Home > Articles > Microsoft > MCSE

  • Print
  • + Share This
Like this article? We recommend Preparation Hints

Exam Objectives

This exam is broken up into six different categories. We will look at what you have to know in each category to pass the exam.

Planning and Implementing Server Roles and Server Security

  • Configure security for servers that are assigned specific roles.
  • Plan a secure baseline installation. Installing service packs, anti-virus, firewalls, removing unused service are part of securing your server.

    Plan a strategy to enforce system default security settings on new systems. The best way to implement security for all systems or a group of systems is to use Group Policies.

    Identify client operating system default security settings. If your environment contains different client operating systems, you need to consider them all when designing the default security settings. Windows 9X operates quite differently from Windows XP.

    Identify all server operating system default security settings. As with clients, you may have several different operating systems on your servers with each of them having different types of security available.

  • Plan security for servers that are assigned specific roles. Roles might include domain controllers, Web servers, database servers, and mail servers.
  • Deploy the security configuration for servers that are assigned specific roles. There are many different roles for servers such as DNS, DHCP, Domain Controller, etc. The type of security you employ will depend on the server’s role.

    Create custom security templates based on server roles. Windows 2003 provides you with default security templates. You can incorporate them as is or you can modify them to meet your needs.

  • Evaluate and select the operating system to install on computers in an enterprise.
  • Identify the minimum configuration to satisfy security requirements. To make your life less complex, you should choose the minimum security requirements that meet your needs.

Planning, Implementing, and Maintaining a Network Infrastructure

  • Plan a TCP/IP network infrastructure strategy.
  • Analyze IP addressing requirements. There are many things to consider when deciding an IP structure, including the number of hosts, the number of subnets, private vs. public.

    Plan an IP routing solution. Manageable switches are almost always used instead of hubs for client computers. Routers are only needed to connect different networks. Normally you have at least one router on the edge of your network to communicate with the Internet. It is possible for some switches to be configured with virtual LANs.

    Create an IP subnet scheme. Subnetting is the process of dividing the total available IP addresses for a network into subnetworks, or subnets. You may also see IP addresses and subnet masks represented in the format 198.10.10.46/28. The 28 tells you that there are 28 bits used for the subnet mask, which leave 4 bits for the hosts.

    Plan the physical placement of network resources. Servers, switches and routers should always be placed in a secure area where only network administrators have access.

    Identify network protocols to be used. TCP/IP is the primary protocol used on Windows network and the only protocol used on the Internet. Some other protocols are IPX/SPX used by Novell Netware and Appletalk used by Apple computers.

  • Plan an Internet connectivity strategy.
  • Once you connect your network to the Internet, your security concerns increase exponentially. You must take adequate protection such as implementing firewalls but must also train users as to the acceptable practices. If your company uses private IP addresses internally, you must use public IP addresses to access the Internet. It is possible using Network Address Translation (NAT) to hide your private network IP addresses.

  • Plan network traffic monitoring. Tools might include Network Monitor and System Monitor.
  • Troubleshoot connectivity to the Internet.
  • Diagnose and resolve issues related to client configuration. Use the IPconfig command to ensure that your client PC has received an IP address from the DHCP server.

    Diagnose and resolve issues related to Network Address Translation (NAT). You must make sure that your DHCP server is configured properly and not issuing IP addresses that conflict with your NAT.

  • Troubleshoot TCP/IP addressing.
  • Diagnose and resolve issues related to client computer configuration. Use the IPconfig command to ensure that your client PC has received an IP address from the DHCP server.

    Diagnose and resolve issues related to DHCP server address assignment. The DHCP server’s scopes must be setup correctly in order for the clients to receive the proper IP address. In addition, the DNS and Router must be configured properly in the DHCP server.

  • Plan a host name resolution strategy.
  • Plan a DNS namespace design. A host file is a static file on a server or PC that contains host names and IP addresses. This method is not dynamic or efficient. The preferred method for name resolution is to use a DNS server that clients register to automatically.

    Plan a forwarding configuration. If a DNS server cannot resolve a name from an IP address, it has the potential to forward that request to another DNS server for resolution.

    Plan for DNS security. Active Directory must authorize any changes to DNS. Otherwise, if invalid data were entered, your users could be sent to the wrong server or site.

  • Plan a NetBIOS name resolution strategy.
  • Plan a WINS replication strategy. WINS is being phased out by Microsoft in favor of DNS only, but it still can be used to resolve NetBIOS names.

    Plan NetBIOS name resolution by using the Lmhosts file. Similar to a Host file, you can use a static Lmhosts file to resolve NetBIOS names. This file has to be managed manually and creates administrative overhead.

  • Troubleshoot host name resolution.
  • Diagnose and resolve issues related to DNS services. If DNS is not working properly, you will not be able to get to servers or sites. You can use the Event Viewer on your DNS server to troubleshoot problems.

    Diagnose and resolve issues related to client computer configuration. Use the IPconfig command to ensure the user has a correct IP address.

Planning, Implementing, and Maintaining Routing and Remote Access

  • Plan a routing strategy.
  • You only have to route traffic if it is on a different network or subnet, in which case you will have to install a router.

  • Identify routing protocols to use in a specified environment.
  • RIP version 1 and 2 and OSPF are the routing protocols with which you need to be familiar.

  • Plan routing for IP multicast traffic.
  • Multicast IP address ranges are from 224.0.0.0 to 239.255.255.255. IP addresses in these ranges are for use on internal networks and cannot be routed on the Internet.

  • Plan security for remote access users.
  • Users may need to access the network remotely using VPN or RRAS.

  • Plan remote access policies.
  • A remote access policy is set to determine how users will connect remotely. You can have several different policies in place, but once one is matched, the user is connected and the other policies are ignored.

  • Analyze protocol security requirements.
  • RRAS supports the TCP/IP, IPX, NetBEUI, AppleTalk protocols as well as SLIP and PPP asynchronous connections.

  • Plan authentication methods for remote access clients.
  • Remote authentication methods include the following from least secure: PAP, SPAP, CHAP, MS-CHAP, MS-CHAP v2.

  • Implement secure access between private networks.
  • IPSec is a standard protocol that Microsoft uses in conjunction with Kerberos as its default method for authentication.

  • Create and implement an IPSec policy.
  • In Active Directory, use Group Policy to apply IPSec policies. Client, Server and Secure Server are the three built in policies that Microsoft provides. You should modify these policies to meet your needs.

  • Troubleshoot TCP/IP routing. Tools might include the route, tracert, ping, pathping, and netsh commands and Network Monitor.
  • Research the above commands by typing them at a command line using the /? for help.

Planning, Implementing, and Maintaining Server Availability

  • Plan services for high availability.
  • High availability means not having a single point of failure. Windows Server 2003 Enterprise and Windows Server 2003 Datacenter Server support this feature.

  • Plan a high-availability solution that uses clustering services.
  • Clustering is connecting several computers together to act as a single computer that provides high availability.

  • Plan a high-availability solution that uses Network Load Balancing.
  • Network Load Balancing, a clustering technology included in the Microsoft Windows 2000 Advanced Server and Datacenter Server operating systems, enhances the scalability and availability of mission-critical, TCP/IP-based services, such as Web, Terminal Services, virtual private networking, and streaming media servers.

  • Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks.
  • Eliminating system bottlenecks ensures your servers are operating efficiently. When choosing your hardware, always make sure you have sufficient RAM and processor power.

  • Identify system bottlenecks by using System Monitor.
  • System Monitor is a Windows tool that can be used to identify and diagnose bottleneck problems.

  • Recover from cluster node failure.
  • In a cluster, it is possible to lose a node or the entire cluster. You can use tools such as Confdisk.exe, ClusterRecovery.exe, ASR, and System State Restore.

  • Manage Network Load Balancing. Tools might include the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility.
  • Plan a backup and recovery strategy.
  • Any backup strategy, whether it is tape or hard disk, should be tested.

  • Identify appropriate backup types. Methods include full, incremental, and differential.
  • A full backup will backup all of your data. A differential backup will backup all of the data that has changed since the last full backup. An incremental backup will backup all data since the last incremental backup. An incremental backup is the quickest, but also requires more time to restore.

  • Plan a backup strategy that uses Volume Shadow Copy (VSS).
  • Shadow Copy must be enabled on the server and will keep copies of files that can be restored directly from the server. It provides a way for the end user to restore files, which can be quicker than waiting for the tech department to restore a file.

Planning and Maintaining Network Security

  • Configure network protocol security.
  • Each different protocol has its own vulnerabilities which must be taken into account during implementation.

  • Configure IPSec policy settings.
  • As mentioned before, Client, Server and Secure Server are the three built in policies that Microsoft provides. You should modify these policies to meet your needs.

  • Plan for network protocol security.
  • Some protocols are more vulnerable than others. For instance, FTP, Telnet and HTTP use clear text to transmit data.
  • Specify the required ports and protocols for specified services.
  • Port numbers that you need to be familiar with are as follows:
    • FTP—21
    • TELNET—23
    • SMTP—25
    • DNS—53
    • DHCP—67 and 68
    • HTTP—80
    • POP3—110
    • IMAP—143
    • SNMP—161
    • SSL—443
  • Plan secure network administration methods.
  • To save time and resources, you should be able to solve as many problems as you can remotely. Tools such as Remote Desktop for Windows users and Telnet for switches and routers will help you with this.

  • Create a plan to offer Remote Assistance to client computers.
  • As mentioned above, Remote Desktop allows you to assist users by controlling their desktop.

  • Plan for remote administration by using Terminal Services.
  • Microsoft Server Terminal Services Client (MSTSC.exe) can be used to remote into servers.

  • Plan security for wireless networks.
  • Wireless networks need to be secured using encryption such as Wired Equivalent Privacy (WEP)

  • Plan security for data transmission.
  • Virtual Private Networks (VPN) uses PPTP and IPSec protocols for security.

  • Troubleshoot security for data transmission. Tools might include the IP Security Monitor MMC snap-in and the Resultant Set of Policy (RSoP) MMC snap-in.

Planning, Implementing, and Maintaining Security Infrastructure.

  • Configure Active Directory service for certificate publication.
  • Directory Access Control Lists are used to by Active Directory to approve or deny certificate requests.

  • Plan a public key infrastructure (PKI) that uses Certificate Services.
  • PKI provides computers a secure way to communicate. It relies on digital signatures and encryption.

  • Identify the appropriate type of certificate authority to support certificate issuance requirements.
  • Windows 2003 can issue certificates or you can use a third party vendor such as Verisign.

  • Plan the enrollment and distribution of certificates.
  • If your Windows 2003 server is running Certificate Services, it is able to issue a certificate.

  • Plan for the use of smart cards for authentication.
  • Smart cards include an actual micro processor that contains information about the user. The smart card is used in conjunction with a Personal Identification Number (PIN).

  • Plan a framework for planning and implementing security.
  • The Microsoft Solution Framework (MSF) outlines an overall process for planning and implementing security.

  • Plan for security monitoring.
  • Each network is different and will have different requirement for security monitoring. You should be able to detect changes in common patterns and be familiar with new security threats that have developed. Microsoft Baseline Security Analyzer (MBSA) is a security tool that can be used to scan for security updates.

  • Plan a change and configuration management framework for security.
  • This includes topics such as making sure that you apply patches and upgrades, checking user, data and security settings.

  • Plan a security update infrastructure. Tools might include Microsoft Baseline Security Analyzer and Microsoft Software Update Services.
  • + Share This
  • 🔖 Save To Your Account