Microsoft’s 70-214 exam, Implementing and Administering Security in a Microsoft Windows 2000 Network, is designed to test your ability to design and deploy security in networks based around Windows 2000 Active Directory. While this exam isn’t as difficult or detailed as it could have been, you’ll still need to read up on multiple security points before you take the test. If you decide to take the exam, here are some areas to focus on, as I learned from taking the beta form of the test in November.
Most of your time will be spent reading and rereading the long scenarios that make up each question, which will help you define the environment with which the question is concerned. I expect most test takers will need the majority of the allotted time to read the questions. So, it will be important to manage your time well.
I can’t provide you with exact questions and answers for this exam without violating the non-disclosure agreement, but I can provide you a topical overview or study guide to help you prepare.
Everything from Active Directory to security auditing
The exam will test your knowledge of secure installation, configuration, management, and deployment of Windows 2000 Active Directory-based systems and networks. However, this doesn’t mean that you can focus exclusively on Windows 2000; you must also understand several key concepts in regards to Windows NT, 98, and XP. Know the security limitations of Windows 98 (for example, that it cannot participate in Active Directory). Know that Windows XP, like Windows 2000, is Active Directory-compliant.
You need to know Active Directory fairly thoroughly. This includes knowing:
- What group policies are, where they’re applied, and how they’re created.
- The layout and design of most of the security controls within a GPO, such as which controls are found in the Computer Configuration section and which are found in the User Configuration section.
- How to apply and control application of group policy objects (GPOs) on the various Active Directory containers (local, site, domain, and organizational unit).
- The inheritance rules and controls, such as blocking and no override. Know when and why to use loopback processing
You’ll need to be familiar with the procedures for creating, managing, and using security templates. Security templates are just GPOs renamed. Security templates are used to force a configuration onto a system, evaluate the existing configuration of a system, or to create a baseline against which to configure or evaluate other systems. There are several native tools available in Windows 2000 to manage and use security templates, such as the Security Configuration and Analysis snap-in for the MMC and the secedit command line tool.
You also will need to know security auditing. The areas covered include:
- The various logs and audit trails used by Windows 2000.
- The Event Viewer, Network Monitor, and EventComb.
- Managing audit trails, retaining audit records, searching for intrusion event details, and how to respond to security incidents.
From Windows 2000 security to migration security
You should know the basic or general security features of Windows 2000, such as NTFS, permissions, user and group controls, and ACLs. Be familiar with security fundamentals, such as “keep the bad guys out, let the good guys in,” “allow access only as needed,” “countermeasures should be cost effective,” “provide adequate security based on the value of the asset,” and so on. Know basic attacks, vulnerabilities, and countermeasures.
Here are other things you’ll need to know in order to pass the exam:
- Service packs and hot fixes, from downloading to deployment to slipstreaming to uninstalling to enterprise wide management
- How to include updates in manual, automated, and pushed OS installations (such as RIS)
- Microsoft Software Update Services (SUS), Windows Update, Automated Update, as well as the MBSA and HFNetChk tools
- How Windows 2000 implements a PKI trust environment using certificates
- How to design, install, and manage certificates using Certificate Services
- When to use root certificate authorities (CAs), Public CAs, Issuing CAs, Enterprise CAs, and Standalone CAs
- How to use a certificate revocation list (CRL) and know how SSL and EFS use certificates
- How to securely deploy and configure remote access and WAN links, including VPNs, routing, gateways, proxy systems, and firewalls
- How to use ISA Server, NAT, and the private IP addresses as defined in RFC 1918
- All the IPSec controls
- How to configure and use IPSec
And finally, know the security issues related to migration from Windows NT to Windows 2000. This includes native mode and mixed mode Active Directory domains, compatibility groups, migration of users, and the differences in security between NT and 2000.
You should also check out Microsoft’s preparation guide for the 70-214 exam.
You can find extensive materials about all of these subjects through the online version of TechNet.