McsaMcse Training Kit Implementing And Administering Security In A Windows 1002000 Network [Electronic resources] نسخه متنی

Where to Find Specific Skills in This Book

The following tables provide a list of the skills measured on certification exam 70-214, Implementing and Administering Security in a Microsoft Windows 2000 Network. The table provides the skill, and where in this book you will find the lesson relating to that skill.

Exam skills are subject to change without prior notice and at the sole discretion of Microsoft.

Implementing, Managing, and Troubleshooting Baseline Security

Skill Being Measured

Location in Book

Configure security templates.

Configure registry and file system permissions.

Configure account policies.

Configure audit policies.

Configure user rights assignment.

Configure security options.

Configure system services.

Configure restricted groups.

Configure event logs.

Chapter 4 (all lessons)

Deploy security templates. Deployment methods include using Group Policy and scripting.

Chapter 3, Lesson 4

Troubleshoot security template problems. Considerations include Group Policy, upgraded operating systems, and mixed client-computer operating systems.

Chapter 4, Lesson 4

Configure additional security based on computer roles. Computer roles include Microsoft SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Access Service (IAS) server, Internet Information Services (IIS) server, and mobile client computer.

Chapter 11 and throughout other chapters

Configure additional security for client-computer operating systems by using Group Policy.

Chapter 1, Lesson 2

Implementing, Managing, and Troubleshooting Service Packs and Security Updates

Skill Being Measured

Location in Book

Determine the current status of service packs and security updates. Tools include MBSA and HFNetChk.

Chapter 14, Lesson 1

Install service packs and security updates. Considerations include slipstreaming and using Remote Installation Services (RIS), custom scripts, and isolated networks.

Chapter 14, Lesson 1

Manage service packs and security updates. Considerations include server computers and remote client computers. Tools include Microsoft Software Update Service, Automatic Updates, and SMS.

Chapter 14, Lesson 2

Troubleshoot the deployment of service packs and security updates. Typical issues include third-party application compatibility, permissions, and version conflicts.

Chapter 14

Implementing, Managing, and Troubleshooting Secure Communication Channels

Skill Being Measured

Location in Book

Configure IPSec to secure communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers.

Configure IPSec authentication.

Configure appropriate encryption levels.

Configure the appropriate IPSec protocol, including AH and ESP.

Deploy and manage IPSec certificates. Considerations include renewing certificates.

Chapter 8, Lesson 1

Troubleshoot IPSec. Issues include IPSec rule configurations, firewall configurations, routers, and authentication.

Chapter 8, Lesson 3

Implement security for wireless networks.

Configure public and private wireless LANs.

Configure wireless encryption levels, including WEP and 802.1x.

Configure wireless network connections settings on client computers. Client-computer operating systems are Windows 2000 Professional and Windows XP Professional.

Chapter 10, Lessons 1 and 2

Chapter 10, Lesson 3

Configure Server Message Block (SMB) signing to support packet authentication and integrity.

Chapter 8, Lesson 1

Deploy and manage SSL certificates. Considerations include renewing certificates and obtaining self-issued certificates versus public-issued certificates.

Obtain public and private certificates.

Install certificates for SSL.

Renew certificates.

Chapter 12, Lesson 3

Configure SSL to secure communication channels. Communication channels include:

Client computer to Web server

Web server to SQL Server computer

Client computer to Active Directory domain controller

E-mail server to client computer

Chapter 12, Lesson 3 Chapter 11, Lessons 2 and 3

Configuring, Managing, and Troubleshooting Authentication and Remote Access Security

Skill Being Measured

Location in Book

Configure and troubleshoot authentication.

Configure authentication protocols to support mixed Windows client-computer environments.

Configure the interoperability of Kerberos authentication with UNIX computers.

Configure authentication for extranet scenarios.

Configure trust relationships.

Configure authentication for members of non-trusted domain authentication.

Chapter 7 and Chapter 2

Configure and troubleshoot authentication for Web users. Authentication types include Basic, Integrated Windows, anonymous, digest, and client certificate mapping.

Chapter 12, Lesson 2

Configure authentication for secure remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and Multi-factor authentication with smart cards and EAP.

Chapter 9, Lesson 2

Configure and troubleshoot virtual private network (VPN) protocols. Considerations include:

Internet service provider (ISP)

Client-computer operating system

Network Address Translation (NAT) devices

Routing and Remote Access server

Firewall server

Chapter 9, Lesson 4

Manage client-computer configuration for remote access security. Tools include remote access policy and Connection Manager Administration Kit.

Chapter 9, Lesson 3

Implementing and Managing a Public Key Infrastructure (PKI) and Encrypting File System (EFS)

Skill Being Measured

Location in Book

Install and configure Certificate Authority (CA) hierarchies. Considerations include enterprise, standalone, and third-party CAs.

Install and configure the root, intermediate, and issuing CA. Considerations include renewals and hierarchy.

Configure certificate templates. Considerations include LDAP queries, HTTP queries, and third-party CAs.

Configure the publication of Certificate Revocation Lists (CRLs).

Configure public key Group Policy.

Configure certificate renewal and enrollment.

Deploy certificates to users, computers, and CAs.

Chapter 5, Lessons 1 and 2

Manage Certificate Authorities (CAs). Considerations include enterprise, stand-alone, and third-party CAs.

Enroll and renew certificates.

Revoke certificates.

Manage and troubleshoot Certificate Revocation Lists (CRLs). Considerations include publishing the CRL.

Back up and restore the CA.

Chapter 5, Lesson 3

Manage client-computer and server certificates. Considerations include SMIME, EFS, exporting, and storage.

Publish certificates through Active Directory.

Issue certificates using MMC, Web enrollment, programmatic, or auto enrollment using Windows XP.

Recover KMS-issued keys.

Chapter 6, Lessons 1 and 2

Chapter 5, Lesson 3

Manage and troubleshoot EFS. Considerations include domain members, workgroup members, and client-computer operating systems.

Chapter 6

Monitoring and Responding to Security Incidents

Skill Being Measured

Location in Book

Configure and manage auditing. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Network Monitor Log, and RAS log files.

Manage audit log retention.

Manage distributed audit logs by using EventComb.

Chapter 13, Lesson 1

Analyze security events. Considerations include reviewing logs and events.

Chapter 13, Lesson 2

Respond to security incidents including hackers, viruses, denial-of-service (DoS) attacks, natural disasters, and maintaining chains of evidence.

Isolate and contain the incident. Considerations include preserving the chain of evidence.

Implement counter measures.

Restore services.

Chapter 13, Lesson 3