This two weeks fast track MCSE course is designed to provide delegates with the necessary knowledge to pursue 2003 Microsoft Certified Systems Engineer (MCSE) certification. This short MCSE fast track course is hands-on, instructor led and classroom based. This training can be taken as a part-time evening course or even on the weekends.
This training course is for you if you are interested in becoming Microsoft Certified System Engineer.
MCSE 2003 Certification Course Contents
This MCSE certification course prepares you for following exams.
Networking system exams
Client operating system exam
- MCSE Exam 70-680 - Configuring Windows 7 Client
Design exam
Elective exam
Course Contents
Exam 70-290: Windows Server 2003 Environment
Managing and Maintaining Physical and Logical Devices
- Manage basic disks and dynamic disks.
- Monitor server hardware. Tools might include Device Manager, the Hardware Troubleshooting Wizard, and appropriate Control Panel items.
- Optimize server disk performance.
- Implement a RAID solution.
- Defragment volumes and partitions.
- Troubleshoot server hardware devices.
- Diagnose and resolve issues related to hardware settings.
- Diagnose and resolve issues related to server hardware and hardware driver upgrades.
- Install and configure server hardware devices.
- Configure driver signing options.
- Configure resource settings for a device.
- Configure device properties and settings.
Managing Users, Computers, and Groups
- Manage local, roaming, and mandatory user profiles.
- Create and manage computer accounts in an Active Directory environment.
- Create and manage groups.
- Identify and modify the scope of a group.
- Find domain groups in which a user is a member.
- Manage group membership.
- Create and modify groups by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in.
- Create and modify groups by using automation.
- Create and manage user accounts.
- Create and modify user accounts by using the Active Directory Users and Computers MMC snap-in.
- Create and modify user accounts by using automation.
- Import user accounts.
- Troubleshoot computer accounts.
- Diagnose and resolve issues related to computer accounts by using the Active Directory Users and Computers MMC snap-in.
- Reset computer accounts.
- Troubleshoot user authentication issues.
Managing and Maintaining Access to Resources
- Configure access to shared folders.
- Manage shared folder permissions.
- Troubleshoot Terminal Services.
- Diagnose and resolve issues related to Terminal Services security.
- Diagnose and resolve issues related to client access to Terminal Services.
- Configure file system permissions.
- Verify effective permissions when granting permissions.
- Change ownership of files and folders.
- Troubleshoot access to files and shared folders.
Managing and Maintaining a Server Environment
- Monitor and analyze events. Tools might include Event Viewer and System Monitor.
- Manage software update infrastructure
- Manage software site licensing.
- Manage servers remotely.
- Manage a server by using Remote Assistance.
- Manage a server by using Terminal Services remote administration mode.
- Manage a server by using available support tools.
- Troubleshoot print queues.
- Monitor system performance.
- Monitor file and print servers. Tools might include Task Manager, Event Viewer, and System Monitor.
- Monitor disk quotas.
- Monitor print queues.
- Monitor server hardware for bottlenecks.
- Monitor and optimize a server environment for application performance.
- Monitor memory performance objects
- Monitor network performance objects
- Monitor process performance objects
- Monitor disk performance objects
- Manage a Web server
- Manage Internet Information Services (IIS).
- Manage security for IIS.
Managing and Implementing Disaster Recovery
- Perform system recovery for a server.
- Implement Automated System Recovery (ASR).
- Restore data from shadow copy volumes.
- Back up files and System State data to media.
- Configure security for backup operations.
- Manage backup procedures.
- Verify the successful completion of backup jobs.
- Manage backup storage media.
- Recover from server hardware failure.
- Restore backup data.
- Schedule backup jobs.
Exam 70-291: Windows Server 2003 Network Infrastructure
Implementing, Managing, and Maintaining IP Addressing
- Configure TCP/IP addressing on a server computer.
- Manage DHCP.
- Manage DHCP clients and leases.
- Manage DHCP Relay Agent.
- Manage DHCP databases.
- Manage DHCP scope options.
- Manage reservations and reserved clients.
- Troubleshoot TCP/IP addressing.
- Diagnose and resolve issues related to Automatic Private IP Addressing (APIPA).
- Diagnose and resolve issues related to incorrect TCP/IP configuration.
- Troubleshoot DHCP.
- Diagnose and resolve issues related to DHCP authorization.
- Verify DHCP reservation configuration.
- Examine the system event log and DHCP server audit log files to find related events.
- Diagnose and resolve issues related to configuration of DHCP server and scope options.
- Verify that the DHCP Relay Agent is working correctly.
- Verify database integrity.
Implementing, Managing, and Maintaining Name Resolution
- Install and configure the DNS Server service.
- Configure DNS server options.
- Configure DNS zone options.
- Configure DNS forwarding.
- Manage DNS.
- Manage DNS zone settings.
- Manage DNS record settings.
- Manage DNS server options.
- Monitor DNS. Tools might include System Monitor, Event Viewer, Replication Monitor, and DNS debug logs.
Implementing, Managing, and Maintaining Network Security
- Implement secure network administration procedures.
- Implement security baseline settings and audit security settings by using security templates.
- Implement the principle of least privilege.
- Install and configure software update infrastructure.
- Install and configure software update services.
- Install and configure automatic client update settings.
- Configure software updates on earlier operating systems.
- Monitor network protocol security. Tools might include the IP Security Monitor Microsoft Management Console (MMC) snap-in and Kerberos support tools.
- Troubleshoot network protocol security. Tools might include the IP Security Monitor MMC snap-in, Event Viewer, and Network Monitor.
Implementing, Managing, and Maintaining Routing and Remote Access
- Configure Routing and Remote Access user authentication.
- Configure remote access authentication protocols.
- Configure Internet Authentication Service (IAS) to provide authentication for Routing and Remote Access clients.
- Configure Routing and Remote Access policies to permit or deny access.
- Manage remote access.
- Manage packet filters.
- Manage Routing and Remote Access routing interfaces.
- Manage devices and ports.
- Manage routing protocols.
- Manage Routing and Remote Access clients.
- Manage TCP/IP routing.
- Manage routing protocols.
- Manage routing tables.
- Manage routing ports.
- Implement secure access between private networks.
- Troubleshoot user access to remote access services.
- Diagnose and resolve issues related to remote access VPNs.
- Diagnose and resolve issues related to establishing a remote access connection.
- Diagnose and resolve user access to resources beyond the remote access server.
- Troubleshoot Routing and Remote Access routing.
- Troubleshoot demand-dial routing.
- Troubleshoot router-to-router VPNs.
Maintaining a Network Infrastructure
- Monitor network traffic. Tools might include Network Monitor and System Monitor.
- Troubleshoot connectivity to the Internet.
- Troubleshoot server services.
- Diagnose and resolve issues related to service dependency.
- Use service recovery options to diagnose and resolve service-related issues
Exam 70-293:Windows Server 2003 Network Infrastructure
Planning and Implementing Server Roles and Server Security
- Configure security for servers that are assigned specific roles.
- Plan a secure baseline installation.
- Plan a strategy to enforce system default security settings on new systems.
- Identify client operating system default security settings.
- Identify all server operating system default security settings.
- Plan security for servers that are assigned specific roles. Roles might include domain controllers, Web servers, database servers, and mail servers.
- Deploy the security configuration for servers that are assigned specific roles.
- Create custom security templates based on server roles.
- Evaluate and select the operating system to install on computers in an enterprise.
- Identify the minimum configuration to satisfy security requirements.
Planning, Implementing, and Maintaining a Network Infrastructure
- Plan a TCP/IP network infrastructure strategy.
- Analyze IP addressing requirements.
- Plan an IP routing solution.
- Create an IP subnet scheme.
- Plan and modify a network topology.
- Plan the physical placement of network resources.
- Identify network protocols to be used.
- Plan an Internet connectivity strategy.
- Plan network traffic monitoring. Tools might include Network Monitor and System Monitor.
- Troubleshoot connectivity to the Internet.
- Diagnose and resolve issues related to client configuration.
- Diagnose and resolve issues related to Network Address Translation (NAT).
- Diagnose and resolve issues related to name resolution cache information.
- Troubleshoot TCP/IP addressing.
- Diagnose and resolve issues related to client computer configuration.
- Diagnose and resolve issues related to DHCP server address assignment.
- Plan a host name resolution strategy.
- Plan a DNS namespace design.
- Plan zone replication requirements.
- Plan a forwarding configuration.
- Plan for DNS security.
- Examine the interoperability of DNS with third-party DNS solutions.
- Plan a NetBIOS name resolution strategy.
- Plan a WINS replication strategy.
- Plan NetBIOS name resolution by using the Lmhosts file.
- Troubleshoot host name resolution.
- Diagnose and resolve issues related to DNS services.
- Diagnose and resolve issues related to client computer configuration.
Planning, Implementing, and Maintaining Routing and Remote Access
- Plan a routing strategy.
- Identify routing protocols to use in a specified environment.
- Plan routing for IP multicast traffic.
- Plan security for remote access users.
- Plan remote access policies.
- Analyze protocol security requirements.
- Plan authentication methods for remote access clients.
- Implement secure access between private networks.
- Create and implement an IPSec policy.
- Troubleshoot TCP/IP routing. Tools might include the route, tracert, ping, pathping, and netsh commands and Network Monitor.
Planning, Implementing, and Maintaining Server Availability
- Plan services for high availability.
- Plan a high-availability solution that uses clustering services.
- Plan a high-availability solution that uses Network Load Balancing.
- Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks.
- Identify system bottlenecks by using System Monitor.
- Implement a cluster server.
- Recover from cluster node failure.
- Manage Network Load Balancing. Tools might include the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility.
- Plan a backup and recovery strategy.
- Plan system recovery that uses Automated System Recovery (ASR).
- Identify appropriate backup types. Methods include full, incremental, and differential.
- Plan a backup strategy that uses volume shadow copy.
Planning and Maintaining Network Security
- Configure network protocol security.
- Configure protocol security in a heterogeneous client computer environment.
- Configure protocol security by using IPSec policies.
- Configure security for data transmission.
- Configure IPSec policy settings.
- Plan for network protocol security.
- Specify the required ports and protocols for specified services.
- Plan an IPSec policy for secure network communications.
- Plan secure network administration methods.
- Create a plan to offer Remote Assistance to client computers.
- Plan for remote administration by using Terminal Services.
- Plan security for wireless networks.
- Plan security for data transmission.
- Secure data transmission between client computers to meet security requirements.
- Secure data transmission by using IPSec.
- Troubleshoot security for data transmission. Tools might include the IP Security Monitor MMC snap-in and the Resultant Set of Policy (RSoP) MMC snap-in.
Planning, Implementing, and Maintaining Security Infrastructure.
- Configure Active Directory directory service for certificate publication.
- Plan a public key infrastructure (PKI) that uses Certificate Services.
- Identify the appropriate type of certificate authority to support certificate issuance requirements.
- Plan the enrollment and distribution of certificates.
- Plan for the use of smart cards for authentication.
- Plan a framework for planning and implementing security.
- Plan for security monitoring.
- Plan a change and configuration management framework for security.
- Plan a security update infrastructure. Tools might include Microsoft Baseline Security Analyzer and Microsoft Software Update Services.
Exam 70-294:Active Directory Infrastructure
Planning and Implementing an Active Directory Infrastructure
- Plan a strategy for placing global catalog servers.
- Evaluate network traffic considerations when placing global catalog servers.
- Evaluate the need to enable universal group caching.
- Plan flexible operations master role placement.
- Plan for business continuity of operations master roles.
- Identify operations master role dependencies.
- Implement an Active Directory directory service forest and domain structure.
- Set an Active Directory forest and domain functional level based on requirements.
- Establish trust relationships. Types of trust relationships might include external trusts, shortcut trusts, and cross-forest trusts.
- Create the forest root domain.
- Create a child domain.
- Create and configure Application Data Partitions.
- Install and configure an Active Directory domain controller.
- Implement an Active Directory site topology.
- Configure site links.
- Configure preferred bridgehead servers.
- Plan an administrative delegation strategy.
- Plan an organizational unit (OU) structure based on delegation requirements.
- Plan a security group hierarchy based on delegation requirements.
Managing and Maintaining an Active Directory Infrastructure
- Manage an Active Directory forest and domain structure.
- Manage trust relationships.
- Manage schema modifications.
- Add or remove a UPN suffix.
- Manage an Active Directory site.
- Configure replication schedules.
- Configure site link costs.
- Configure site boundaries.
- Monitor Active Directory replication failures. Tools might include Replication Monitor, Event Viewer, and support tools.
- Monitor Active Directory replication.
- Monitor File Replication service (FRS) replication.
- Restore Active Directory directory services.
- Perform an authoritative restore operation.
- Perform a nonauthoritative restore operation.
- Troubleshoot Active Directory.
- Diagnose and resolve issues related to Active Directory replication.
- Diagnose and resolve issues related to operations master role failure.
- Diagnose and resolve issues related to the Active Directory database.
Planning and Implementing User, Computer, and Group Strategies
- Plan a security group strategy.
- Plan a user authentication strategy.
- Plan a smart card authentication strategy.
- Create a password policy for domain users.
- Plan an OU structure.
- Analyze the administrative requirements for an OU.
- Analyze the Group Policy requirements for an OU structure.
- Implement an OU structure.
- Create an OU.
- Delegate permissions for an OU to a user or to a security group.
- Move objects within an OU hierarchy.
Planning and Implementing Group Policy
- Plan Group Policy strategy.
- Plan a Group Policy strategy by using Resultant Set of Policy (RSoP) Planning mode.
- Plan a strategy for configuring the user environment by using Group Policy.
- Plan a strategy for configuring the computer environment by using Group Policy.
- Configure the user environment by using Group Policy.
- Distribute software by using Group Policy.
- Automatically enroll user certificates by using Group Policy.
- Redirect folders by using Group Policy.
- Configure user security settings by using Group Policy.
- Deploy a computer environment by using Group Policy.
- Distribute software by using Group Policy.
- Automatically enroll computer certificates by using Group Policy.
- Configure computer security settings by using Group Policy.
Managing and Maintaining Group Policy
- Troubleshoot issues related to Group Policy application deployment. Tools might include RSoP and the gpresult command.
- Maintain installed software by using Group Policy.
- Distribute updates to software distributed by Group Policy.
- Configure automatic updates for network clients by using Group Policy.
- Troubleshoot the application of Group Policy security settings. Tools might include RSoP and the gpresult command
Exam 70-270: Windows XP Professional
Installing Windows XP Professional
- Perform and troubleshoot an attended installation of Windows XP Professional.
- Perform and troubleshoot an unattended installation of Windows XP Professional.
- Install Windows XP Professional by using Remote Installation Services (RIS).
- Install Windows XP Professional by using the System Preparation Tool.
- Create unattended answer files by using Setup Manager to automate the installation of Windows XP Professional.
- Upgrade from a previous version of Windows to Windows XP Professional.
- Prepare a computer to meet upgrade requirements.
- Migrate existing user environments to a new installation.
- Perform post-installation updates and product activation.
- Troubleshoot failed installations.
Implementing and Conducting Administration of Resources
- Monitor, manage, and troubleshoot access to files and folders.
- Configure, manage, and troubleshoot file compression.
- Control access to files and folders by using permissions.
- Optimize access to files and folders.
- Manage and troubleshoot access to shared folders.
- Create and remove shared folders.
- Control access to shared folders by using permissions.
- Manage and troubleshoot Web server resources.
- Connect to local and network print devices.
- Manage printers and print jobs.
- Control access to printers by using permissions.
- Connect to an Internet printer.
- Connect to a local print device.
- Configure and manage file systems.
- Convert from one file system to another file system.
- Configure NTFS, FAT32, or FAT file systems.
- Manage and troubleshoot access to and synchronization of offline files.
Implementing, Managing, Monitoring, and Troubleshooting Hardware Devices and Drivers
- Implement, manage, and troubleshoot disk devices.
- Install, configure, and manage DVD and CD-ROM devices.
- Monitor and configure disks.
- Monitor, configure, and troubleshoot volumes.
- Monitor and configure removable media, such as tape devices.
- Implement, manage, and troubleshoot display devices.
- Configure multiple-display support.
- Install, configure, and troubleshoot a video adapter.
- Configure Advanced Configuration Power Interface (ACPI).
- Implement, manage, and troubleshoot input and output (I/O) devices.
- Monitor, configure, and troubleshoot I/O devices, such as printers, scanners, multimedia devices, mouse, keyboard, and smart card reader.
- Monitor, configure, and troubleshoot multimedia hardware, such as cameras.
- Install, configure, and manage modems.
- Install, configure, and manage Infrared Data Association (IrDA) devices.
- Install, configure, and manage wireless devices.
- Install, configure, and manage USB devices.
- Install, configure, and manage hand held devices.
- Install, configure, and manage network adapters.
- Manage and troubleshoot drivers and driver signing.
- Monitor and configure multiprocessor computers.
Monitoring and Optimizing System Performance and Reliability
- Monitor, optimize, and troubleshoot performance of the Windows XP Professional desktop.
- Optimize and troubleshoot memory performance.
- Optimize and troubleshoot processor utilization.
- Optimize and troubleshoot disk performance.
- Optimize and troubleshoot application performance.
- Configure, manage, and troubleshoot Scheduled Tasks.
- Manage, monitor, and optimize system performance for mobile users.
- Restore and back up the operating system, System State data, and user data.
- Recover System State data and user data by using Windows Backup.
- Troubleshoot system restoration by starting in safe mode.
- Recover System State data and user data by using the Recovery console.
Configuring and Troubleshooting the Desktop Environment
- Configure and manage user profiles and desktop settings.
- Configure support for multiple languages or multiple locations.
- Enable multiple-language support.
- Configure multiple-language support for users.
- Configure local settings.
- Configure Windows XP Professional for multiple locations.
- Manage applications by using Windows Installer packages.
Implementing, Managing, and Troubleshooting Network Protocols and Services
- Configure and troubleshoot the TCP/IP protocol.
- Connect to computers by using dial-up networking.
- Connect to computers by using a virtual private network (VPN) connection.
- Create a dial-up connection to connect to a remote access server.
- Connect to the Internet by using dial-up networking.
- Configure and troubleshoot Internet Connection Sharing (ICS).
- Connect to resources by using Internet Explorer.
- Configure, manage, and implement Internet Information Services (IIS).
- Configure, manage, and troubleshoot Remote Desktop and Remote Assistance.
- Configure, manage, and troubleshoot an Internet Connection Firewall (ICF).
Configuring, Managing, and Troubleshooting Security
- Configure, manage, and troubleshoot Encrypting File System (EFS).
- Configure, manage, and troubleshoot a security configuration and local security policy.
- Configure, manage, and troubleshoot local user and group accounts.
- Configure, manage, and troubleshoot auditing.
- Configure, manage, and troubleshoot account settings.
- Configure, manage, and troubleshoot account policy.
- Configure, manage, and troubleshoot user and group rights.
- Troubleshoot cache credentials.
- Configure, manage, and troubleshoot Internet Explorer security settings.
Exam 70-298:Designing Security
Creating the Conceptual Design for Network Infrastructure Security by Gathering and Analyzing Business and Technical Requirements
- Analyze business requirements for designing security. Considerations include existing policies and procedures, sensitivity of data, cost, legal requirements, end-user impact, interoperability, maintainability, scalability, and risk.
- Analyze existing security policies and procedures.
- Analyze the organizational requirements for securing data.
- Analyze the security requirements of different types of data.
- Analyze risks to security within the current IT administration structure and security practices.
- Design a framework for designing and implementing security. The framework should include prevention, detection, isolation, and recovery.
- Predict threats to your network from internal and external sources.
- Design a process for responding to incidents.
- Design segmented networks.
- Design a process for recovering services.
- Analyze technical constraints when designing security.
- Identify capabilities of the existing infrastructure.
- Identify technology limitations.
- Analyze interoperability constraints.
Creating the Logical Design for Network Infrastructure Security
- Design a public key infrastructure (PKI) that uses Certificate Services.
- Design a certification authority (CA) hierarchy implementation. Types include geographical, organizational, and trusted.
- Design enrollment and distribution processes.
- Establish renewal, revocation and auditing processes.
- Design security for CA servers.
- Design a logical authentication strategy.
- Design certificate distribution.
- Design forest and domain trust models.
- Design security that meets interoperability requirements.
- Establish account and password requirements for security.
- Design security for network management.
- Design the administration of servers by using common administration tools. Tools include Microsoft Management Console (MMC), Terminal Server, Remote Desktop for Administration, Remote Assistance, and Telnet.
- Design security for Emergency Management Services.
- Manage the risk of managing networks.
- Design a security update infrastructure.
- Design a strategy for identifying computers that are not at the current patch level.
- Design a Software Update Services (SUS) infrastructure.
- Design Group Policy to deploy software updates.
Creating the Physical Design for Network Infrastructure Security
- Design network infrastructure security.
- Specify the required protocols for a firewall configuration.
- Design IP filtering.
- Design an IPSec policy.
- Secure a DNS implementation.
- Design security for data transmission.
- Design security for wireless networks.
- Design public and private wireless LANs.
- Design 802.1x authentication for wireless networks.
- Design user authentication for Internet Information Services (IIS).
- Design user authentication for a Web site by using certificates.
- Design user authentication for a Web site by using IIS authentication.
- Design user authentication for a Web site by using RADIUS for IIS authentication.
- Design security for Internet Information Services (IIS).
- Design security for Web sites that have different technical requirements by enabling only the minimum required services.
- Design a monitoring strategy for IIS.
- Design an IIS baseline that is based on business requirements.
- Design a content management strategy for updating an IIS server.
- Design security for communication between networks.
- Select protocols for VPN access.
- Design VPN connectivity.
- Design demand-dial routing between internal networks.
- Design security for communication with external organizations.
- Design an extranet infrastructure.
- Design a strategy for cross-certification of Certificate Services.
- Design security for servers that have specific roles. Roles include domain controller, network infrastructure server, file server, IIS server, terminal server, and POP3 mail server.
- Define a baseline security template for all systems.
- Create a plan to modify baseline security templates according to role.
Designing an Access Control Strategy for Data
- Design an access control strategy for directory services.
- Create a delegation strategy.
- Analyze auditing requirements.
- Design the appropriate group strategy for accessing resources.
- Design a permission structure for directory service objects.
- Design an access control strategy for files and folders.
- Design a strategy for the encryption and decryption of files and folders.
- Design a permission structure for files and folders.
- Design security for a backup and recovery strategy.
- Analyze auditing requirements.
- Design an access control strategy for the registry.
- Design a permission structure for registry objects.
- Analyze auditing requirements.
Creating the Physical Design for Client Infrastructure Security
- Design a client authentication strategy.
- Analyze authentication requirements.
- Establish account and password security requirements.
- Design a security strategy for client remote access.
- Design remote access policies.
- Design access to internal resources.
- Design an authentication provider and accounting strategy for remote network access by using Internet Authentication Service (IAS).
- Design a strategy for securing client computers. Considerations include desktop and portable computers.
- Design a strategy for hardening client operating systems.
- Design a strategy for restricting user access to operating system features.
Exam 70-299:Server Security
Implementing, Managing, and Troubleshooting Security Policies
- Plan security templates based on computer role. Computer roles include SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, and Internet Information Services (IIS) server.
- Configure security templates.
- Configure registry and file system permissions.
- Configure account policies.
- Configure .pol files.
- Configure audit policies.
- Configure user rights assignment.
- Configure security options.
- Configure system services.
- Configure restricted groups.
- Configure event logs.
- Deploy security templates.
- Deploy security templates by using command-line tools and scripting.
- Plan the deployment of security templates.
- Deploy security templates by using Active Directory-based Group Policy objects (GPOs).
- Troubleshoot security template problems.
- Troubleshoot security templates in a mixed operating system environment.
- Troubleshoot security policy inheritance.
- Troubleshoot removal of security template settings.
- Configure additional security based on computer roles. Server computer roles include SQL Server computer, Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, and Internet Information Services (IIS) server. Client computer roles include desktop, portable, and kiosk.
- Plan and configure security settings.
- Plan network zones for computer roles.
- Plan and configure software restriction policies.
- Plan security for infrastructure services. Services include DHCP and DNS.
- Plan and configure auditing and logging for a computer role. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Netlog, and RAS log files.
- Analyze security configuration. Tools include Microsoft Baseline Security Analyzer (MBSA), the MBSA command-line tool, and Security Configuration and Analysis.
Implementing, Managing, and Troubleshooting Patch Management Infrastructure
- Plan the deployment of service packs and hotfixes.
- Evaluate the applicability of service packs and hotfixes.
- Test the compatibility of service packs and hotfixes for existing applications.
- Plan patch deployment environments for both the pilot and production phases.
- Plan the batch deployment of multiple hotfixes.
- Plan rollback strategy.
- Assess the current status of service packs and hotfixes. Tools include MBSA and the MBSA command-line tool.
- Assess current patch levels by using the MBSA GUI tool.
- Assess current patch levels by using the MBSA command-line tool with scripted solutions.
- Deploy service packs and hotfixes.
- Deploy service packs and hotfixes on new servers and client computers. Considerations include slipstreaming, custom scripts, and isolated installation or test networks.
- Deploy service packs and hotfixes on existing servers and client computers.
Implementing, Managing, and Troubleshooting Security for Network Communications
- Plan IPSec deployment.
- Decide which IPSec mode to use.
- Plan authentication methods for IPSec.
- Test the functionality of existing applications and services.
- Configure IPSec policies to secure communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers.
- Configure IPSec authentication.
- Configure appropriate encryption levels. Considerations include the selection of perfect forward secrecy (PFS) and key lifetimes.
- Configure the appropriate IPSec protocol. Protocols include Authentication Header (AH) and Encapsulating Security Payload (ESP).
- Configure IPSec inbound and outbound filters and filter actions.
- Deploy and manage IPSec policies.
- Deploy IPSec policies by using Local policy objects or Group Policy objects (GPOs).
- Deploy IPSec policies by using commands and scripts. Tools include IPSecPol and NetSh.
- Deploy IPSec certificates. Considerations include deployment of certificates and renewing certificates on managed and unmanaged client computers.
- Troubleshoot IPSec.
- Monitor IPSec policies by using IP Security Monitor.
- Configure IPSec logging. Considerations include Oakley logs and IPSec driver logging.
- Troubleshoot IPSec across networks. Considerations include network address translation, port filters, protocol filters, firewalls, and routers.
- Troubleshoot IPSec certificates. Considerations include enterprise trust policies and certificate revocation list (CRL) checking.
- Plan and implement security for wireless networks.
- Plan the authentication methods for a wireless network.
- Plan the encryption methods for a wireless network.
- Plan wireless access policies.
- Configure wireless encryption.
- Install and configure wireless support for client computers.
- Deploy, manage, and configure SSL certificates, including uses for HTTPS, LDAPS, and wireless networks. Considerations include renewing certificates and obtaining self-issued certificates instead of publicly issued certificates.
- Obtain self-issued certificates and publicly issued certificates.
- Install certificates for SSL.
- Renew certificates.
- Configure SSL to secure communication channels. Communication channels include client computer to Web server, Web server to SQL Server computer, client computer to Active Directory domain controller, and e-mail server to client computer.
- Configure security for remote access users.
- Configure authentication for secure remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and multifactor authentication that combines smart cards and EAP.
- Configure and troubleshoot virtual private network (VPN) protocols. Considerations include Internet service provider (ISP), client operating system, network address translation devices, Routing and Remote Access servers, and firewall servers.
- Manage client configuration for remote access security. Tools include remote access policy and the Connection Manager Administration Kit.
Planning, Configuring, and Troubleshooting Authentication, Authorization, and PKI
- Plan and configure authentication.
- Plan, configure, and troubleshoot trust relationships.
- Plan and configure authentication protocols.
- Plan and configure multifactor authentication.
- Plan and configure authentication for Web users.
- Plan and configure delegated authentication.
- Plan group structure.
- Decide which types of groups to use.
- Plan security group scope.
- Plan nested group structure.
- Plan and configure authorization.
- Configure access control lists (ACLs).
- Plan and troubleshoot the assignment of user rights.
- Plan requirements for digital signatures.
- Install, manage, and configure Certificate Services.
- Install and configure root, intermediate, and issuing certification authorities (CAs). Considerations include renewals and hierarchy.
- Configure certificate templates.
- Configure, manage, and troubleshoot the publication of certificate revocation lists (CRLs).
- Configure archival and recovery of keys.
- Deploy and revoke certificates to users, computers, and CAs.
- Backup and restore the CA.