Microsoft’s exam 70-214: Implementing and Administering Security in a Microsoft Windows 2000 Network is a clear example of Microsoft’s new focus on security via its Secure Computing initiative. I took the 70-214 last month as part of its beta test. Here’s my impression of the exam.

The general purpose of this exam is to test candidates on their ability to design, implement, and administer security in a network infrastructure that is based primarily on Windows 2000 Active Directory. I think it supports its stated goal as well as any other Microsoft exam. However, I don’t think it is as difficult or detailed as it could have been. It’s a step in the right direction, but if you’re hiring IT personnel, don’t mistake the ability to pass this exam as proof that a candidate can actually implement and maintain Windows 2000 security in a real-world environment.

Degree of difficulty
In my opinion, 70-214 is more difficult than the TICSA and CIW Security Analyst exams, but not as thorough as the CISSP or any of the SANS GIAC exams on general security issues.

It’s moderately challenging. It requires knowledge and understanding of GPOs, security templates, and Active Directory container structures. Those who take this exam will benefit from having direct hands-on experience in implementing security and dealing with security configuration issues. Just knowing the facts from a study guide may not provide you with enough information to dissect the scenarios and resolve the issues presented.

In fact, Microsoft recommends that test candidates have at least one year of experience of direct hands-on implementation, administration, management, and troubleshooting of security before attempting this exam. It further recommends that the experience be gained on networks that have a user base of 200 to 26,000 and which employ various LAN, WAN, and wireless networking technologies.

70-214 focuses on Windows 2000 Active Directory-based networks. However, it does not limit itself to Windows 2000. You’ll need to know issues and details about Windows NT as clients, member servers, and migration to Windows 2000. Additionally, you’ll need to know about Windows 98 and Windows XP as clients.

The basic or general issues covered include:

  • Group Policy (GPOs)
  • IPSec
  • PKI and certificates
  • Security templates, security baselines
  • Upgrading or migrating from Windows NT to Windows 2000
  • Managing service packs and hot fixes
  • Routing and remote access
  • Firewalls
  • Auditing for security
  • Windows 98 and Windows XP clients
  • General security principles

Exam release
This exam was beta tested in October 2002 and should be released in its final form in January 2003. It can be used as your qualifying exam to obtain Microsoft Certified Professional (MCP) status, or it can serve as an elective for either the Microsoft Certified Systems Administrator (MCSA) on Microsoft Windows 2000 certification or the Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows 2000 certification.

Is it worth it?
I don’t think this exam adds any real value to the MCSE or MCSA certification paths. In fact, I think most of the issues covered by the 70-214 exam are adequately addressed in other exams, such as 70-220: Designing Security for a Microsoft Windows 2000 Network. 70-214 seems to me like an attempt to demonstrate a new focus on security without actually doing anything substantial.

In the long run I think Microsoft will regret the deployment of this exam. With so much recent discussion about the value of certifications and how easy it is to obtain MCSE status without really knowing the material, putting out yet another exam that can be passed with only moderate preparation efforts seems counterproductive to improving the quality, value, and reputation of the MCSE and MCSA certifications.

If you’re able to pass 70-220 and the core exams, you’ll be able to tackle this exam with minimal additional effort.