What you need to know for the MCSE security design exam

Every Win2K MCSE has to complete one of four design exams. These exams test your ability to put together IT solutions based on detailed case studies. Our third article in this four-part series looks at exam 70-221, designing network security.

Microsoft has been criticized recently for the lack of security preparation included in the MCSE program. In fact, the only MCSE exam that currently focuses on security is 70-220, Designing Security for a Microsoft Windows 2000 Network. We’ll focus on that exam here as part of our continuing series on the MCSE design (Core+) exams.

MCSE design exams

Audience and prerequisites
Like the other design exams, 70-220 has two main audiences:
  • Those who are involved in a migration or deployment of a security solution
  • Those who are simply on the MCSE certification track

Because security is one of the most important aspects of a major project, and the design process of a security solution is extremely important, Microsoft has chosen to introduce the topic of security into the MCSE track with this exam. Administrators on all sides of a major Windows 2000 project stand to gain a lot from studying and learning the material that the exam covers. In fact, anyone who is responsible for the security of an organization should think seriously about taking this exam to thoroughly learn and demonstrate his or her knowledge of Windows 2000 security.

The official prerequisites for this class include at least one year of field experience designing networks, as well as the Microsoft Official Curriculum (MOC) course # 2154 (Active Directory) or # 1560 (Updating Support Skills from NT 4.0 to Windows 2000) or equivalent knowledge. I recommend that you also be familiar with the technologies covered in the MOC class # 2153 (Implementing a Microsoft Windows 2000 Network Infrastructure) since understanding IPSec and Certificate Services is important for the exam. Even though Microsoft highly recommends a minimum of one year of experience with designing networks, not everyone will have it. As I’ve mentioned throughout this series, that type of experience is very desirable but not entirely necessary.

Exam details
Of the four Core+ exams, this exam is usually ranked as the hardest one of the bunch. A lot of good IT pros failed it the first time around. Because this exam covers so many “in the weeds” technologies—for example, bit counts for encryption and various aspects of the numerous security protocols—it’s not surprising that this exam is tough.

Simply put, security is not an easy subject. If it were, it would be really easy to combat hackers and script kiddies. Unfortunately, it is not easy to fight these guys, and therefore, this subject is tough. The people who know the ins and outs of security are in high demand. This exam holds true to typical security classes with its increased complexity and difficulty, so be prepared! Does this mean that the exam is unpassable? No, of course not. But you will have to study a little harder for this one.

Table A shows exam specifics.

Table A
Time limit: 215 minutes
Number of questions: 40
Passing score: 675
Exam format: Form, with case studies

Summary of what you need to know
Because this is a design exam, the focus of the test is not really on how the technology works but rather on how you can effectively use the technology to provide a solution to a business problem. This exam assumes that you understand some of the basic technologies that can be used to provide a secure network.

Topics include how to assess security risks; planning administrative access; planning user accounts; securing your Windows 2000 computers; securing files, folders, and printers using NTFS and share permissions; providing secure communication channels using such protocols as IPSec and L2TP; and how to provide secure access to pre-Windows 2000 and non-Windows clients.

You will be tested on how to effectively secure a remote access connection and provide a secure connection to the Internet. The exam tests on public key infrastructure and designing certificate services and covers the concepts of firewalls and packet filtering. Essentially, every topic that might come up with regard to securing a Windows 2000 network may be covered. Those of you who have been working with Windows products for some time now are probably well aware of the many security shortcomings a Windows environment can have. (Hey, these shortcomings keep you working, right?) For a more detailed description of what is tested on this exam, visit Microsoft’s Web site.

New case study format
The exam format for the Core+ exams has changed quite a bit from the NT 4.0 MCSE. Core+ exams are designed as case studies involving a fictitious company. You’ll be presented with information such as interviews with the CEO/CIO of the company, IT goals, plans, needs, and infrastructure, and various other bits of information, not all of which you’ll need.

Each exam includes three to five scenarios. Your job will be to read through the case study, distill the important information, and answer between eight and 12 questions about the scenario. Be prepared to go through a lot of information.

Recommended study plan
Ultimately, your main objective is to pass the exam, right? So let's take a look at some possible studying strategies. (As always, please keep in mind that this is just my opinion and is certainly not the only way to go about things.)

As a Microsoft Certified Trainer, I tend to be biased toward instructor-led training (ILT). I am a fan of getting into a class full of students who are all interested in learning about the same thing, many with the same goals. Participating in ILT can be invaluable to your success.

With luck (and this greatly depends on where you take the class), your trainer will be an industry veteran who is savvy with the technology and has been out in the field doing this stuff before. Ideally, this person will be energetic and excited about facilitating your learning experience. Such a trainer, coupled with MOC and a quality training center, is a recipe for success.

The MOC class that most closely maps to this exam is course # 2150 (Designing a Secure Microsoft Windows 2000 Network). This is a well-designed, information-packed class offering some awesome labs that solidify what you learn in the class. I definitely recommend this class to all admins on track to pass this exam.

ILT, however, is not the only method by which you can study for this exam. Many individuals simply learn better online or via self-study or correspondence programs. And not everyone can afford to pay the sometimes exorbitant costs associated with MOC classes. If you like to study on your own or simply have no other choice, get a couple of books, preferably one written by Microsoft and one not written by Microsoft. If you have access to a lab where you can test some of your designs and see the ramifications, you will certainly be a step ahead.

Recommend to students that they pick up some sort of testing software while preparing for this exam. I am not advocating the memorization of questions or anything like that, but since the format of these new Core+ exams has changed so drastically, it is a great idea to get used to the new format.

Coming up next
So far, we covered three of the four Core+ design exams. That leaves us with just one to go: Exam # 70-266 (Designing Highly Available Web Solutions with Microsoft Windows 2000 Server Technologies). We’ll look at it next time.

Which design exam are you going to take?
We look forward to getting your input and hearing about your experiences regarding this topic. Join the discussion below or send the editor an e-mail.

About Jeremy Smith

Jeremy L. Smith, CISSP, is a cybersecurity and public safety professional who has worked with a variety of agencies to improve the security of their call centers and execute their public safety initiatives more effectively, including 911 call taking,...

Editor's Picks

Free Newsletters, In your Inbox