Tip

Microsoft's first nuts-and-bolts Windows security exam guide

Late last month, Microsoft made its first real foray into certification requirements for nuts-and-bolts Windows security administration. It came in the form of a new exam preparation guide: "Implementing and Administering Security in a Microsoft Windows 2000 Network" (Exam 20-214).

    Requires Free Membership to View

I see the 70-214 exam as the first real Windows security exam from Microsoft mostly because exam 70-220 "Designing Security for a Microsoft Windows 2000 Network" -- like most designing exams -- concentrates more on analysis, security policies, postures and solutions than routine day-to-day security.

Likewise, although 70-227 "Installing, Configuring and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition" has a lot of strong security-related content, it's focused almost entirely on Microsoft's ISA product and its related firewall, Web and server publishing, proxy and application gateway capabilities.

In short, 70-214 -- scheduled for beta release in November and commercial release by early 2003 -- is the first Microsoft exam to concentrate on routine matters of Windows security implementation and maintenance for system and network administrators. A quick review of its major categories' skills matrix shows why:

  • Implementing, Managing and Troubleshooting Baseline Security
    Setting policies, permissions, user rights assignments and configuring key aspects of system behavior from a security standpoint. It also covers security templates, role-based security for various types of Windows servers and managing client computer operating system security.
  • Implementing, Managing and Troubleshooting Service Packs and Hot Fixes
    Use of version and status tools like MBSA and HFNetChk, and management and troubleshooting service packs and hotfixes for clients and servers.
  • Implementing, Managing and Troubleshooting Secure Communication Channels
    Covers configuring, using and troubleshooting various aspects of IPSec, including authentication, encryption, related protocols and digital certificates. Also covers wireless network security issues, SMB signing and SSL certificates.
  • Configuring, Managing and Troubleshooting Authentication and Remote Access Security
    Relevant authentication protocols, especially Kerberos, mixed-mode Windows authentication, UNIX interoperability and extranet authentication. Also covers Web user authentication, secure remote access authentication, VPN protocols and remote access security management.
  • Implementing and Managing a Public Key Infrastructure (PKI) and Encrypting File System (EFS)
    Installation, configuration and management of Certificate Authority hierarchies including CA server roles and functions, certificate templates, CRLs, public key Group Policy, certificate renewal and enrollment, certificate deployment and backing up and restoring a CA. Also deals with certificate management issues plus managing and troubleshooting EFS.
  • Monitoring and Responding to Security Incidents
    Auditing and service logging topics plus analyzing, identifying and responding to security events or incidents.

To my knowledge, this is the first and only Microsoft exam that covers operational, day-to-day security matters both broadly and specifically for Windows-based networks. I look forward to watching this exam unfold as the beta and commercial release dates approach. This could spell a whole new era of security coverage and awareness in the MCP community!


Ed Tittel is a principal at a small content development company based in Austin, Texas, and the creator of the Exam Cram series, and has worked on over 60 books on Microsoft, CompTIA, CIW, Sun/Java, and various security certifications.


This was first published in July 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.