Lesson Plans Designing Security for a Server 2003 Network (Exam 70-298) Version 2.0 Table of Contents Course Overview .................................................................................................. 2 Course Introduction............................................................................................... 3 Section 1.1: Identifying Security Requirements .................................................... 4 Section 1.2: Design and Implementation .............................................................. 5 Section 2.1: Active Directory ................................................................................. 7 Section 2.2: Trusts ................................................................................................ 8 Section 2.3: Public Key Infrastructure (PKI) .......................................................... 9 Section 2.4: Administration ................................................................................. 10 Section 2.5: Update Infrastructure ...................................................................... 12 Section 3.1: Firewalls .......................................................................................... 13 Section 3.2: Data Transmission .......................................................................... 14 Section 3.3: Wireless Security ............................................................................ 16 Section 3.4: IIS Security ...................................................................................... 17 Section 3.5: Server Roles ................................................................................... 19 Section 3.6: External Access .............................................................................. 20 Section 4.1: Group Strategy ................................................................................ 21 Section 4.2: Access Control ................................................................................ 22 Section 4.3: Auditing ........................................................................................... 24 Section 5.1: Client Authentication ....................................................................... 25 Section 5.2: Remote Access ............................................................................... 26 Section 5.3: Securing Clients .............................................................................. 27 Practice Exams ................................................................................................... 28 Appendix A: Approximate Time for the Course ................................................... 29 ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 1 Course Overview This course prepares students for the Designing Security for the Microsoft® Windows® Server 2003 Environment certification Exam 70-298. It focuses on how to design security in the Windows 2003 environment. Course Overview This introduces the instructor and prerequisites for the course. 1.0 Conceptual Design This module introduces the basics of analyzing, designing and implementing security for a business. 2.0 Logical Design Module 2 explains how to logically design security using Active Directory, trusts, Public Key Infrastructure, remote administration and automatic updates. 3.0 Physical Design Module 3 discusses the physical strategies used in designing security. Topics include; firewalls, securing data transmission, wireless security, IIS security, server roles, server templates, and Extranets. 4.0 Access Control Strategy Module 4 covers group strategy, access control strategy, and auditing strategy. 5.0 Client Infrastructure Design In Module 5 students will learn about design issues for client authentication, remote access, and securing client workstations. ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 2 Course Introduction Preparation The video introduces the video instructor and the prerequisites for this course. Review the prerequisites with the students to ensure the students are prepared to take the course. Before studying for the Exam 70-298: Designing Security for a Microsoft® Windows® Server 2003 Environment exam, students should have extensive working knowledge of and pass the following exams: MCSE core courses exams o Exam 70-290: Managing and Maintaining a Microsoft® Windows® Server 2003 Environment o Exam 70-291: Implementing, Managing, and Maintaining a Microsoft® Windows® Server 2003 Network Infrastructure o Exam 70-293: Planning and Maintaining a Microsoft® Windows® Server 2003 Network Infrastructure o Exam 70-294: Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure 70-299 Implementing Microsoft® Windows® Server 2003 Network Total Time About 5 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 3 Section 1.1: Identifying Security Requirements Preparation In this section students will learn the basics of analyzing existing security, environment and technical requirements of a business. Students are directed to which elements they should consider when doing the business and technical analysis. Designing Security Objectives 101. Analyze business requirements for designing security. Considerations include existing policies and procedures, sensitivity of data, cost, legal requirements, end-user impact, interoperability, maintainability, scalability, and risk. o Analyze existing security policies and procedures. o Analyze the organizational requirements for securing data. o Analyze the security requirements of different types of data. Lecture Focus Questions: How might legal requirements applicable to the company or the location affect your security design? How does understanding the workflow help you to identify groups and access needs? What are some of the technical issues that might mean that you would have to modify the security design? How does the administrative approach affect the security design? Video/Demo Time 1.1.1 Business Requirements 3:55 1.1.3 Technical Requirements 2:03 Total 5:58 Total Time About 15 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 4 Section 1.2: Design and Implementation Preparation In this section students will discover how to create a security design and implement the plan. Students will learn the security principals to consider when designing security and the basic phases of the design framework. They will also learn how to test and maintain the security plan. Designing Security Objectives 101. Analyze business requirements for designing security. Considerations include existing policies and procedures, sensitivity of data, cost, legal requirements, end-user impact, interoperability, maintainability, scalability, and risk. o Analyze risks to security within the current IT administration structure and security practices. 102. Design a framework for designing and implementing security. The framework should include prevention, detection, isolation, and recovery. o Predict threats to your network from internal and external sources. o Design a process for responding to incidents. o Design segmented networks. o Design a process for recovering services. 103. Analyze technical constraints when designing security. o Identify capabilities of the existing infrastructure. o Identify technology limitations. o Analyze interoperability constraints. Lecture Focus Questions: What is the difference between a threat and a risk? Why is it impossible to eliminate all risk? When might accepting risk be a better choice than deploying a countermeasure to reduce the risk? Why is availability a security concern, even if data has not been lost or compromised? How does the principle of least privilege differ from separation of duties? What are some key components of a security policy? ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 5 Video/Demo Time 1.2.1 Designing Security 2:40 1.2.4 Implementation 1:01 Total 3:41 Total Time About 15 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 6 Section 2.1: Active Directory Preparation This section is an overview of Active Directory, group policy and the design concepts to consider. Students should already have a thorough knowledge of Active Directory before taking this course. Designing Security Objectives 202. o 401. o Design a logical authentication strategy. Design forest and domain trust models. Design an access control strategy for directory services. Create a delegation strategy. Lecture Focus Questions: Which conditions require you to create separate domains? When must you create separate forests? Why is tree design typically not a concern when finalizing the Active Directory structure? Why would you typically move computer accounts out of the Computers container? What type of trust exists between domains in the same forest? How can you enforce desktop settings on Windows 98 and NT systems? Video/Demo Time 2.1.1 Active Directory Overview 9:55 2.1.3 Group Policy 3:53 Total 13:48 Total Time About 25 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 7 Section 2.2: Trusts Preparation This section covers the basics of trusts. Trusts enable members of one domain to access resources in another domain. The different types of trust and their characteristics are presented along with the two different types of trust authentication. Designing Security Objectives 202. Design a logical authentication strategy. o Design certificate distribution. o Design forest and domain trust models. Lecture Focus Questions: If users in domain A need to access resources in domain B, what is the direction of trust required? How does the direction of resource access relate to the direction of trust? Which of the following trusts are transitive: external, forest root, shortcut? What are the main differences between a forest root trust and an external trust? Video/Demo 2.2.1 Trusts 2.2.2 Trust Authentication Total Time 14:36 4:09 18:45 Total Time About 25 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 8 Section 2.3: Public Key Infrastructure (PKI) Preparation This section discusses PKI designs. It covers the elements such as the CA hierarchy role, CA type, and the CA access that must be considered when planning a certificate authority structure. Also discussed are the methods for distributing certificates and the requirements to setup certificate autoenrollment. Designing Security Objectives 201. Design a public key infrastructure (PKI) that uses Certificate Services. o Design a certification authority (CA) hierarchy implementation. Types include geographical, organizational, and trusted. o Design enrollment and distribution processes. o Establish renewal, revocation and auditing processes. o Design security for CA servers. 102. Configure security templates. Lecture Focus Questions: Why should you typically take the root CA offline? In a typical CA hierarchy, why isn't the root CA usually an Enterprise CA? What are the prerequisites for using certificate autoenrollment? In addition to defining a certificate template and modifying the permissions, what else must you do before the certificate can be issued? When would you typically get a certificate from a third-party CA, even if you have an internal CA hierarchy established? Which type of CA is normally configured to issue user and computer certificates? Video/Demo Time 2.3.1 Certificate Authorities 5:38 2.3.2 Trust Authentication 9:58 2.3.2 Certificate Autoenrollment 3:05 Total 18:41 Total Time About 30 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 9 Section 2.4: Administration Preparation This section discusses the elements to consider when designing a remote administration strategy. Also discussed, are security issues that are related to remote administrative tools and guidelines for designing an administrative strategy. Designing Security Objectives 203. Design security for network management. o Manage the risk of managing networks. o Design the administration of servers by using common administration tools. Tools include Microsoft Management Console (MMC), Terminal Server, Remote Desktop for Administration, Remote Assistance, and Telnet. o Design security for Emergency Management Services. 401. Design an access control strategy for directory services. o Create a delegation strategy. o Design a permission structure for directory service objects. Lecture Focus Questions: How does granting a user Full Control over an OU violate the principle of least privilege? What tool can you use to simplify Active Directory permission assignments? What are the limitations of using the Remote Administration Website? How is the communication channel secured when using Remote Desktop? MMC consoles? Why do many organizations give administrators two user accounts? How can you perform administrative tasks when you are logged in as a different user without logging out first? Video/Demo Time 2.4.1 Administration Design 6:54 2.4.2 Delegating Control 5:02 2.4.3 MMC Consoles 3:25 Total 15:21 ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 10 Total Time About 25 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 11 Section 2.5: Update Infrastructure Preparation This section discusses the different methods used to automate updates for operating system and software. Also discussed, are Software Update Services (SUS) concepts, benefits, and uses the students should consider when designing an SUS infrastructure. Students will also learn about the tools to use to check software patch levels. Designing Security Objectives 205. o o o Design a security update infrastructure. Design a Software Update Services (SUS) infrastructure. Design Group Policy to deploy software updates. Design a strategy for identifying computers that are not at the current patch level. Lecture Focus Questions: What are two main advantages to using Software Update Services (SUS) over the Windows Update Website? Which tools can you use to distribute updates to custom software that you have developed yourself? How can you use a single SUS server to approve updates for different groups of computers? What is the difference between Mbsacli and Secedit? Which tool scans for missing operating system patches? Video/Demo Time 2.5.1 Update Infrastructure Design 5:03 2.5.3 SUS Concepts 6:55 2.5.5 Assessing Patch Levels 3:33 Total 15:31 Total Time About 25 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 12 Section 3.1: Firewalls Preparation In this section students will learn the basics of designing a firewall solution. Any network attached to the Internet should implement a firewall to control external traffic by blocking or allowing it as configured by the packet filters. Also discussed, is how a Demilitarized Zone (DMZ) is used to protect publicly accessed resources and help isolate those resources from your internal network. Designing Security Objectives 301. Design network infrastructure security. o Specify the required protocols for a firewall configuration. o Design IP filtering. Lecture Focus Questions: How can NAT provide limited firewall functionality? Why might you implement IPSec filters even when you do not want to allow or enforce IPSec? What is an advantage of using IPSec filters over defining packet filters? What type of servers should be placed inside the demilitarized zone? Where should servers such as SQL and Exchange servers be placed in a firewall design? Video/Demo Time 3.1.1 Firewalls 4:47 3.1.2 Demilitarized Zones (DMZs) 4:42 Total 9:29 Total Time About 15 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 13 Section 3.2: Data Transmission Preparation This section discusses the concepts of securing data during transmission. A brief overview is given of several methods that can be used and then it focuses in on IPSec, VPN and Demand-dial strategies. Designing Security Objectives 301. o o 305. o o o Design network infrastructure security. Design an IPSec policy. Design security for data transmission. Design security for communication between networks. Select protocols for VPN access. Design VPN connectivity. Design demand-dial routing between internal networks. Lecture Focus Questions: How can you force an IIS server to use TLS instead of SSL? Which protocol is used with L2TP to provide data encryption? Which method is typically used on a Web server to protect data transmissions? Which method is typically used between two computers on a LAN to protect data transmissions? Which method is typically used between devices communicating through the Internet to protect data transmissions? What are the conditions for using Kerberos for authentication with IPSec? Which protocol used with IPSec would you choose to provide both data encryption and authentication, AH or ESP? What type of authentication methods are supported when using IPSec with L2TP? What are the configuration tasks required to establish a demand dial connection? ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 14 Video/Demo Time 3.2.1 Data Transmission Security 3:22 3.2.3 IPSec 3:32 3.2.5 VPN and Demand-dial 5:02 Total 11:56 Total Time About 25 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 15 Section 3.3: Wireless Security Preparation This section covers elements of designing a wireless network. Discussed are wireless types, authentication mechanisms and encryption methods. 802.1x Authentication is discussed in greater detail than other authentication methods. Designing Security Objectives 302. Design security for wireless networks. o Design public and private wireless LANs. o Design 802.1x authentication for wireless networks. Lecture Focus Questions: Why is dynamic WEP more secure than static WEP? How can you protect wireless communications when connecting to a public wireless network such as at an airport or a hotel lobby? What type of servers must you have on your network in order to implement 802.1x authentication? Why would you choose PEAP-EAP-TLS over EAP-TLS? When might you use PEAP-EAP-MSCHAPv2 over PEAP-EAP-TLS when configuring 802.1x authentication? What are two methods you can use to automate configuring client wireless connections? Video/Demo Time 3.3.1 Wireless Design 4:30 3.3.2 Wireless Concepts 2:05 3.3.3 802.1x Design Facts 6:34 Total 13:09 Total Time About 25 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 16 Section 3.4: IIS Security Preparation This section discusses the considerations for locking down an IIS Server. The five security checks a client must go through before they can access an IIS server and a Web page is discussed. Also discussed are the three basic categories of authentication. SSL, a method to provide a secure transmission of data, and certificate mapping, is also covered. Designing Security Objectives 303. Design user authentication for Internet Information Services (IIS). o Design user authentication for a Web site by using certificates. o Design user authentication for a Web site by using IIS authentication. o Design user authentication for a Web site by using RADIUS for IIS authentication. 304. Design security for Internet Information Services (IIS). o Design security for Web sites that have different technical requirements by enabling only the minimum required services. o Design a monitoring strategy for IIS. o Design an IIS baseline that is based on business requirements. o Design a content management strategy for updating an IIS server. Lecture Focus Questions: What limitation of using Windows Integrated authentication is overcome by using Digest authentication? How must user passwords be stored in Active Directory when using Digest authentication? How does Advanced Digest overcome this requirement? What should you do to protect user logon credentials if you must support Basic authentication? What type of certificates are required to enable SSL on a Web server? How can you secure FTP traffic with IIS 6.0? How are encrypted files sent when copied to a WebDAV folder? How does this make using SSL unnecessary? What type of IIS server logging sends data to a SQL database? ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 17 Video/Demo Time 3.4.1 IIS Security 5:29 3.4.2 IIS Authentication 4:52 3.4.3 SSL and Certificate Mapping 5:59 3.4.6 IIS Server Security 4:42 Total 21:02 Total Time About 35 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 18 Section 3.5: Server Roles Preparation In this section students will learn how to design security to lock down security on server roles. Also discussed are the purposes, types and methods of implementing security templates. Designing Security Objectives 307. Design security for servers that have specific roles. Roles include domain controller, network infrastructure server, file server, IIS server, terminal server, and POP3 mail server. o Define a baseline security template for all systems. o Create a plan to modify baseline security templates according to role. Lecture Focus Questions: What is the most efficient way to apply security settings to multiple computers? How can you apply security settings to a single computer? How can you make sure that current security settings on a computer match the settings in a security template? What feature should be disabled on e-mail servers to prevent forwarding spam? Video/Demo Time 3.5.1 Server Roles 5:24 3.5.2 IIS Authentication 6:20 Total 11:44 Total Time About 15 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 19 Section 3.6: External Access Preparation This section discusses using an Extranet to allow specified users who are not within your network to access your resources. Access to the Extranet is controlled through firewalls and appropriate authentication. Also discussed is using qualified subordination to control which certificates are issued and the clients to which certificates are issued. Designing Security Objectives 306. Design security for communication with external organizations. o Design an extranet infrastructure. o Design a strategy for cross-certification of Certificate Services. Lecture Focus Questions: Why are forest root trusts typically not used for extranet access? If users in domain A need to access resources in domain B, what is the direction of trust required? How do you establish trust between certification hierarchies in Windows 2003? How does this differ from the process you would use with Windows 2000? Video/Demo Time 3.6.1 Extranets 3:06 3.6.2 Cross-Certification 4:56 Total 8:02 Total Time About 10 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 20 Section 4.1: Group Strategy Preparation In this section the students will learn the concept of using groups to create a more secure access of resources. Types of groups, group scopes and strategies to use groups are all discussed. Designing Security Objectives 401. Design an access control strategy for directory services. o Design the appropriate group strategy for accessing resources. Lecture Focus Questions: When assigning permissions to a resource, which group type will typically be placed on the access control list (ACL) for the object? How does the domain mode affect the availability of group scopes? When is it appropriate to use universal groups? Why don't you automatically use universal groups when multiple domains are involved? How can you prevent any user from being added to a local group? Why doesn't the Member of setting in a restricted group restrict group membership to only the listed groups? Video/Demo Time 4.1.1 Group Strategy 13:41 4.1.2 Group Strategy Examples 10:53 Total 24:34 Total Time About 30 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 21 Section 4.2: Access Control Preparation This section discusses designing an access control strategy. Windows uses Access Control Lists (ACLs) to control access to resources such as files, printer, and Active Directory objects. It also discusses concerns when locking down the registry. Students will learn factors to consider when deciding whether to enable or disable the use of an Encrypting File System (EFS). Designing Security Objectives 402. Design an access control strategy for files and folders. o Design a strategy for the encryption and decryption of files and folders. o Design a permission structure for files and folders. o Design security for a backup and recovery strategy. 403. Design an access control strategy for the registry. o Design a permission structure for registry objects. Lecture Focus Questions: What is the recommended method for assigning permissions to everyone on a network? What is the easiest way to manage Active Directory object permissions for delegated administrative permissions? How are registry permissions similar to NTFS permissions? What type of auditing would you use to audit registry access? How do you enforce 3DES encryption with EFS? What are the advantages of using a PKI with EFS? How can you recover (unencrypt) encrypted files without a data recovery agent (DRA)? What actions must you take on a server to enable users to save encrypted files on the server? How can you protect encrypted files while they are being copied to a network share? ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 22 Video/Demo Time 4.2.1 Access Control Lists 2:56 4.2.2 Registry Access 2:11 4.2.4 Encrypting File System (EFS) 4:09 Total 9:16 Total Time About 20 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 23 Section 4.3: Auditing Preparation In this section students will learn the basics of designing an auditing strategy. Students will learn the main points that should be considered; deployment, minimizing auditing, and tracking exactly what is audited. Designing Security Objectives 401. Design an access control strategy for directory services. o Analyze auditing requirements. 402. Design an access control strategy for files and folders. o Analyze auditing requirements. 403. Design an access control strategy for the registry. o Analyze auditing requirements. Lecture Focus Questions: What is the difference between auditing for success and auditing for failure? What is the difference between Account Logon and Logon auditing? What additional step must you complete in order to audit NTFS file access? How does Security log file management affect the usefulness of configuring auditing? When would you not enable auditing in a GPO applied to the domain or a specific OU? Video/Demo 4.3.1 Auditing Time 5:05 Total Time About 10 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 24 Section 5.1: Client Authentication Preparation This section discusses design issues of client authentication such as; implementing single sign-on, deploying Active Directory clients for pre-2000 machines, implementing a secure LAN Manager authentication, and implementing multi-factor authentication. Students will also learn about authentication protocols that are used to securely transmit passwords from client to server. Also discussed is how account policies can be used to improve security by enforcing password and account lockout settings. Designing Security Objectives 501. Design a client authentication strategy. o Analyze authentication requirements. o Establish account and password security requirements. Lecture Focus Questions: How can you enable the use of NTLM v2 on Windows 9x clients? What are the requirements for implementing smart cards on a Windows network? What type of certificates are required by a smart card enrollment agent? How do you require smart cards for specific users or computers? Where are Account Policies configured? What must you do if you have two divisions with different Account Policies requirements? When would you need to enable reversible encryption for passwords? Video/Demo Time 5.1.1 Client Authentication 4:47 5.1.2 Authentication Protocols 1:49 5.1.4 Account Policies 2:52 Total 9:28 Total Time About 15 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 25 Section 5.2: Remote Access Preparation In this section students learn the authentication methods and authorization processes for remote access. Remote access polices allow or deny remote access connection requests based upon connection specific elements such as group membership, time of day, or the type of connection. Students will learn how the acronym RAP CAP will help them to remember the three steps to authorization for access to resources. Designing Security Objectives 502. o o o Design a security strategy for client remote access. Design remote access policies. Design access to internal resources. Design an authentication provider and accounting strategy for remote network access by using Internet Authentication Service (IAS). Lecture Focus Questions: Why is the remote access policy order important when designing remote access policies? What is the general rule to follow when determining which policies should be at the top of the list? How can you centralize remote access policies on a single server when multiple remote access servers are being deployed? When using a RADIUS solution, what type of device is identified as a RADIUS client? Video/Demo Time 5.2.1 Remote Access 4:59 5.2.2 Remote Access Authorization 7:20 Total 12:19 Total Time About 15 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 26 Section 5.3: Securing Clients Preparation This section summarizes the considerations you should be aware of while planning client workstation security. These include: computer roles, Active Directory and group policy, security templates, administrative templates, software restrictions, and physical security. Designing Security Objectives 503. Design a strategy for securing client computers. Considerations include desktop and portable computers. o Design a strategy for hardening client operating systems. o Design a strategy for restricting user access to operating system features. Lecture Focus Questions: How can structuring Active Directory appropriately help you in managing workstation security? What is the difference between security templates and administrative templates? What type of software is controlled through an Internet Zone rule? What type of software restriction rule can you use to allow running all internally-developed scripts (while preventing running all other scripts)? How can physical security increase the security of client workstations beyond what is available within the operating system and through Group Policy? Total Time About 5 minutes ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 27 Practice Exams Summary This section provides information to help prepare students to take the exam and to register for the exam. Students will also have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Certification Practice Exam (35 questions) Scenario 1 All Questions (15 questions) Scenario 2, All Questions (25 questions) Scenario 3, All Questions (15 questions) Scenario 4, All Questions (11 questions) Scenario 5, All Questions (18 questions) The Certification Practice Exam consists of 35 questions and has a time limit of 120 minutes -- just like the real certification exam. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 28 Appendix A: Approximate Time for the Course The total time for the LabSim for Microsoft’s Designing Security for a Server 2003 Network Exam 70-298 course is approximately 8 hours and 24 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements: Video/demo times Approximate time to read the text lesson (the length of each text lesson is taken into consideration) Simulations (5 minutes assigned per simulation) Questions (1 minute per question) Module Sections Time Minute HR:MM Course Introduction 0.0 Course Introduction 5 5 :05 15 15 30 :30 25 25 30 25 25 130 2:10 15 25 25 35 15 10 125 2:05 30 20 10 60 1:00 1.0 Conceptual Design 1.1 Identifying Security Requirements 1.2 Design and Implementation 2.0 Logical Design 2.1 Active Directory 2.2 Trusts 2.3 Public Key Infrastructure (PKI) 2.4 Administration 2.5 Update Infrastructure 3.0 Physical Design 3.1 Firewalls 3.2 Data Transmission 3.3 Wireless Security 3.4 IIS Security 3.5 Server Roles 3.6 External Access 4.0 Access Control Strategy 4.1 Group Strategy 4.2 Access Control 4.3 Auditing ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 29 5.0 Client Infrastructure Design 5.1 Client Authentication 5.2 Remote Access 5.3 Securing Clients 15 15 5 35 :35 35 15 25 15 11 18 119 1:59 504 8:24 Practice Exams Certification Practice Exam (35 questions) Scenario 1, All Questions (15 questions) Scenario 2, All Questions (25 questions) Scenario 3, All Questions (15 questions) Scenario 4, All Questions (11 questions) Scenario 5, All Questions (18 questions) Total Time ©2006 TestOut Corporation (Rev 08/06) Designing Security for a Server 2003 Network Ver. 2 (70-298) 30