Lesson Plans
Designing Security for a Server 2003
Network
(Exam 70-298)
Version 2.0
Table of Contents
Course Overview .................................................................................................. 2
Course Introduction............................................................................................... 3
Section 1.1: Identifying Security Requirements .................................................... 4
Section 1.2: Design and Implementation .............................................................. 5
Section 2.1: Active Directory ................................................................................. 7
Section 2.2: Trusts ................................................................................................ 8
Section 2.3: Public Key Infrastructure (PKI) .......................................................... 9
Section 2.4: Administration ................................................................................. 10
Section 2.5: Update Infrastructure ...................................................................... 12
Section 3.1: Firewalls .......................................................................................... 13
Section 3.2: Data Transmission .......................................................................... 14
Section 3.3: Wireless Security ............................................................................ 16
Section 3.4: IIS Security ...................................................................................... 17
Section 3.5: Server Roles ................................................................................... 19
Section 3.6: External Access .............................................................................. 20
Section 4.1: Group Strategy ................................................................................ 21
Section 4.2: Access Control ................................................................................ 22
Section 4.3: Auditing ........................................................................................... 24
Section 5.1: Client Authentication ....................................................................... 25
Section 5.2: Remote Access ............................................................................... 26
Section 5.3: Securing Clients .............................................................................. 27
Practice Exams ................................................................................................... 28
Appendix A: Approximate Time for the Course ................................................... 29
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
1
Course Overview
This course prepares students for the Designing Security for the Microsoft®
Windows® Server 2003 Environment certification Exam 70-298. It focuses on
how to design security in the Windows 2003 environment.
Course Overview
This introduces the instructor and prerequisites for the course.
1.0 Conceptual Design
This module introduces the basics of analyzing, designing and implementing
security for a business.
2.0 Logical Design
Module 2 explains how to logically design security using Active Directory, trusts,
Public Key Infrastructure, remote administration and automatic updates.
3.0 Physical Design
Module 3 discusses the physical strategies used in designing security. Topics
include; firewalls, securing data transmission, wireless security, IIS security,
server roles, server templates, and Extranets.
4.0 Access Control Strategy
Module 4 covers group strategy, access control strategy, and auditing strategy.
5.0 Client Infrastructure Design
In Module 5 students will learn about design issues for client authentication,
remote access, and securing client workstations.
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
2
Course Introduction
Preparation
The video introduces the video instructor and the prerequisites for this course.
Review the prerequisites with the students to ensure the students are prepared
to take the course.
Before studying for the Exam 70-298: Designing Security for a Microsoft®
Windows® Server 2003 Environment exam, students should have extensive
working knowledge of and pass the following exams:


MCSE core courses exams
o Exam 70-290: Managing and Maintaining a Microsoft® Windows®
Server 2003 Environment
o Exam 70-291: Implementing, Managing, and Maintaining a
Microsoft® Windows® Server 2003 Network Infrastructure
o Exam 70-293: Planning and Maintaining a Microsoft® Windows®
Server 2003 Network Infrastructure
o Exam 70-294: Planning, Implementing, and Maintaining a
Microsoft® Windows® Server 2003 Active Directory Infrastructure
70-299 Implementing Microsoft® Windows® Server 2003 Network
Total Time
About 5 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
3
Section 1.1: Identifying Security Requirements
Preparation
In this section students will learn the basics of analyzing existing security,
environment and technical requirements of a business. Students are directed to
which elements they should consider when doing the business and technical
analysis.
Designing Security Objectives

101. Analyze business requirements for designing security.
Considerations include existing policies and procedures, sensitivity of
data, cost, legal requirements, end-user impact, interoperability,
maintainability, scalability, and risk.
o Analyze existing security policies and procedures.
o Analyze the organizational requirements for securing data.
o Analyze the security requirements of different types of data.
Lecture Focus Questions:




How might legal requirements applicable to the company or the location
affect your security design?
How does understanding the workflow help you to identify groups and
access needs?
What are some of the technical issues that might mean that you would
have to modify the security design?
How does the administrative approach affect the security design?
Video/Demo
Time
1.1.1 Business Requirements
3:55
1.1.3 Technical Requirements
2:03
Total
5:58
Total Time
About 15 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
4
Section 1.2: Design and Implementation
Preparation
In this section students will discover how to create a security design and
implement the plan. Students will learn the security principals to consider when
designing security and the basic phases of the design framework. They will also
learn how to test and maintain the security plan.
Designing Security Objectives



101. Analyze business requirements for designing security.
Considerations include existing policies and procedures, sensitivity of
data, cost, legal requirements, end-user impact, interoperability,
maintainability, scalability, and risk.
o Analyze risks to security within the current IT administration
structure and security practices.
102. Design a framework for designing and implementing security. The
framework should include prevention, detection, isolation, and recovery.
o Predict threats to your network from internal and external sources.
o Design a process for responding to incidents.
o Design segmented networks.
o Design a process for recovering services.
103. Analyze technical constraints when designing security.
o Identify capabilities of the existing infrastructure.
o Identify technology limitations.
o Analyze interoperability constraints.
Lecture Focus Questions:






What is the difference between a threat and a risk?
Why is it impossible to eliminate all risk?
When might accepting risk be a better choice than deploying a
countermeasure to reduce the risk?
Why is availability a security concern, even if data has not been lost or
compromised?
How does the principle of least privilege differ from separation of duties?
What are some key components of a security policy?
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
5
Video/Demo
Time
1.2.1 Designing Security
2:40
1.2.4 Implementation
1:01
Total
3:41
Total Time
About 15 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
6
Section 2.1: Active Directory
Preparation
This section is an overview of Active Directory, group policy and the design
concepts to consider. Students should already have a thorough knowledge of
Active Directory before taking this course.
Designing Security Objectives


202.
o
401.
o
Design a logical authentication strategy.
Design forest and domain trust models.
Design an access control strategy for directory services.
Create a delegation strategy.
Lecture Focus Questions:






Which conditions require you to create separate domains?
When must you create separate forests?
Why is tree design typically not a concern when finalizing the Active
Directory structure?
Why would you typically move computer accounts out of the Computers
container?
What type of trust exists between domains in the same forest?
How can you enforce desktop settings on Windows 98 and NT systems?
Video/Demo
Time
2.1.1 Active Directory Overview
9:55
2.1.3 Group Policy
3:53
Total
13:48
Total Time
About 25 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
7
Section 2.2: Trusts
Preparation
This section covers the basics of trusts. Trusts enable members of one domain
to access resources in another domain. The different types of trust and their
characteristics are presented along with the two different types of trust
authentication.
Designing Security Objectives

202. Design a logical authentication strategy.
o Design certificate distribution.
o Design forest and domain trust models.
Lecture Focus Questions:




If users in domain A need to access resources in domain B, what is the
direction of trust required?
How does the direction of resource access relate to the direction of trust?
Which of the following trusts are transitive: external, forest root, shortcut?
What are the main differences between a forest root trust and an external
trust?
Video/Demo
2.2.1 Trusts
2.2.2 Trust Authentication
Total
Time
14:36
4:09
18:45
Total Time
About 25 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
8
Section 2.3: Public Key Infrastructure (PKI)
Preparation
This section discusses PKI designs. It covers the elements such as the CA
hierarchy role, CA type, and the CA access that must be considered when
planning a certificate authority structure. Also discussed are the methods for
distributing certificates and the requirements to setup certificate autoenrollment.
Designing Security Objectives


201. Design a public key infrastructure (PKI) that uses Certificate
Services.
o Design a certification authority (CA) hierarchy implementation.
Types include geographical, organizational, and trusted.
o Design enrollment and distribution processes.
o Establish renewal, revocation and auditing processes.
o Design security for CA servers.
102. Configure security templates.
Lecture Focus Questions:






Why should you typically take the root CA offline?
In a typical CA hierarchy, why isn't the root CA usually an Enterprise CA?
What are the prerequisites for using certificate autoenrollment?
In addition to defining a certificate template and modifying the
permissions, what else must you do before the certificate can be issued?
When would you typically get a certificate from a third-party CA, even if
you have an internal CA hierarchy established?
Which type of CA is normally configured to issue user and computer
certificates?
Video/Demo
Time
2.3.1 Certificate Authorities
5:38
2.3.2 Trust Authentication
9:58
2.3.2 Certificate Autoenrollment
3:05
Total
18:41
Total Time
About 30 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
9
Section 2.4: Administration
Preparation
This section discusses the elements to consider when designing a remote
administration strategy. Also discussed, are security issues that are related to
remote administrative tools and guidelines for designing an administrative
strategy.
Designing Security Objectives


203. Design security for network management.
o Manage the risk of managing networks.
o Design the administration of servers by using common
administration tools. Tools include Microsoft Management Console
(MMC), Terminal Server, Remote Desktop for Administration,
Remote Assistance, and Telnet.
o Design security for Emergency Management Services.
401. Design an access control strategy for directory services.
o Create a delegation strategy.
o Design a permission structure for directory service objects.
Lecture Focus Questions:






How does granting a user Full Control over an OU violate the principle of
least privilege?
What tool can you use to simplify Active Directory permission
assignments?
What are the limitations of using the Remote Administration Website?
How is the communication channel secured when using Remote Desktop?
MMC consoles?
Why do many organizations give administrators two user accounts?
How can you perform administrative tasks when you are logged in as a
different user without logging out first?
Video/Demo
Time
2.4.1 Administration Design
6:54
2.4.2 Delegating Control
5:02
2.4.3 MMC Consoles
3:25
Total
15:21
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
10
Total Time
About 25 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
11
Section 2.5: Update Infrastructure
Preparation
This section discusses the different methods used to automate updates for
operating system and software. Also discussed, are Software Update Services
(SUS) concepts, benefits, and uses the students should consider when designing
an SUS infrastructure. Students will also learn about the tools to use to check
software patch levels.
Designing Security Objectives

205.
o
o
o
Design a security update infrastructure.
Design a Software Update Services (SUS) infrastructure.
Design Group Policy to deploy software updates.
Design a strategy for identifying computers that are not at the
current patch level.
Lecture Focus Questions:




What are two main advantages to using Software Update Services (SUS)
over the Windows Update Website?
Which tools can you use to distribute updates to custom software that you
have developed yourself?
How can you use a single SUS server to approve updates for different
groups of computers?
What is the difference between Mbsacli and Secedit? Which tool scans
for missing operating system patches?
Video/Demo
Time
2.5.1 Update Infrastructure Design
5:03
2.5.3 SUS Concepts
6:55
2.5.5 Assessing Patch Levels
3:33
Total
15:31
Total Time
About 25 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
12
Section 3.1: Firewalls
Preparation
In this section students will learn the basics of designing a firewall solution. Any
network attached to the Internet should implement a firewall to control external
traffic by blocking or allowing it as configured by the packet filters. Also
discussed, is how a Demilitarized Zone (DMZ) is used to protect publicly
accessed resources and help isolate those resources from your internal network.
Designing Security Objectives

301. Design network infrastructure security.
o Specify the required protocols for a firewall configuration.
o Design IP filtering.
Lecture Focus Questions:





How can NAT provide limited firewall functionality?
Why might you implement IPSec filters even when you do not want to
allow or enforce IPSec?
What is an advantage of using IPSec filters over defining packet filters?
What type of servers should be placed inside the demilitarized zone?
Where should servers such as SQL and Exchange servers be placed in a
firewall design?
Video/Demo
Time
3.1.1 Firewalls
4:47
3.1.2 Demilitarized Zones (DMZs)
4:42
Total
9:29
Total Time
About 15 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
13
Section 3.2: Data Transmission
Preparation
This section discusses the concepts of securing data during transmission. A brief
overview is given of several methods that can be used and then it focuses in on
IPSec, VPN and Demand-dial strategies.
Designing Security Objectives


301.
o
o
305.
o
o
o
Design network infrastructure security.
Design an IPSec policy.
Design security for data transmission.
Design security for communication between networks.
Select protocols for VPN access.
Design VPN connectivity.
Design demand-dial routing between internal networks.
Lecture Focus Questions:









How can you force an IIS server to use TLS instead of SSL?
Which protocol is used with L2TP to provide data encryption?
Which method is typically used on a Web server to protect data
transmissions?
Which method is typically used between two computers on a LAN to
protect data transmissions?
Which method is typically used between devices communicating through
the Internet to protect data transmissions?
What are the conditions for using Kerberos for authentication with IPSec?
Which protocol used with IPSec would you choose to provide both data
encryption and authentication, AH or ESP?
What type of authentication methods are supported when using IPSec
with L2TP?
What are the configuration tasks required to establish a demand dial
connection?
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
14
Video/Demo
Time
3.2.1 Data Transmission Security
3:22
3.2.3 IPSec
3:32
3.2.5 VPN and Demand-dial
5:02
Total
11:56
Total Time
About 25 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
15
Section 3.3: Wireless Security
Preparation
This section covers elements of designing a wireless network. Discussed are
wireless types, authentication mechanisms and encryption methods. 802.1x
Authentication is discussed in greater detail than other authentication methods.
Designing Security Objectives

302. Design security for wireless networks.
o Design public and private wireless LANs.
o Design 802.1x authentication for wireless networks.
Lecture Focus Questions:






Why is dynamic WEP more secure than static WEP?
How can you protect wireless communications when connecting to a
public wireless network such as at an airport or a hotel lobby?
What type of servers must you have on your network in order to
implement 802.1x authentication?
Why would you choose PEAP-EAP-TLS over EAP-TLS?
When might you use PEAP-EAP-MSCHAPv2 over PEAP-EAP-TLS when
configuring 802.1x authentication?
What are two methods you can use to automate configuring client wireless
connections?
Video/Demo
Time
3.3.1 Wireless Design
4:30
3.3.2 Wireless Concepts
2:05
3.3.3 802.1x Design Facts
6:34
Total
13:09
Total Time
About 25 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
16
Section 3.4: IIS Security
Preparation
This section discusses the considerations for locking down an IIS Server. The
five security checks a client must go through before they can access an IIS
server and a Web page is discussed. Also discussed are the three basic
categories of authentication. SSL, a method to provide a secure transmission of
data, and certificate mapping, is also covered.
Designing Security Objectives


303. Design user authentication for Internet Information Services (IIS).
o Design user authentication for a Web site by using certificates.
o Design user authentication for a Web site by using IIS
authentication.
o Design user authentication for a Web site by using RADIUS for IIS
authentication.
304. Design security for Internet Information Services (IIS).
o Design security for Web sites that have different technical
requirements by enabling only the minimum required services.
o Design a monitoring strategy for IIS.
o Design an IIS baseline that is based on business requirements.
o Design a content management strategy for updating an IIS server.
Lecture Focus Questions:







What limitation of using Windows Integrated authentication is overcome by
using Digest authentication?
How must user passwords be stored in Active Directory when using Digest
authentication? How does Advanced Digest overcome this requirement?
What should you do to protect user logon credentials if you must support
Basic authentication?
What type of certificates are required to enable SSL on a Web server?
How can you secure FTP traffic with IIS 6.0?
How are encrypted files sent when copied to a WebDAV folder? How does
this make using SSL unnecessary?
What type of IIS server logging sends data to a SQL database?
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
17
Video/Demo
Time
3.4.1 IIS Security
5:29
3.4.2 IIS Authentication
4:52
3.4.3 SSL and Certificate Mapping
5:59
3.4.6 IIS Server Security
4:42
Total
21:02
Total Time
About 35 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
18
Section 3.5: Server Roles
Preparation
In this section students will learn how to design security to lock down security on
server roles. Also discussed are the purposes, types and methods of
implementing security templates.
Designing Security Objectives

307. Design security for servers that have specific roles. Roles include
domain controller, network infrastructure server, file server, IIS server,
terminal server, and POP3 mail server.
o Define a baseline security template for all systems.
o Create a plan to modify baseline security templates according to
role.
Lecture Focus Questions:




What is the most efficient way to apply security settings to multiple
computers?
How can you apply security settings to a single computer?
How can you make sure that current security settings on a computer
match the settings in a security template?
What feature should be disabled on e-mail servers to prevent forwarding
spam?
Video/Demo
Time
3.5.1 Server Roles
5:24
3.5.2 IIS Authentication
6:20
Total
11:44
Total Time
About 15 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
19
Section 3.6: External Access
Preparation
This section discusses using an Extranet to allow specified users who are not
within your network to access your resources. Access to the Extranet is
controlled through firewalls and appropriate authentication. Also discussed is
using qualified subordination to control which certificates are issued and the
clients to which certificates are issued.
Designing Security Objectives

306. Design security for communication with external organizations.
o Design an extranet infrastructure.
o Design a strategy for cross-certification of Certificate Services.
Lecture Focus Questions:



Why are forest root trusts typically not used for extranet access?
If users in domain A need to access resources in domain B, what is the
direction of trust required?
How do you establish trust between certification hierarchies in Windows
2003? How does this differ from the process you would use with Windows
2000?
Video/Demo
Time
3.6.1 Extranets
3:06
3.6.2 Cross-Certification
4:56
Total
8:02
Total Time
About 10 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
20
Section 4.1: Group Strategy
Preparation
In this section the students will learn the concept of using groups to create a
more secure access of resources. Types of groups, group scopes and strategies
to use groups are all discussed.
Designing Security Objectives

401. Design an access control strategy for directory services.
o Design the appropriate group strategy for accessing resources.
Lecture Focus Questions:





When assigning permissions to a resource, which group type will typically
be placed on the access control list (ACL) for the object?
How does the domain mode affect the availability of group scopes?
When is it appropriate to use universal groups? Why don't you
automatically use universal groups when multiple domains are involved?
How can you prevent any user from being added to a local group?
Why doesn't the Member of setting in a restricted group restrict group
membership to only the listed groups?
Video/Demo
Time
4.1.1 Group Strategy
13:41
4.1.2 Group Strategy Examples
10:53
Total
24:34
Total Time
About 30 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
21
Section 4.2: Access Control
Preparation
This section discusses designing an access control strategy. Windows uses
Access Control Lists (ACLs) to control access to resources such as files, printer,
and Active Directory objects. It also discusses concerns when locking down the
registry. Students will learn factors to consider when deciding whether to enable
or disable the use of an Encrypting File System (EFS).
Designing Security Objectives


402. Design an access control strategy for files and folders.
o Design a strategy for the encryption and decryption of files and
folders.
o Design a permission structure for files and folders.
o Design security for a backup and recovery strategy.
403. Design an access control strategy for the registry.
o Design a permission structure for registry objects.
Lecture Focus Questions:









What is the recommended method for assigning permissions to everyone
on a network?
What is the easiest way to manage Active Directory object permissions for
delegated administrative permissions?
How are registry permissions similar to NTFS permissions?
What type of auditing would you use to audit registry access?
How do you enforce 3DES encryption with EFS?
What are the advantages of using a PKI with EFS?
How can you recover (unencrypt) encrypted files without a data recovery
agent (DRA)?
What actions must you take on a server to enable users to save encrypted
files on the server?
How can you protect encrypted files while they are being copied to a
network share?
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
22
Video/Demo
Time
4.2.1 Access Control Lists
2:56
4.2.2 Registry Access
2:11
4.2.4 Encrypting File System (EFS)
4:09
Total
9:16
Total Time
About 20 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
23
Section 4.3: Auditing
Preparation
In this section students will learn the basics of designing an auditing strategy.
Students will learn the main points that should be considered; deployment,
minimizing auditing, and tracking exactly what is audited.
Designing Security Objectives



401. Design an access control strategy for directory services.
o Analyze auditing requirements.
402. Design an access control strategy for files and folders.
o Analyze auditing requirements.
403. Design an access control strategy for the registry.
o Analyze auditing requirements.
Lecture Focus Questions:





What is the difference between auditing for success and auditing for
failure?
What is the difference between Account Logon and Logon auditing?
What additional step must you complete in order to audit NTFS file
access?
How does Security log file management affect the usefulness of
configuring auditing?
When would you not enable auditing in a GPO applied to the domain or a
specific OU?
Video/Demo
4.3.1 Auditing
Time
5:05
Total Time
About 10 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
24
Section 5.1: Client Authentication
Preparation
This section discusses design issues of client authentication such as;
implementing single sign-on, deploying Active Directory clients for pre-2000
machines, implementing a secure LAN Manager authentication, and
implementing multi-factor authentication. Students will also learn about
authentication protocols that are used to securely transmit passwords from client
to server. Also discussed is how account policies can be used to improve
security by enforcing password and account lockout settings.
Designing Security Objectives

501. Design a client authentication strategy.
o Analyze authentication requirements.
o Establish account and password security requirements.
Lecture Focus Questions:







How can you enable the use of NTLM v2 on Windows 9x clients?
What are the requirements for implementing smart cards on a Windows
network?
What type of certificates are required by a smart card enrollment agent?
How do you require smart cards for specific users or computers?
Where are Account Policies configured?
What must you do if you have two divisions with different Account Policies
requirements?
When would you need to enable reversible encryption for passwords?
Video/Demo
Time
5.1.1 Client Authentication
4:47
5.1.2 Authentication Protocols
1:49
5.1.4 Account Policies
2:52
Total
9:28
Total Time
About 15 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
25
Section 5.2: Remote Access
Preparation
In this section students learn the authentication methods and authorization
processes for remote access. Remote access polices allow or deny remote
access connection requests based upon connection specific elements such as
group membership, time of day, or the type of connection. Students will learn
how the acronym RAP CAP will help them to remember the three steps to
authorization for access to resources.
Designing Security Objectives

502.
o
o
o
Design a security strategy for client remote access.
Design remote access policies.
Design access to internal resources.
Design an authentication provider and accounting strategy for
remote network access by using Internet Authentication Service
(IAS).
Lecture Focus Questions:



Why is the remote access policy order important when designing remote
access policies? What is the general rule to follow when determining
which policies should be at the top of the list?
How can you centralize remote access policies on a single server when
multiple remote access servers are being deployed?
When using a RADIUS solution, what type of device is identified as a
RADIUS client?
Video/Demo
Time
5.2.1 Remote Access
4:59
5.2.2 Remote Access Authorization
7:20
Total
12:19
Total Time
About 15 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
26
Section 5.3: Securing Clients
Preparation
This section summarizes the considerations you should be aware of while
planning client workstation security. These include: computer roles, Active
Directory and group policy, security templates, administrative templates, software
restrictions, and physical security.
Designing Security Objectives

503. Design a strategy for securing client computers. Considerations
include desktop and portable computers.
o Design a strategy for hardening client operating systems.
o Design a strategy for restricting user access to operating system
features.
Lecture Focus Questions:





How can structuring Active Directory appropriately help you in managing
workstation security?
What is the difference between security templates and administrative
templates?
What type of software is controlled through an Internet Zone rule?
What type of software restriction rule can you use to allow running all
internally-developed scripts (while preventing running all other scripts)?
How can physical security increase the security of client workstations
beyond what is available within the operating system and through Group
Policy?
Total Time
About 5 minutes
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
27
Practice Exams
Summary
This section provides information to help prepare students to take the exam and
to register for the exam.
Students will also have the opportunity of testing their mastery of the concepts
presented in this course to reaffirm that they are ready for the certification exam.
Certification Practice Exam (35 questions)
Scenario 1 All Questions (15 questions)
Scenario 2, All Questions (25 questions)
Scenario 3, All Questions (15 questions)
Scenario 4, All Questions (11 questions)
Scenario 5, All Questions (18 questions)
The Certification Practice Exam consists of 35 questions and has a time limit of
120 minutes -- just like the real certification exam. A passing score of 95% should
verify that the student has mastered the concepts and is ready to take the real
certification exam.
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
28
Appendix A: Approximate Time for the Course
The total time for the LabSim for Microsoft’s Designing Security for a Server 2003
Network Exam 70-298 course is approximately 8 hours and 24 minutes. The time
is calculated by adding the approximate time for each section which is calculated
using the following elements:




Video/demo times
Approximate time to read the text lesson (the length of each text lesson is
taken into consideration)
Simulations (5 minutes assigned per simulation)
Questions (1 minute per question)
Module
Sections
Time
Minute HR:MM
Course Introduction
0.0 Course Introduction
5
5
:05
15
15
30
:30
25
25
30
25
25
130
2:10
15
25
25
35
15
10
125
2:05
30
20
10
60
1:00
1.0 Conceptual Design
1.1 Identifying Security Requirements
1.2 Design and Implementation
2.0 Logical Design
2.1 Active Directory
2.2 Trusts
2.3 Public Key Infrastructure (PKI)
2.4 Administration
2.5 Update Infrastructure
3.0 Physical Design
3.1 Firewalls
3.2 Data Transmission
3.3 Wireless Security
3.4 IIS Security
3.5 Server Roles
3.6 External Access
4.0 Access Control Strategy
4.1 Group Strategy
4.2 Access Control
4.3 Auditing
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
29
5.0 Client Infrastructure Design
5.1 Client Authentication
5.2 Remote Access
5.3 Securing Clients
15
15
5
35
:35
35
15
25
15
11
18
119
1:59
504
8:24
Practice Exams
Certification Practice Exam (35 questions)
Scenario 1, All Questions (15 questions)
Scenario 2, All Questions (25 questions)
Scenario 3, All Questions (15 questions)
Scenario 4, All Questions (11 questions)
Scenario 5, All Questions (18 questions)
Total
Time
©2006 TestOut Corporation (Rev 08/06)
Designing Security for a Server 2003 Network Ver. 2 (70-298)
30