Welcome to AnyOtherSource.com
The benchmark that others compare themselves with. The website of Larry J. West, MCSD, of Louisville, KY. Better than a blog -- it's information you can hopefully use!
Home
President List
Certification Study Guide
Visual Studio 2008 Exams
Visual Studio 2010 exams
Windows Server 2008
70-089: SMS 2003
70-290 to 70-292
70-293 to 70-296
70-297: 2003 Active Dir.
70-298: 2003 Network Secu
70-299: 2003 Security Imp
70-505: 3.5 WinForms
70-510: TFS
70-547 to 70-549
70-561: 3.5 ADO.NET
70-562: 3.5 ASP.NET
70-632 glossary
70-640 to 70-649
Retired Exams
70-010: LAN Mgr. 2.1
70-011: LAN Mgr. 2.1 Adv.
70-013: SNA Svr.
70-020, -022, -023: SQL 4
70-270, -210, -215
70-021: SQL 4.2 DB Impl.
70-030: Win. 3.1
70-031: Excel 4
70-032: Project 3
70-033: Word 2.0
70-035: Mail 3.2-Desktop
70-037: Mail 3.2 Enterpri
70-040: NT 3.1
70-041: NT Adv. Svr. 3.1
70-045: WfWg 3.1
70-086: SMS 2.0
70-214: W2K Security
70-216: W2K Infra.
70-217: W2K Dir. Svc.
70-218: W2K MCSA
70-219, -220, -221
70-222: NT4 to W2K
70-223: Clustering
70-224: Exch. 2000
70-225: Exch. 2000 Server
70-226: W2K Server Web Te
70-227: ISA 2000
70-228: SQL Svr 2000 Admi
70-229: SQL Srvr 2000 Des
70-230: BizTalk 2000
70-232: App Ctr 2000
70-305 to 70-320
70-666
70-234: Commerce Srvr 200
70-235: BizTalk 2006
70-244: NT Server 4.0
70-262: LCS 2005
70-271:
70-272: XP Desktop Apps
70-281: Ent. Proj. Mgmt.
70-282: Small Business
70-284: Exch. Srvr. 2003
70-285: Exch. Srvr. 2003
Political Information
Kentucky Highways
Languages
Religious Information
Graduate School Info
Job Hunting Information
Dulcimer Playing
Model Railroading In Educ
Perpetual Calendar
Not Elsewhere Classified
IUS Class Syllabus
Contact Me
About Me
Site Map

70-299:  Implementing and Administering Security in a Microsoft Windows Server 2003 Network

 

Skills being measured:

299.1. Implementing, Managing, and Troubleshooting Security Policies [Exam 70-299 only] -

299.1.1. Plan security templates based on computer role. Computer roles include SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, and Internet Information Services (IIS) server. [Exam 70-299 only] -

299.1.2. Configure security templates. [Exam 70-299 only] -

299.1.2.1. Configure registry and file system permissions. [Exam 70-299 only] -

299.1.2.2. Configure account policies. [Exam 70-299 only] -

299.1.2.3. Configure .pol files. [Exam 70-299 only] -

299.1.2.4. Configure audit policies. [Exam 70-299 only] -

299.1.2.5. Configure user rights assignment. [Exam 70-299 only] -

299.1.2.6. Configure security options. [Exam 70-299 only] -

299.1.2.7. Configure system services. [Exam 70-299 only] -

299.1.2.8. Configure restricted groups. [Exam 70-299 only] -

299.1.2.9. Configure event logs. [Exam 70-299 only] -

299.1.3. Deploy security templates. [Exam 70-299 only] -

299.1.3.1. Plan the deployment of security templates. [Exam 70-299 only] -

299.1.3.2. Deploy security templates by using Active Directory-based Group Policy objects (GPOs). [Exam 70-299 only] -

299.1.3.3. Deploy security templates by using command-line tools and scripting. [Exam 70-299 only] -

299.1.4. Troubleshoot security template problems. [Exam 70-299 only] -

299.1.4.1. Troubleshoot security templates in a mixed operating system environment. [Exam 70-299 only] -

299.1.4.2. Troubleshoot security policy inheritance. [Exam 70-299 only] -

299.1.4.3. Troubleshoot removal of security template settings. [Exam 70-299 only] -

299.1.5. Configure additional security based on computer roles. Server computer roles include SQL Server computer, Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, and Internet Information Services (IIS) server. Client computer roles include desktop, portable, and kiosk. [Exam 70-299 only] -

299.1.5.1. Plan and configure security settings. [Exam 70-299 only] -

299.1.5.2. Plan network zones for computer roles. [Exam 70-299 only] -

299.1.5.3. Plan and configure software restriction policies. [Exam 70-299 only] -

299.1.5.4. Plan security for infrastructure services. Services include DHCP and DNS. [Exam 70-299 only] -

299.1.5.5. Plan and configure auditing and logging for a computer role. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Netlog, and RAS log files. [Exam 70-299 only] -

299.1.5.6. Analyze security configuration. Tools include Microsoft Baseline Security Analyzer (MBSA), the MBSA command-line tool, and Security Configuration and Analysis. [Exam 70-299 only] -

 

299.2. Implementing, Managing, and Troubleshooting Patch Management Infrastructure [Exam 70-299 only] -

299.2.1. Plan the deployment of service packs and hotfixes. [Exam 70-299 only] -

299.2.1.1. Evaluate the applicability of service packs and hotfixes. [Exam 70-299 only] -

299.2.1.2. Test the compatibility of service packs and hotfixes for existing applications. [Exam 70-299 only] -

299.2.1.3. Plan patch deployment environments for both the pilot and production phases. [Exam 70-299 only] -

299.2.1.4. Plan the batch deployment of multiple hotfixes. [Exam 70-299 only] -

299.2.1.5. Plan rollback strategy. [Exam 70-299 only] -

299.2.2. Assess the current status of service packs and hotfixes. Tools include MBSA and the MBSA command-line tool. [Exam 70-299 only] -

299.2.2.1. Assess current patch levels by using the MBSA GUI tool. [Exam 70-299 only] -

299.2.2.2. Assess current patch levels by using the MBSA command-line tool with scripted solutions. [Exam 70-299 only] -

299.2.3. Deploy service packs and hotfixes. [Exam 70-299 only] -

299.2.3.1. Deploy service packs and hotfixes on new servers and client computers. Considerations include slipstreaming, custom scripts, and isolated installation or test networks. [Exam 70-299 only] -

299.2.3.2. Deploy service packs and hotfixes on existing servers and client computers. [Exam 70-299 only] -

 

299.3. Implementing, Managing, and Troubleshooting Security for Network Communications [Exam 70-299 only] -

299.3.1. Plan IPSec deployment. [Exam 70-299 only] -

299.3.1.1. Decide which IPSec mode to use. [Exam 70-299 only] -

299.3.1.2. Plan authentication methods for IPSec. [Exam 70-299 only] -

299.3.1.3. Test the functionality of existing applications and services. [Exam 70-299 only] -

299.3.2. Configure IPSec policies to secure communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers. [Exam 70-299 only] -

299.3.2.1. Configure IPSec authentication. [Exam 70-299 only] -

299.3.2.2. Configure appropriate encryption levels. Considerations include the selection of perfect forward secrecy (PFS) and key lifetimes. [Exam 70-299 only] -

299.3.2.3. Configure the appropriate IPSec protocol. Protocols include Authentication Header (AH) and Encapsulating Security Payload (ESP). [Exam 70-299 only] -

299.3.2.4. Configure IPSec inbound and outbound filters and filter actions. [Exam 70-299 only] -

299.3.3. Deploy and manage IPSec policies. [Exam 70-299 only] -

299.3.3.1. Deploy IPSec policies by using Local policy objects or Group Policy objects (GPOs). [Exam 70-299 only] -

299.3.3.2. Deploy IPSec policies by using commands and scripts. Tools include IPSecPol and NetSh. [Exam 70-299 only] -

299.3.3.3. Deploy IPSec certificates. Considerations include deployment of certificates and renewing certificates on managed and unmanaged client computers. [Exam 70-299 only] -

299.3.4. Troubleshoot IPSec. [Exam 70-299 only] -

299.3.4.1. Monitor IPSec policies by using IP Security Monitor. [Exam 70-299 only] -

299.3.4.2. Configure IPSec logging. Considerations include Oakley logs and IPSec driver logging. [Exam 70-299 only] -

299.3.4.3. Troubleshoot IPSec across networks. Considerations include network address translation, port filters, protocol filters, firewalls, and routers. [Exam 70-299 only] -

299.3.4.4. Troubleshoot IPSec certificates. Considerations include enterprise trust policies and certificate revocation list (CRL) checking. [Exam 70-299 only] -

299.3.5. Plan and implement security for wireless networks. [Exam 70-299 only] -

299.3.5.1. Plan the authentication methods for a wireless network. [Exam 70-299 only] -

299.3.5.2. Plan the encryption methods for a wireless network. [Exam 70-299 only] -

299.3.5.3. Plan wireless access policies. [Exam 70-299 only] -

299.3.5.4. Configure wireless encryption. [Exam 70-299 only] -

299.3.5.5. Install and configure wireless support for client computers. [Exam 70-299 only] -

299.3.6. Deploy, manage, and configure SSL certificates, including uses for HTTPS, LDAPS, and wireless networks. Considerations include renewing certificates and obtaining self-issued certificates instead of publicly issued certificates. [Exam 70-299 only] -

299.3.6.1. Obtain self-issued certificates and publicly issued certificates. [Exam 70-299 only] -

299.3.6.2. Install certificates for SSL. [Exam 70-299 only] -

299.3.6.3. Renew certificates. [Exam 70-299 only] -

299.3.6.4. Configure SSL to secure communication channels. Communication channels include client computer to Web server, Web server to SQL Server computer, client computer to Active Directory domain controller, and e-mail server to client computer. [Exam 70-299 only] -

299.3.7. Configure security for remote access users. [Exam 70-299 only] -

299.3.7.1. Configure authentication for secure remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and multifactor authentication that combines smart cards and EAP. [Exam 70-299 only] -

299.3.7.2. Configure and troubleshoot virtual private network (VPN) protocols. Considerations include Internet service provider (ISP), client operating system, network address translation devices, Routing and Remote Access servers, and firewall servers. [Exam 70-299 only] -

299.3.7.3. Manage client configuration for remote access security. Tools include remote access policy and the Connection Manager Administration Kit. [Exam 70-299 only] -

 

299.4. Planning, Configuring, and Troubleshooting Authentication, Authorization, and PKI [Exam 70-299 only] -

299.4.1. Plan and configure authentication. [Exam 70-299 only] -

299.4.1.1. Plan, configure, and troubleshoot trust relationships. [Exam 70-299 only] -

299.4.1.2. Plan and configure authentication protocols. [Exam 70-299 only] -

299.4.1.3. Plan and configure multifactor authentication. [Exam 70-299 only] -

299.4.1.4. Plan and configure authentication for Web users. [Exam 70-299 only] -

299.4.1.5. Plan and configure delegated authentication. [Exam 70-299 only] -

299.4.2. Plan group structure. [Exam 70-299 only] -

299.4.2.1. Decide which types of groups to use. [Exam 70-299 only] -

299.4.2.2. Plan security group scope. [Exam 70-299 only] -

299.4.2.3. Plan nested group structure. [Exam 70-299 only] -

299.4.3. Plan and configure authorization. [Exam 70-299 only] -

299.4.3.1. Configure access control lists (ACLs). [Exam 70-299 only] -

299.4.3.2. Plan and troubleshoot the assignment of user rights. [Exam 70-299 only] -

299.4.3.3. Plan requirements for digital signatures. [Exam 70-299 only] -

299.4.4. Install, manage, and configure Certificate Services. [Exam 70-299 only] -

299.4.4.1. Install and configure root, intermediate, and issuing certification authorities (CAs). Considerations include renewals and hierarchy. [Exam 70-299 only] -

299.4.4.2. Configure certificate templates. [Exam 70-299 only] -

299.4.4.3. Configure, manage, and troubleshoot the publication of certificate revocation lists (CRLs). [Exam 70-299 only] -

299.4.4.4. Configure archival and recovery of keys. [Exam 70-299 only] -

299.4.4.5. Deploy and revoke certificates to users, computers, and CAs. [Exam 70-299 only] -

299.4.4.6. Backup and restore the CA. [Exam 70-299 only] -