Home > Articles > Microsoft > MCSE

  • Print
  • + Share This
Like this article? We recommend Preparation Hints

Exam Objectives

This exam is broken up into six different categories. We will look at what you have to know in each category to pass the exam.

Planning and Implementing Server Roles and Server Security

  • Configure security for servers that are assigned specific roles.
  • Plan a secure baseline installation. Installing service packs, anti-virus, firewalls, removing unused service are part of securing your server.

    Plan a strategy to enforce system default security settings on new systems. The best way to implement security for all systems or a group of systems is to use Group Policies.

    Identify client operating system default security settings. If your environment contains different client operating systems, you need to consider them all when designing the default security settings. Windows 9X operates quite differently from Windows XP.

    Identify all server operating system default security settings. As with clients, you may have several different operating systems on your servers with each of them having different types of security available.

  • Plan security for servers that are assigned specific roles. Roles might include domain controllers, Web servers, database servers, and mail servers.
  • Deploy the security configuration for servers that are assigned specific roles. There are many different roles for servers such as DNS, DHCP, Domain Controller, etc. The type of security you employ will depend on the server’s role.

    Create custom security templates based on server roles. Windows 2003 provides you with default security templates. You can incorporate them as is or you can modify them to meet your needs.

  • Evaluate and select the operating system to install on computers in an enterprise.
  • Identify the minimum configuration to satisfy security requirements. To make your life less complex, you should choose the minimum security requirements that meet your needs.

Planning, Implementing, and Maintaining a Network Infrastructure

  • Plan a TCP/IP network infrastructure strategy.
  • Analyze IP addressing requirements. There are many things to consider when deciding an IP structure, including the number of hosts, the number of subnets, private vs. public.

    Plan an IP routing solution. Manageable switches are almost always used instead of hubs for client computers. Routers are only needed to connect different networks. Normally you have at least one router on the edge of your network to communicate with the Internet. It is possible for some switches to be configured with virtual LANs.

    Create an IP subnet scheme. Subnetting is the process of dividing the total available IP addresses for a network into subnetworks, or subnets. You may also see IP addresses and subnet masks represented in the format 198.10.10.46/28. The 28 tells you that there are 28 bits used for the subnet mask, which leave 4 bits for the hosts.

    Plan the physical placement of network resources. Servers, switches and routers should always be placed in a secure area where only network administrators have access.

    Identify network protocols to be used. TCP/IP is the primary protocol used on Windows network and the only protocol used on the Internet. Some other protocols are IPX/SPX used by Novell Netware and Appletalk used by Apple computers.

  • Plan an Internet connectivity strategy.
  • Once you connect your network to the Internet, your security concerns increase exponentially. You must take adequate protection such as implementing firewalls but must also train users as to the acceptable practices. If your company uses private IP addresses internally, you must use public IP addresses to access the Internet. It is possible using Network Address Translation (NAT) to hide your private network IP addresses.

  • Plan network traffic monitoring. Tools might include Network Monitor and System Monitor.
  • Troubleshoot connectivity to the Internet.
  • Diagnose and resolve issues related to client configuration. Use the IPconfig command to ensure that your client PC has received an IP address from the DHCP server.

    Diagnose and resolve issues related to Network Address Translation (NAT). You must make sure that your DHCP server is configured properly and not issuing IP addresses that conflict with your NAT.

  • Troubleshoot TCP/IP addressing.
  • Diagnose and resolve issues related to client computer configuration. Use the IPconfig command to ensure that your client PC has received an IP address from the DHCP server.

    Diagnose and resolve issues related to DHCP server address assignment. The DHCP server’s scopes must be setup correctly in order for the clients to receive the proper IP address. In addition, the DNS and Router must be configured properly in the DHCP server.

  • Plan a host name resolution strategy.
  • Plan a DNS namespace design. A host file is a static file on a server or PC that contains host names and IP addresses. This method is not dynamic or efficient. The preferred method for name resolution is to use a DNS server that clients register to automatically.

    Plan a forwarding configuration. If a DNS server cannot resolve a name from an IP address, it has the potential to forward that request to another DNS server for resolution.

    Plan for DNS security. Active Directory must authorize any changes to DNS. Otherwise, if invalid data were entered, your users could be sent to the wrong server or site.

  • Plan a NetBIOS name resolution strategy.
  • Plan a WINS replication strategy. WINS is being phased out by Microsoft in favor of DNS only, but it still can be used to resolve NetBIOS names.

    Plan NetBIOS name resolution by using the Lmhosts file. Similar to a Host file, you can use a static Lmhosts file to resolve NetBIOS names. This file has to be managed manually and creates administrative overhead.

  • Troubleshoot host name resolution.
  • Diagnose and resolve issues related to DNS services. If DNS is not working properly, you will not be able to get to servers or sites. You can use the Event Viewer on your DNS server to troubleshoot problems.

    Diagnose and resolve issues related to client computer configuration. Use the IPconfig command to ensure the user has a correct IP address.

Planning, Implementing, and Maintaining Routing and Remote Access

  • Plan a routing strategy.
  • You only have to route traffic if it is on a different network or subnet, in which case you will have to install a router.

  • Identify routing protocols to use in a specified environment.
  • RIP version 1 and 2 and OSPF are the routing protocols with which you need to be familiar.

  • Plan routing for IP multicast traffic.
  • Multicast IP address ranges are from 224.0.0.0 to 239.255.255.255. IP addresses in these ranges are for use on internal networks and cannot be routed on the Internet.

  • Plan security for remote access users.
  • Users may need to access the network remotely using VPN or RRAS.

  • Plan remote access policies.
  • A remote access policy is set to determine how users will connect remotely. You can have several different policies in place, but once one is matched, the user is connected and the other policies are ignored.

  • Analyze protocol security requirements.
  • RRAS supports the TCP/IP, IPX, NetBEUI, AppleTalk protocols as well as SLIP and PPP asynchronous connections.

  • Plan authentication methods for remote access clients.
  • Remote authentication methods include the following from least secure: PAP, SPAP, CHAP, MS-CHAP, MS-CHAP v2.

  • Implement secure access between private networks.
  • IPSec is a standard protocol that Microsoft uses in conjunction with Kerberos as its default method for authentication.

  • Create and implement an IPSec policy.
  • In Active Directory, use Group Policy to apply IPSec policies. Client, Server and Secure Server are the three built in policies that Microsoft provides. You should modify these policies to meet your needs.

  • Troubleshoot TCP/IP routing. Tools might include the route, tracert, ping, pathping, and netsh commands and Network Monitor.
  • Research the above commands by typing them at a command line using the /? for help.

Planning, Implementing, and Maintaining Server Availability

  • Plan services for high availability.
  • High availability means not having a single point of failure. Windows Server 2003 Enterprise and Windows Server 2003 Datacenter Server support this feature.

  • Plan a high-availability solution that uses clustering services.
  • Clustering is connecting several computers together to act as a single computer that provides high availability.

  • Plan a high-availability solution that uses Network Load Balancing.
  • Network Load Balancing, a clustering technology included in the Microsoft Windows 2000 Advanced Server and Datacenter Server operating systems, enhances the scalability and availability of mission-critical, TCP/IP-based services, such as Web, Terminal Services, virtual private networking, and streaming media servers.

  • Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks.
  • Eliminating system bottlenecks ensures your servers are operating efficiently. When choosing your hardware, always make sure you have sufficient RAM and processor power.

  • Identify system bottlenecks by using System Monitor.
  • System Monitor is a Windows tool that can be used to identify and diagnose bottleneck problems.

  • Recover from cluster node failure.
  • In a cluster, it is possible to lose a node or the entire cluster. You can use tools such as Confdisk.exe, ClusterRecovery.exe, ASR, and System State Restore.

  • Manage Network Load Balancing. Tools might include the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility.
  • Plan a backup and recovery strategy.
  • Any backup strategy, whether it is tape or hard disk, should be tested.

  • Identify appropriate backup types. Methods include full, incremental, and differential.
  • A full backup will backup all of your data. A differential backup will backup all of the data that has changed since the last full backup. An incremental backup will backup all data since the last incremental backup. An incremental backup is the quickest, but also requires more time to restore.

  • Plan a backup strategy that uses Volume Shadow Copy (VSS).
  • Shadow Copy must be enabled on the server and will keep copies of files that can be restored directly from the server. It provides a way for the end user to restore files, which can be quicker than waiting for the tech department to restore a file.

Planning and Maintaining Network Security

  • Configure network protocol security.
  • Each different protocol has its own vulnerabilities which must be taken into account during implementation.

  • Configure IPSec policy settings.
  • As mentioned before, Client, Server and Secure Server are the three built in policies that Microsoft provides. You should modify these policies to meet your needs.

  • Plan for network protocol security.
  • Some protocols are more vulnerable than others. For instance, FTP, Telnet and HTTP use clear text to transmit data.
  • Specify the required ports and protocols for specified services.
  • Port numbers that you need to be familiar with are as follows:
    • FTP—21
    • TELNET—23
    • SMTP—25
    • DNS—53
    • DHCP—67 and 68
    • HTTP—80
    • POP3—110
    • IMAP—143
    • SNMP—161
    • SSL—443
  • Plan secure network administration methods.
  • To save time and resources, you should be able to solve as many problems as you can remotely. Tools such as Remote Desktop for Windows users and Telnet for switches and routers will help you with this.

  • Create a plan to offer Remote Assistance to client computers.
  • As mentioned above, Remote Desktop allows you to assist users by controlling their desktop.

  • Plan for remote administration by using Terminal Services.
  • Microsoft Server Terminal Services Client (MSTSC.exe) can be used to remote into servers.

  • Plan security for wireless networks.
  • Wireless networks need to be secured using encryption such as Wired Equivalent Privacy (WEP)

  • Plan security for data transmission.
  • Virtual Private Networks (VPN) uses PPTP and IPSec protocols for security.

  • Troubleshoot security for data transmission. Tools might include the IP Security Monitor MMC snap-in and the Resultant Set of Policy (RSoP) MMC snap-in.

Planning, Implementing, and Maintaining Security Infrastructure.

  • Configure Active Directory service for certificate publication.
  • Directory Access Control Lists are used to by Active Directory to approve or deny certificate requests.

  • Plan a public key infrastructure (PKI) that uses Certificate Services.
  • PKI provides computers a secure way to communicate. It relies on digital signatures and encryption.

  • Identify the appropriate type of certificate authority to support certificate issuance requirements.
  • Windows 2003 can issue certificates or you can use a third party vendor such as Verisign.

  • Plan the enrollment and distribution of certificates.
  • If your Windows 2003 server is running Certificate Services, it is able to issue a certificate.

  • Plan for the use of smart cards for authentication.
  • Smart cards include an actual micro processor that contains information about the user. The smart card is used in conjunction with a Personal Identification Number (PIN).

  • Plan a framework for planning and implementing security.
  • The Microsoft Solution Framework (MSF) outlines an overall process for planning and implementing security.

  • Plan for security monitoring.
  • Each network is different and will have different requirement for security monitoring. You should be able to detect changes in common patterns and be familiar with new security threats that have developed. Microsoft Baseline Security Analyzer (MBSA) is a security tool that can be used to scan for security updates.

  • Plan a change and configuration management framework for security.
  • This includes topics such as making sure that you apply patches and upgrades, checking user, data and security settings.

  • Plan a security update infrastructure. Tools might include Microsoft Baseline Security Analyzer and Microsoft Software Update Services.
  • + Share This
  • 🔖 Save To Your Account

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020