrosoft’swebsiteat
www.microsoft.com/traincert.comformoreinformation.
HowDoYouBecomeCertifiedonWindows
Server2003?
AttaininganMCSAorMCSEcertificationhasalwaysbeenachallenge.
Inthepast,studentshavebeenabletoacquiredetailedexaminformation
—evenmostoftheexamquestions—fromonline“braindumps”and
third-party“cram”booksorsoftwareproducts.Forthenewexams,thisis
simplynotthecase.
Microsofthastakenstrongstepstoprotectthesecurityandintegrityofits
certificationtracks.Nowprospectivecandidatesmustcompleteacourse
ofstudythatdevelopsdetailedknowledgeaboutawiderangeoftopics.It
suppliesthemwiththetrueskillsneeded,derivedfromworkingwith
WindowsXP,WindowsServer2003,andrelatedsoftwareproducts.
TheWindowsServer2003certificationprogramsareheavilyweighted
towardhands-onskillsandexperience.Microsofthasstatedthat“nearly
halfofthecorerequiredexams’contentdemandsthatthecandidate
havetroubleshootingskillsacquiredthroughhands-onexperienceand
workingknowledge.”
Fortunately,ifyouarewillingtodedicatethetimeandefforttolearn
WindowsXPandServer2003,youcanprepareyourselfwellforthe
examsbyusingthepropertools.Byworkingthroughthisbook,youcan
successfullymeettheexamrequirementstopasstheDesigningSecurity
foraMicrosoftWindowsServer2003Networkexam.
ThisbookispartofacompleteseriesofMCSEStudyGuides,published
bySybexInc.,thattogethercoverthecoreMCSErequirements,Please
visittheSybexwebsiteatwww.sybex.comforcompleteprogramand
productdetails.
MCSEExamRequirements
CandidatesforMCSEcertificationonWindowsServer2003mustpass
sevenexams,includingoneclientoperatingsystemexam,four
networkingoperatingsystemexams,onedesignexam,andanelective.
Note ForamoredetaileddescriptionoftheMicrosoftcertification
programs,visitMicrosoft’sTrainingandCertificationwebsiteat
www.microsoft.com/traincert.
Youmusttakeoneofthefollowingclientoperatingsystemexams:
Installing,Configuring,andAdministeringMicrosoftWindows
2000Professional(70-210)
Installing,Configuring,andAdministeringMicrosoftWindowsXP
Professional(70-270)
plusthefollowingnetworkingoperatingsystemexams:
ManagingandMaintainingaMicrosoftWindowsServer2003
Environment(70-290)
Implementing,Managing,andMaintainingaMicrosoftWindows
Server2003NetworkInfrastructure(70-291)
PlanningandMaintainingaMicrosoftWindowsServer2003
NetworkInfrastructure(70-293)
Planning,Implementing,andMaintainingaMicrosoftWindows
Server2003ActiveDirectoryInfrastructure(70-294)
plusoneofthefollowingdesignexams:
DesigningaMicrosoftWindowsServer2003ActiveDirectoryand
NetworkInfrastructure(70-297)
DesigningSecurityforaMicrosoftWindowsServer2003Network
plusoneofanumberofelectives,including:
ImplementingandSupportingMicrosoftSystemsManagement
Server2.0(70-086)
Installing,Configuring,andAdministeringMicrosoftInternet
SecurityandAcceleration(ISA)Server2000,EnterpriseEdition
(70-227)
Installing,Configuring,andAdministeringMicrosoftSQLServer
2000EnterpriseEdition(70-228)
DesigningandImplementingDatabaseswithMicrosoftSQL
Server2000EnterpriseEdition(70-229)
ImplementingandManagingMicrosoftExchangeServer2003
(70-284)
ImplementingandAdministeringSecurityinaMicrosoftWindows
Server2003Network(70-299)
Thedesignexamnottakenasarequirement
Also,ifyouareanMCSEonWindows2000,youcantaketwoUpgrade
exams:
ManagingandMaintainingaMicrosoftWindowsServer2003
EnvironmentforanMCSACertifiedonWindows2000(70-297)
Planning,Implementing,andMaintainingaMicrosoftWindows
Server2003EnvironmentforanMCSECertifiedonWindows
2000(70-294)
Inaddition,ifyouareanMCSEinWindowsNT,youdonothavetotake
theclientrequirement,butyoudohavetotakethenetworkingoperating
system,design,andanelectiveexam.
Windows2000andWindows2003Certification
MicrosoftrecentlyannouncedthatitwilldistinguishbetweenWindows
2000andWindowsServer2003certifications.Thosewhohavetheir
MCSAorMCSEcertificationinWindows2000willbereferredtoas
“certifiedonWindows2000.”ThosewhoobtainedtheirMCSAor
MCSEinWindowsServer2003willbereferredtoas“certifiedon
WindowsServer2003.”
MicrosoftalsointroducedamorecleardistinctionbetweentheMCSA
andMCSEcertificationsbymoresharplyfocusingeachcertification.In
thenewWindows2003track,theobjectivescoveredbytheMCSA
examsrelateprimarilytoadministrativetasks.Theexamsthatrelate
specificallytotheMCSE,however,dealmostlywithdesign-level
concepts.So,MCSAjobtasksareconsideredtobemorehands-on,
whiletheMCSEjobtasksinvolvemorestrategicconcernsofdesign
andplanning.
TheDesigningSecurityforaMicrosoftWindows
Server2003NetworkExam
TheDesigningSecurityforaMicrosoftWindowsServer2003Network
examcoversconceptsandskillsrelatedtodesigningasecureWindows
Server2003network.Itemphasizesthefollowingelements:
Creatingtheconceptualdesignfornetworkinfrastructuresecurity
bygatheringandanalyzingbusinessandtechnicalrequirements
Creatingthelogicaldesignfornetworkinfrastructuresecurity
Creatingthephysicaldesignfornetworkinfrastructuresecurity
Designinganaccesscontrolstrategyfordata
Creatingthephysicaldesignforclientinfrastructuresecurity
Thisexaminvolvesunderstandingthedesigndecisionsbehindthe
securityoptionsinWindowsServer2003.Youwillneedtounderstand
whatisimportanttothecompanyintheCaseStudyanddeterminethe
bestprocess,technology,andimplementationofthetechnologytohelp
solvethecompany’ssecurityissues.Thisexamisfocusedonwhat
technologytouseandwhereitshouldbeusedonthenetwork.Itisnot
focusedonhowtoadministerorspecificallyimplementasecurity
technology.Focusingonwhatthetechnologyis,whatproblemsitsolves,
andwhatelsemightberequiredtoimplementitismosthelpful.Careful
studyofthisbook,alongwithhands-onexperience,willhelpyouprepare
forthisexam.
Note Microsoftprovidesexamobjectivestogiveyouageneral
overviewofpossibleareasofcoverageontheMicrosoft
exams.Keepinmind,however,thatexamobjectivesare
subjecttochangeatanytimewithoutpriornoticeandat
Microsoft’ssolediscretion.PleasevisitMicrosoft’sTrainingand
Certificationwebsite(www.microsoft.com/traincert)forthemost
currentlistingofexamobjectives.
TypesofExamQuestions
Inanefforttobothrefinethetestingprocessandprotectthequalityofits
certifications,Microsofthasfocuseditsexamsonrealexperienceand
hands-onproficiency.Thereisagreateremphasisonyourpastworking
environmentsandresponsibilitiesandlessemphasisonhowwellyou
canmemorize.Infact,Microsoftsaysacertificationcandidateshould
haveatleastayear’sworthofhands-onexperience.
Microsoftwillregularlyaddandremovequestionsfromtheexams.Thisis
calleditemseeding.Itispartoftheefforttomakeitmoredifficultfor
individualstomerelymemorizeexamquestionsthatwerepassedalong
byprevioustest-takers.
Note Microsoftwillaccomplishitsgoalofprotectingtheexams’
integritybyregularlyaddingandremovingexamquestions,
limitingthenumberofquestionsthatanyindividualseesina
betaexam,andaddingnewexamelements.
Examquestionsmaybeinavarietyofformats:Dependingonwhich
examyoutake,you’llseemultiple-choicequestionsaswellasselectand-placeandprioritize-a-listquestions.SimulationsandCaseStudy–
basedformatsareincludedaswell.Let’stakealookatthetypesofexam
questionsandexaminetheadaptivetestingtechniquesoyou’llbe
preparedforallofthepossibilities.
Note Formoreinformationonthevariousexamquestiontypes,goto
www.microsoft.com/traincert/mcpexams/policies/innovations.asp
CaseStudy–BasedQuestions
CaseStudy–basedquestionsfirstappearedintheMCSDprogramand
areprominentinthedesign-focusedexams,includingDesigningSecurity
foraMicrosoftWindowsServer2003Network.Thesequestionspresent
ascenariowitharangeofrequirements.Basedontheinformation
provided,youansweraseriesofmultiple-choiceandselect-and-place
questions.TheinterfaceforCaseStudy–basedquestionshasanumber
ofbuttons,eachofwhichcontainsinformationaboutthescenario.
Multiple-ChoiceQuestions
Multiple-choicequestionscomeintwomainforms.Oneisa
straightforwardquestionfollowedbyseveralpossibleanswers,ofwhich
oneormoreiscorrect.Theothertypeofmultiple-choicequestionismore
complexandbasedonaspecificscenario.Thescenariomayfocuson
severalareasorobjectives.
Select-and-PlaceQuestions
Select-and-placeexamquestionsinvolvegraphicalelementsthatyou
mustmanipulatetosuccessfullyanswerthequestion.Forexample,you
mightseeadiagramofacomputernetwork,asshowninthefollowing
graphictakenfromtheselect-and-placedemodownloadedfrom
Microsoft’swebsite.
Atypicaldiagramwillshowcomputersandothercomponentsnextto
boxesthatcontainthetext“Placehere.”Thelabelsfortheboxes
representvariouscomputerrolesonanetwork,suchasaprintserver
andafileserver.Basedoninformationgivenforeachcomputer,youare
askedtoselecteachlabelandplaceitinthecorrectbox.Youneedto
placeallofthelabelscorrectly.Nocreditisgivenforthequestionifyou
correctlylabelonlysomeoftheboxes.
Inanotherselect-and-placeproblemyoumightbeaskedtoputaseries
ofstepsinorderbydraggingitemsfromboxesonthelefttoboxesonthe
rightandplacingtheminthecorrectorder.Oneothertyperequiresthat
youdraganitemfromtheleftandplaceitunderaniteminacolumnon
theright.
Simulations
Simulationsarethekindsofquestionsthatmostcloselyrepresentactual
situationsandtesttheskillsyouusewhileworkingwithMicrosoft
softwareinterfaces.Theseexamquestionsincludeamockinterfaceon
whichyouareaskedtoperformcertainactionsaccordingtoagiven
scenario.Thesimulatedinterfaceslooknearlyidenticaltowhatyousee
intheactualproduct,asshowninthisexample.
Becauseofthenumberofpossibleerrorsthatcanbemadeon
simulations,besuretoconsiderthefollowingrecommendationsfrom
Microsoft:
Donotchangeanysimulationsettingsthatdon’tpertaintothe
solutiondirectly.
Whenrelatedinformationhasnotbeenprovided,assumethatthe
defaultsettingsareused.
Makesurethatyourentriesarespelledcorrectly.
Closeallthesimulationapplicationwindowsaftercompletingthe
setoftasksinthesimulation.
Thebestwaytoprepareforsimulationquestionsistospendtime
