MCSE Implementing and Administering Security in a Microsoft Windows Server 2003 Network : 70-299 ExamExam Number/Code: 70-299
Exam Name: MCSE Implementing and Administering Security in a Microsoft Windows Server 2003 Network
VUE Code: 70-299
Questions Type: Multiple choice,
Exam Language(s): English

“MCSE Implementing and Administering Security in a Microsoft Windows Server 2003 Network”, also known as 70-299 exam, is a Microsoft certification.
Preparing for the 70-299 exam? Searching 70-299 Test Questions, 70-299 Practice Exam, 70-299 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 69 Q&As to your 70-299 Exam preparation. In the 70-299 exam resources, you will cover every field and category in MCSE helping to ready you for your successful Microsoft Certification.

Exam News
Exam 70-299 became available February 13, 2004.

Audience Profile
The Microsoft Certified Systems Administrator (MCSA) on Windows Server 2003 credential is intended for IT professionals who work in the typically complex computing environment of medium to large companies. An MCSA candidate should have 6 to 12 months of experience administering client and network operating systems in environments that have the following characteristics:

• 250 to 5,000 or more users

• Three or more physical locations

• Three or more domain controllers

• Network services and resources such as messaging, database, file and print, proxy server, firewall, public key infrastructure (PKI), Internet, intranet, remote access, and client computer management

• Connectivity requirements such as connecting branch offices and individual users in remote locations to the corporate network and connecting corporate networks to the Internet

Credit Toward Certification
When you pass the Implementing and Administering Security in a Microsoft Windows Server 2003 Network exam, you achieve Microsoft Certified Professional (MCP) status. You also earn credit toward the following certifications:

• Core credit toward Microsoft Certified Systems Administrator (MCSA): Security on Microsoft Windows Server 2003 certification

• Core credit toward Microsoft Certified Systems Engineer (MCSE): Security on Microsoft Windows Server 2003 certification

• Elective credit toward Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows Server 2003 certification

• Elective credit toward Microsoft Certified Systems Administrator (MCSA) on Microsoft Windows Server 2003 certification

Preparation Tools and Resources
We make a wealth of preparation tools and resources available to you, including courses, books, practice tests, and Microsoft Web sites. When you are ready to prepare for this exam, here’s where you should start.

Instructor-led Courses for This Exam
• Course 2823: Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Microsoft Press Self-Paced Training Products
• MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Microsoft Certified Practice Tests
• MeasureUp: Visit the MeasureUp Web site to take a practice test.

• Self Test Software: Visit the Self Test Software Web site to take a practice test.

Microsoft Online Resources
• TechNet: Designed for IT professionals, this site includes How-tos, best practices, downloads, technical chats, and much more.

• MSDN: The Microsoft Developer Network (MSDN) is a reference for developers, featuring code samples, technical articles, newsgroups, chats, and more.

• Training & Certification Newsgroups: A newsgroup exists for every Microsoft certification. By participating in the ongoing dialogue, you take advantage of a unique opportunity to exchange ideas with and ask questions of others, including more than 750 Microsoft Most Valuable Professionals (MVPs) worldwide.

Skills Being Measured
This certification exam measures your ability to implement, manage, maintain, and troubleshoot security in a Windows Server 2003 network infrastructure and also plan and configure a Windows Server 2003 PKI. Before taking the exam, you should be proficient in the job skills listed in the following matrix. The matrix shows which Official Microsoft Learning Products may help you reach competency in the skills being tested in the exam.

KEY: = The course provides a general introductory overview of this task. You will need to supplement the course with additional work = The course includes some material to prepare you for this task. You will need to supplement the course with additional work = The course includes material to prepare you for this task
Skills measured by exam 70-299 Course 2823
Implementing, Managing, and Troubleshooting Security Policies
Plan security templates based on computer role. Computer roles include SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, and Internet Information Services (IIS) server.

Configure security templates.

• Configure registry and file system permissions.

• Configure account policies.

• Configure .pol files.

• Configure audit policies.

• Configure user rights assignment.

• Configure security options.

• Configure system services.

• Configure restricted groups.

• Configure event logs.

Deploy security templates.

• Plan the deployment of security templates.

• Deploy security templates by using Active Directory-based Group Policy objects (GPOs).

• Deploy security templates by using command-line tools and scripting.

Troubleshoot security template problems.

• Troubleshoot security templates in a mixed operating system environment.

• Troubleshoot security policy inheritance.

• Troubleshoot removal of security template settings.

Configure additional security based on computer roles. Server computer roles include SQL Server computer, Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, and Internet Information Services (IIS) server. Client computer roles include desktop, portable, and kiosk.

• Plan and configure security settings.

• Plan network zones for computer roles.

• Plan and configure software restriction policies.

• Plan security for infrastructure services. Services include DHCP and DNS.

• Plan and configure auditing and logging for a computer role. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Netlog, and RAS log files.

• Analyze security configuration. Tools include Microsoft Baseline Security Analyzer (MBSA), the MBSA command-line tool, and Security Configuration and Analysis.

Implementing, Managing, and Troubleshooting Patch Management Infrastructure
Plan the deployment of service packs and hotfixes.

• Evaluate the applicability of service packs and hotfixes.

• Test the compatibility of service packs and hotfixes for existing applications.

• Plan patch deployment environments for both the pilot and production phases.

• Plan the batch deployment of multiple hotfixes.

• Plan rollback strategy.

Assess the current status of service packs and hotfixes. Tools include MBSA and the MBSA command-line tool.

• Assess current patch levels by using the MBSA GUI tool.

• Assess current patch levels by using the MBSA command-line tool with scripted solutions.

Deploy service packs and hotfixes.

• Deploy service packs and hotfixes on new servers and client computers. Considerations include slipstreaming, custom scripts, and isolated installation or test networks.

• Deploy service packs and hotfixes on existing servers and client computers.

Implementing, Managing, and Troubleshooting Security for Network Communications
Plan IPSec deployment.

• Decide which IPSec mode to use.

• Plan authentication methods for IPSec.

• Test the functionality of existing applications and services.

Configure IPSec policies to secure communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers.

• Configure IPSec authentication.

• Configure appropriate encryption levels. Considerations include the selection of perfect forward secrecy (PFS) and key lifetimes.

• Configure the appropriate IPSec protocol. Protocols include Authentication Header (AH) and Encapsulating Security Payload (ESP).

• Configure IPSec inbound and outbound filters and filter actions.

Deploy and manage IPSec policies.

• Deploy IPSec policies by using Local policy objects or Group Policy objects (GPOs).

• Deploy IPSec policies by using commands and scripts. Tools include IPSecPol and NetSh.

• Deploy IPSec certificates. Considerations include deployment of certificates and renewing certificates on managed and unmanaged client computers.

Troubleshoot IPSec.

• Monitor IPSec policies by using IP Security Monitor.

• Configure IPSec logging. Considerations include Oakley logs and IPSec driver logging.

• Troubleshoot IPSec across networks. Considerations include network address translation, port filters, protocol filters, firewalls, and routers.

• Troubleshoot IPSec certificates. Considerations include enterprise trust policies and certificate revocation list (CRL) checking.

Plan and implement security for wireless networks.

• Plan the authentication methods for a wireless network.

• Plan the encryption methods for a wireless network.

• Plan wireless access policies.

• Configure wireless encryption.

• Install and configure wireless support for client computers.

Deploy, manage, and configure SSL certificates, including uses for HTTPS, LDAPS, and wireless networks. Considerations include renewing certificates and obtaining self-issued certificates instead of publicly issued certificates.

• Obtain self-issued certificates and publicly issued certificates.

• Install certificates for SSL.

• Renew certificates.

• Configure SSL to secure communication channels. Communication channels include client computer to Web server, Web server to SQL Server computer, client computer to Active Directory domain controller, and e-mail server to client computer.

Configure security for remote access users.

• Configure authentication for secure remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and multifactor authentication that combines smart cards and EAP.

• Configure and troubleshoot virtual private network (VPN) protocols. Considerations include Internet service provider (ISP), client operating system, network address translation devices, Routing and Remote Access servers, and firewall servers.

• Manage client configuration for remote access security. Tools include remote access policy and the Connection Manager Administration Kit.

Planning, Configuring, and Troubleshooting Authentication, Authorization, and PKI
Plan and configure authentication.

• Plan, configure, and troubleshoot trust relationships.

• Plan and configure authentication protocols.

• Plan and configure multifactor authentication.

Free PassGuide Practice Engine Demo Download Pass4sure offers free demos for each certification exam, including all IT vendors. You can check out the testing engine software, or pdf file question quality and usability of our practice exams before you decide to buy it. We are the only one site that offers demos for almost all IT certification exams.If you want to try p4s exam practice engine demo. http://demo.passguide.com/download

• Plan and configure authentication for Web users.

• Plan and configure delegated authentication.

Plan group structure.

• Decide which types of groups to use.

• Plan security group scope.

• Plan nested group structure.

Plan and configure authorization.

• Configure access control lists (ACLs).

• Plan and troubleshoot the assignment of user rights.

• Plan requirements for digital signatures.

Install, manage, and configure Certificate Services.

• Install and configure root, intermediate, and issuing certification authorities (CAs). Considerations include renewals and hierarchy.

• Configure certificate templates.

• Configure, manage, and troubleshoot the publication of certificate revocation lists (CRLs).

• Configure archival and recovery of keys.

• Deploy and revoke certificates to users, computers, and CAs.

• Backup and restore the CA.

QUESTION 1:

You work as the network administrator at Certkiller .com. The Certkiller .com network consists of a single Active Directory domain named Certkiller .com. All servers on the Certkiller .com network run Windows Server 2003 and all client computers run Windows XP Professional.
At Certkiller .com there are two Routing and Remote Access servers named Certkiller -SR12 and Certkiller -SR21. There is also an Internet Authentication Services server named Certkiller -SR15. The IAS server is set to provide
accounting and centralized authentication of users connecting via Certkiller -SR12 and Certkiller -SR21. There are certain Certkiller .com network users who need to work from home. They will all require 24 hour access 7 days a week.
It is your responsibility to create the appropriate remote access policies for
Certkiller .com. To accommodate all the Remote access users you create a remote access policy that is configured to allow the Remote Users group the appropriate access to the VPN. For a while the network operated normally but certain remote users started complaining about not being able to access the VPN. You investigate and discover all the successfully connected users connected using a local user account located on Certkiller -SR15. You need to ensure that remote access is available whilst using the least amount of administrative effort.
What should you do?

A. Check whether Certkiller -SR12 and Certkiller -SR21 are set to support RADIUS
accounting and authentication
B. Add Certkiller -SR12 and Certkiller -SR21 to the RAS and IAS Servers group in
Active Directory
C. Promote the IAS server Certkiller -SR15 to a domain controller
D. Add Certkiller -SR15 to the RAS and IAS Server group in Active Directory

Answer: D

Explanation: The IAS server requires being able to read all user objects attributes which can be achieved by adding Certkiller -SR15 to the RAS and IAS Servers group in Active Directory.
Incorrect Answers:
A: The scenario states that some users connect successfully. Thus it means that the
Routing and Remote Access servers are configured properly.
B: These servers do not require being added to the RAS and IAS Servers group as they do not actually authenticate the user accounts.
C: This option will also achieve the scenario objective but requires too much administrative effort.

QUESTION 2:

You work as the network administrator at Certkiller .com. The Certkiller .com

network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003. Half the client computers are portable computers, and the rest are desktop computers. The client computers are running a mix of Windows 2000 Professional Windows XP Professional.
There are many Certkiller .com Sales department users that work out of the office due to the nature of their job description. These Sales department users require
access to resources on Certkiller .com when out of the office. It is your responsibility to provide the Sales department users with access to the network. To this end you have
five servers that are running with Routing and Remote Access services configured for VPN connectivity. All these servers are configured with the same remote access
policy.
A new written security policy has recently been issued by the Certkiller .com management and consequently you had to reconfigure the policies on each of these servers. Because of the policy changes you received instruction to centralize the remote access policies to ensure that any future changes to the policies can be made once and applied to all remote access servers.
What should you do?

A. A Domain Group Policy to apply any changes should be configured.
B. The Routing and Remote Access servers must be configured to use Internet
Authentication Services (IAS).
C. An application directory partition must be implemented.
D. Extensible Authentication Protocol (EAP) should be configured on all the Routing and
Remote Access servers. Answer: B
Explanation: IAS makes use of Remote Authentication Dial-In User Service (RADIUS)
to centralize policies, logging, and authentication services from a single location. This would be ideal under the circumstances of ever-changing policy application.
Incorrect answers:
A: Remote policies are not stored in group policies. Thus configuring a Domain Group policy will not centralize the policies.
C: Implementing an application directory partition will not centralize remote access policies. These partitions are used to create a section of the Active Directory database for application specific data to control replication and not for centralization of remote
policies.
D: EAP is an authentication protocol and is not used to centralize remote access policies.

QUESTION 3:

You work as the network administrator at Certkiller .com. The Certkiller .com network consists of a single Active Directory domain named Certkiller .com. All servers on the Certkiller .com network run Windows Server 2003 and some run Windows 2000 Server and all client computers are laptop computers that run

Windows XP Professional.
At Certkiller .com there are two Routing and Remote Access servers named Certkiller -SR02 and Certkiller -SR05 respectively. The Routing and Remote Access servers are configured to accept connection requests through VPN and dial-up connections. The laptop client computers of the Certkiller .com domain
currently make use of the MS-CHAP v2 protocol for authenticating to the network.
A new Certkiller .com written security policy requires centralized remote connection authentications. The policy further states that all remote connections to the
Certkiller .com corporate network authenticate using smart cards ensuring the data is encrypted with L2TP with IPSec. To this end you have received instruction from the CIO to comply with the security policy. You thus need to plan a new design for both VPN and dial-up connections.
What should you do?

A. An IAS server and VPN server must be added to the domain.
Certkiller -SR02 and Certkiller -SR05 and the new VPN server must be configured
to use the IAS server for authentication and make use of the EAP-TLS protocol for authentication on the IAS server
B. An additional VPN server must be added to the domain.
Certkiller -SR02 and Certkiller -SR05 must be configured to use the new VPN
server for authentication and make use of the EAP-TLS protocol for authentication on the
VPN server.
C. An additional IAS server and VPN server must be added to the domain.
Certkiller -SR02 and Certkiller -SR05 and the new VPN server must be configured
to use the IAS server for authentication and make use of the MS-CHAP v2 protocol for authentication on the IAS server.
D. An additional VPN server must be added to the domain.
Certkiller -SR02 and Certkiller -SR05 must be configured to use the new VPN
server for authentication and make use of the MS-CHAP v2 protocol for authentication on the VPN server.

Answer: A

Explanation: In the scenario you are required to use smartcards authentication and this will be achieved by adding the additional IAS server to the domain and
configuring your Routing and Remote Access Service servers to use the added IAS
server which should be configured to use EAP-TLS for authentication as this protocol supports the use of smartcards.
Incorrect Answers:
B: The problem with this implementation is that the authentication will not be centralized
as the scenario state it is imperative authentication is centralized.
C: There is only one problem in this option and that’s the use of MS-CHAP v2 as this protocol does not support smartcard authentication.
D: The problem with this implementation is that the authentication will not be centralized
as the scenario state it is imperative authentication is centralized.

QUESTION 4:

You work as the network administrator at Certkiller .com. The Certkiller .com network consists of a single Active Directory domain named Certkiller .com. All servers on the Certkiller .com network run Windows Server 2003 and all client computers run Windows XP Professional. Certkiller .com has its headquarters in Chicago and a branch office in Dallas.
You are responsible for the management of the Routing and Remote Access services
at Certkiller .com. You enable Routing and Remote Access on a server named
Certkiller -SR05. You received a list of telephone numbers of those that are
allowed to connect to the Certkiller .com network via remote access together with instruction from the CIO to configure Certkiller -SR05 to accept only connections from those numbers.
You need to configure Certkiller -SR05 to support Automatic Number Identification/Calling Line Identification (ANI/CLI). You then create a user account for each of the phone numbers on the list from which calls will be accepted. You
then create a remote access policy to support these ANI/CLI connections. Now you just need to apply the policy.
What should you do?

A. Enable the Unencrypted authentication option on the Authentication tab of the remote access profile for the policy.
B. Enable the Unauthenticated access option on the Authentication tab of the remote access profile for the policy.
C. Enable the Encrypted authentication option on the Authentication tab of the remote access profile for the policy.
D. Enable the MD5-challenge authentication option on the Authentication tab of the remote access profile for the policy.

Answer: B Explanation
: Because a user name and password are not going to be sent when an ANI/CLI
connection is made, you need to allow unauthenticated access. Thus you should enable support for unauthenticated access on the Authentication tab of the remote access policy profile for the policy. Alternative you could also configure the User Identity setting for remote access policies in the registry to direct Certkiller -SR05 or IAS server to use the number from which the user is calling as the user identity.
Incorrect answers:
A: If you enable unencrypted authentication support then you will be allowing support for clients that use the Password Authentication Protocol (PAP) and this is not what is required in this scenario.
C: You enable encrypted authentication support to allow support for clients that use
CHAP and MS-CHAP. This is not what is required in this scenario.
D: You do not need to enable support for MD5-challenge authentication.

pass4sure 70-299

Questons and Answers : 69 Q&As
Updated: 2007-11-13

Free download:pass4sure mcse 70-299 v2.83
Free download:testking mcse 70-299 v2.83

PassGuide provides high-quality test materials, for example, Cisco CCNA CCNP CCIE, Comptia A + NETWORK + Security +, Juniper jncia, jncis, Vmware VCP-410,certification practice exams and so on.We are committed to give full refund to candidates if they fail the exam with use of our products.And we are confident to make such a guarantee. Buy Best Practice Exam,high-quality ,100% Guarantee ,Pls contact me,Mail:Sales@passguide.com

P4S Free Downloads

Type	Exam Braindumps	New Questions & Answers	Latest Updated	Available link
	All Pass4sure's Exam Pack	858	1 days ago	Download Free Testing Engines

PassGuide Braindumps-Free Test king Help You Quick Pass Any it Certifications Exams

Click links: www.testking.la/braindumps/free/down/crack/all/testking