Examiner - 70298

Examiner™ for Microsoft Exam 70-298:
Designing Security for a Microsoft
Windows Server 2003 Network


* Microsoft reserves the right to incorporate newer testing technologies into a given exam at any time,
to change the number of questions, to change the passing score or even eliminate score reports completely without prior notice.


When you are ready to take this exam, Microsoft assumes that you are ready to secure a Microsoft Windows Server 2003 network from all intruders. To make sure you are ready they have concocted a somewhat complex format for the certification exam. This format includes case studies. You read the case study. You answer questions about the case study. You navigate to the next case study. Additionally, some of the questions about the case studies use formats called build and reorder, select and place or tree-view style as opposed to the more traditional multiple-choice varieties.

CBT Vision has been developing simulations of this type of exam for over four years now. We are committed to helping you pass this type of exam. Then you can go on to help other people secure their networks. The skills that exam 70-298 measures are summarized below:

Creating the Conceptual Design for Network Infrastructure Security by Gathering and Analyzing Business and Technical Requirements
This is certainly a new activity for some technically oriented people. It must be done. The case studies are a great help. Once you get used to reading them, you realize that they are full of hints as to the correct procedure and policy for a given situation such as:

Questions that fall into this category will require you to evaluate the company's technical environment or analyze the impact of the security design on the existing business environment. In doing these things you always have the case study itself as a crucial reference. Tasks include designing a security baseline for the network and identifying the required level of security for each resource. You won't be reporting to anyone, you'll just be trying to pass a test. Microsoft may require you to "go deep" in a number of areas such as: prevention, detection, isolation, and recovery. Additionally, you may be called upon to analyze technical constraints when designing security.

Creating the Logical Design for Network Infrastructure Security
In this sense "logical" means not physical. For this exam that means knowing how to design a network environment that incorporates a public key infrastructure (PKI) that uses Certificate Services, a logical authentication strategy (forest and domain trust models, certificate server, and password policies), secure network management and a secure update infrastructure. In Microsoft terms it's "logical" to deploy Software Update Services (SUS) and Group Policies in such an environment.

Creating the Physical Design for Network Infrastructure Security
Conversely, the network's physical design is not illogical. It should be created by a logical someone who can design network infrastructure security, design security for wireless networks, design security and authentication for Internet Information Services (IIS) and design security for communication between networks and with external organizations. That person will need to know quite a bit about IP filtering, IPSec, DNS, 802.1x, RADIUS and VPNs for starters. Knowledge of servers will also come in handy: domain controllers, network infrastructure servers, file servers, IIS servers, terminal servers, and POP3 mail servers, for example. Baselining and security template know-how will also be required.

Designing an Access Control Strategy for Data
People that hack for fun, profit or spite tend to have an intimate knowledge of the paths that data takes from one host to another - even within a network. It will be up to you to know how to secure those paths from those people by designing an access control strategy for directory services, for files and folders and for the registry.

Creating the Physical Design for Client Infrastructure Security
Clients need to be secured as well. Their needs are different than servers. Design requirements include: a client authentication strategy, a security strategy for client remote access and a strategy for securing client computers. These strategies should encompass both desktop as well as portable computers. Internet Authentication Service (IAS), password policies and hardening client operating systems loom large in these scenarios.

Examiner™ has everything you need to pass your exam.

For a list of all the topics you need to know to pass this exam you can visit Microsoft's official web page for the 70-298 exam.