Get free MCSE Training, cheatsheats, braindumps, cheatsheat from brain-dumps.com

Microsoft Certified System Engineer

70-220 Braindumps

Preparation Guide for Exam 70-220

Designing Security for a Microsoft Windows 2000 Network

Content Updated: February 20, 2003

This preparation guide includes information about:

Exam News
Audience Profile
Skills Being Measured

Exam News

Exam 70-220 became available July 20, 2000.

Audience Profile

Candidates for this exam operate in medium to very large computing environments that use the Windows 2000 network operating system. They have a minimum of one year's experience designing network infrastructures in environments that have the following characteristics:

Supported users range from 200-26,000+.
Physical locations range from 5-150+.
Typical network services and applications include file and print, database, messaging, proxy server or firewall, dial-in server, desktop management, and Web hosting.
Connectivity needs include connecting individual offices and users at remote locations to the corporate network and connecting corporate networks to the Internet.

Skills Being Measured

This certification exam tests the skills required to analyze the business requirements for security and design a security solution that meets business requirements. Security includes:

Controlling access to resources.
Auditing access to resources.
Authentication.
Encryption.

Before taking the exam, you should be proficient in the job skills listed below.

Skills measured by exam 70-220

Analyzing Business Requirements

Analyze the existing and planned business models.

Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices.
Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making.

Analyze the existing and planned organizational structures. Considerations include management model; company organization; vendor, partner, and customer relationships; and acquisition plans.

Analyze factors that influence company strategies.

Identify company priorities.
Identify the projected growth and growth strategy.
Identify relevant laws and regulations.
Identify the company's tolerance for risk.
Identify the total cost of operations.

Analyze business and security requirements for the end user.

Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management process.

Analyze the current physical model and information security model.

Analyze internal and external security risks.

Analyzing Technical Requirements

Evaluate the company's existing and planned technical environment.

Analyze company size and user and resource distribution.
Assess the available connectivity between the geographic location of work sites and remote sites.
Assess the net available bandwidth.
Analyze performance requirements.
Analyze the method of accessing data and systems.
Analyze network roles and responsibilities. Roles include administrative, user, service, resource ownership, and application.

Analyze the impact of the security design on the existing and planned technical environment.

Assess existing systems and applications.
Identify existing and planned upgrades and rollouts.
Analyze technical support structure.
Analyze existing and planned network and systems management.

Analyzing Security Requirements

Design a security baseline for a Windows 2000 network that includes domain controllers, operations masters, application servers, file and print servers, RAS servers, desktop computers, portable computers, and kiosks.

Identify the required level of security for each resource. Resources include printers, files, shares, Internet access, and dial-in access.

Designing a Windows 2000 Security Solution

Design an audit policy.

Design a delegation of authority strategy.

Design the placement and inheritance of security policies for sites, domains, and organizational units.

Design an Encrypting File System strategy.

Design an authentication strategy.

Select authentication methods. Methods include certificate-based authentication, Kerberos authentication, clear-text passwords, digest authentication, smart cards, NTLM, RADIUS, and SSL.
Design an authentication strategy for integration with other systems.

Design a security group strategy.

Design a Public Key Infrastructure.

Design Certificate Authority (CA) hierarchies.
Identify certificate server roles.
Manage certificates.
Integrate with third-party CAs.
Map certificates.

Design Windows 2000 network services security.

Design Windows 2000 DNS security.
Design Windows 2000 Remote Installation Services (RIS) security.
Design Windows 2000 SNMP security.
Design Windows 2000 Terminal Services security.

Designing a Security Solution for Access Between Networks

Provide security-enhanced access to public networks from a private network.

Provide external users with security-enhanced access to private network resources.

Provide security-enhanced access between private networks.

Provide security-enhanced access within a LAN.
Provide security-enhanced access within a WAN.
Provide security-enhanced access across a public network.

Design Windows 2000 security for remote access users.

Designing Security for Communication Channels

Design an SMB-signing solution.

Design an IPSec solution.

Design an IPSec encryption scheme.
Design an IPSec management strategy.
Design negotiation policies.
Design security policies.
Design IP filters.
Define security levels.

Note: This preparation guide is subject to change at any time without prior notice and at Microsoft's sole discretion. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use the exam objectives listed in this preparation guide to prepare for the exam, regardless of its format.

Analyzing Business Requirements

Analyze the existing and planned business models.

Analyze the company model and the geographical scope. Models include international, national, regional, branch, and subsidiary offices.
Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making.

Analyze the existing and planned organizational structures. Considerations include the management model; company organization; vendor, partner, and customer relationships; and acquisition plans.

Analyze factors that influence company strategies.

Identify company priorities.
Identify the projected growth and growth strategy.
Identify relevant laws and regulations.
Identify the company's tolerance for risk.
Identify the total cost of operations.

Analyze the structure of IT management. Considerations include the type of administration,such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management process.

Analyzing Technical Requirements

Evaluate the company's existing and planned technical environment.

Analyze company size and the distribution of users and resources.
Assess the available connectivity between the geographic locations of work sites and remote sites.
Assess the net available bandwidth.
Analyze performance requirements.
Analyze data and system access patterns.
Analyze network roles and responsibilities.
Analyze security considerations.

Analyze the impact of Active Directory on the existing and planned technical environment. Considerations include Microsoft Exchange 2000.

Assess existing systems and applications.
Identify existing and planned upgrades and rollouts.
Analyze the technical support structure.
Analyze existing and planned network and systems management.

Analyze the business requirements for client computer desktop management.

Analyze end-user work needs.
Identify technical support needs for end users.
Establish the required client computer environment.

Designing a Directory Service Architecture

Define the scope of the Active Directory design.

Design an Active Directory forest and domain structure.

Design a forest and schema structure.
Design a domain structure.
Analyze and optimize trust relationship requirements.

Design an Active Directory naming strategy.

Plan the WINS NetBIOS name resolution strategy.
Design the namespace.
Plan the DNS strategy.

Design and plan the structure of organizational units. Considerations include administrative control, existing domain structures, administrative policy, and geographic and company structure.

Develop an organizational unit delegation plan.
Plan Group Policy object management.
Develop a change in the configuration management plan for client computers.

Plan for the coexistence of Active Directory and other directory services.

Design a schema modification policy.

Design an Active Directory implementation plan.

Designing Service Locations

Design the placement of operations masters. Considerations include performance, fault tolerance, functionality, and manageability.

Design the placement of global catalog servers. Considerations include performance, fault tolerance, functionality, and manageability.

Design the placement of domain controllers. Considerations include performance, fault tolerance, functionality, and manageability.

Design the placement of DNS, WINS, and DHCP servers. Considerations include performance, fault tolerance, functionality, manageability, and interoperability.

Design an Active Directory site topology.

Design a replication strategy.
Define site boundaries.