MCSA Implementing and Administering Security in a Microsoft Windows 2000 Network : 70-214 Exam
Product DescriptionExam Number/Code: 70-214
Exam Name: MCSA Implementing and Administering Security in a Microsoft Windows 2000 Network

“MCSA Implementing and Administering Security in a Microsoft Windows 2000 Network”, also known as 70-214 exam, is a Microsoft certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 150 questions to your 70-214 Exam preparation. In the 70-214 exam resources, you will cover every field and category in MCSA helping to ready you for your successful Microsoft Certification.
Exam news
Exam 70-214 became available on January 15, 2003.

• This exam retired in March 2008

Audience profile
Candidates for this exam operate in medium-sized to very large computing environments that use Windows 2000 and Active Directory. Operating systems on client computers might include Windows NT Workstation 4.0, Windows 2000 Professional, and Windows XP Professional.

Candidates have a minimum of one year of experience in implementing and administering security and network infrastructures in environments that have the following characteristics:

• Supported users range from 200 to more than 26,000.

• Physical locations range from five to more than 150.

• Infrastructures include LAN, WAN, and wireless networks.

• Typical network services and applications include file and print, database, messaging, proxy server and firewall, public key infrastructure, remote access, desktop management, and Web hosting.

• Connectivity scenarios include connecting individual offices and users at remote locations to the corporate network and connecting corporate networks to other networks and the Internet.

Credit toward certification
When you pass the Implementing and Administering Security in a Microsoft Windows 2000 Network exam, you achieve Microsoft Certified Professional (MCP) status. You also earn credit toward the following certifications:

• Elective credit toward Microsoft Certified Systems Administrator (MCSA) on Microsoft Windows 2000 certification

• Elective credit toward Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows 2000 certification

Preparation tools and resources
In addition to your hands-on experience working with the product, we recommend that you use the following tools and training to help you prepare for this exam.

Classroom training for this exam
• Course 2150: Designing a Security-Enhanced Microsoft Windows 2000 Network

• Course 2153: Implementing a Microsoft Windows 2000 Network Infrastructure

• Course 2800: Microsoft Security Clinic

Microsoft Press self-paced training
• MCSA/MCSE Self-Paced Training Kit: Implementing and Administering Security in a Microsoft Windows 2000 Network, Exam 70-214

Microsoft certified practice tests
• MeasureUp: Visit the MeasureUp Web site to take a practice test.

• Self Test Software: Visit the Self Test Software Web site to take a practice test.

Microsoft Online Resources
• TechNet: Designed for IT professionals, this site includes how-to instructions, best practices, downloads, technical chats, and much more.

• MSDN: The Microsoft Developer Network (MSDN) is a reference for developers that features code samples, technical articles, newsgroups, chats, and more.

• Training and certification newsgroups: There is a newsgroup for every Microsoft certification. By participating in the ongoing dialogue, you take advantage of a unique opportunity to exchange ideas with and ask questions of others, including more than 750 Microsoft Most Valuable Professionals (MVPs) worldwide.

Skills measured
This exam measures your ability to implement and administer security and network infrastructures that use Windows 2000 and Active Directory. Before taking the exam, you should be proficient in the job skills listed in the following matrix. The matrix shows which Official Microsoft Learning Products may help you reach competency in the skills being tested in the exam.

KEY: = The course provides a general introductory overview of this task. You will need to supplement the course with additional work. = The course includes some material to prepare you for this task. You will need to supplement the course with additional work. = The course includes material to prepare you for this task.
Skills measured by Exam 70-214 Course 2150 Course 2153 Course 2800
Implementing, Managing, and Troubleshooting Baseline Security
Configure security templates.

• Configure registry and file system permissions.

• Configure account policies.

• Configure audit policies.

• Configure user rights assignment.

• Configure security options.

• Configure system services.

• Configure restricted groups.

• Configure event logs.

Deploy security templates. Deployment methods include using Group Policy and scripting.

Troubleshoot security template problems. Considerations include Group Policy, upgraded operating systems, and mixed client-computer operating systems.

Configure additional security based on computer roles. Computer roles include Microsoft SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, Internet Information Services (IIS) server, and mobile client computer.

Configure additional security for client-computer operating systems by using Group Policy.

Implementing, Managing, and Troubleshooting Service Packs and Security Updates
Determine the current status of service packs and security updates. Tools include MBSA and HFNetChk.

Install service packs and security updates. Consideration include slipstreaming and using Remote Installation Services (RIS), custom scripts, and isolated networks.

• Install service packs and security updates on new client computers and servers. Considerations include slipstreaming and using RIS, custom scripts, and isolated networks.

Manage service packs and security updates. Considerations include server computers and remote client computers. Tools include Microsoft Software Update Service, Automatic Updates, and SMS.

Troubleshoot the deployment of service packs and security updates. Typical issues include third-party application compatibility, permissions, and version conflicts.

Implementing, Managing, and Troubleshooting Security-Enhanced Communication Channels
Configure IPSec to help protect communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers.

• Configure IPSec authentication.

• Configure appropriate encryption levels.

• Configure the appropriate IPSec protocol. Protocols include AH and ESP.

• Deploy and manage IPSec certificates. Considerations include renewing certificates.

Troubleshoot IPSec. Typical issues include IPSec rule configurations, firewall configurations, routers, and authentication.

Implement security for wireless networks.

• Configure public and private wireless LANs.

• Configure wireless encryption levels. Levels include WEP and 802.1x.

• Configure wireless network connection settings on client computers. Client-computer operating systems include Windows 2000 Professional, Windows XP Professional, and Windows CE 3.0.

Configure Server Message Block (SMB) signing to support packet authentication and integrity.

Deploy and manage SSL certificates. Considerations include renewing certificates and obtaining self-issued certificates versus public-issued certificates.

• Obtain public and private certificates.

• Install certificates for SSL.

• Renew certificates.

Configure SSL to help protect communication channels. Communication channels include client computer to Web server, Web server to SQL Server computer, client computer to Active Directory domain controller, and e-mail server to client computer.

Configuring, Managing, and Troubleshooting Authentication and Remote Access Security
Configure and troubleshoot authentication.

• Configure authentication protocols to support mixed Windows client-computer environments.

• Configure the interoperability of Kerberos authentication with UNIX computers.

• Configure authentication for extranet scenarios.

• Configure trust relationships.

• Configure authentication for members of non-trusted domain authentication.

Configure and troubleshoot authentication for Web users. Authentication types include Basic, Integrated Windows, anonymous, digest, and client certificate mapping.

Configure authentication for security-enhanced remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and Multi-factor authentication with smart cards and EAP.

Configure and troubleshoot virtual private network (VPN) protocols. Considerations include Internet service provider (ISP), client-computer operating system, Network Address Translation (NAT) devices, Routing and Remote Access server, and firewall server.

Free PassGuide Practice Engine Demo Download Pass4sure offers free demos for each certification exam, including all IT vendors. You can check out the testing engine software, or pdf file question quality and usability of our practice exams before you decide to buy it. We are the only one site that offers demos for almost all IT certification exams.If you want to try p4s exam practice engine demo. http://demo.passguide.com/download

Manage client-computer configuration for remote access security. Tools include remote access policy and Connection Manager Administration Kit.

Implementing and Managing a Public Key Infrastructure (PKI) and Encrypting File System (EFS)
Install and configure Certificate Authority (CA) hierarchies. Considerations include enterprise, standalone, and third-party.

• Install and configure the root, intermediate, and issuing CA. Considerations include renewals and hierarchy.

• Configure certificate templates. Considerations include LDAP queries, HTTP queries, and third-party CAs.

• Configure the publication of Certificate Revocation Lists (CRLs).

• Configure public key Group Policy.

• Configure certificate renewal and enrollment.

• Deploy certificates to users, computers, and CAs.

Manage Certificate Authorities (CAs). Considerations include enterprise, stand-alone, and third-party.

• Enroll and renew certificates.

• Revoke certificates.

• Manage and troubleshoot Certificate Revocation Lists (CRLs). Considerations include publishing the CRL.

• Back up and restore the CA.

Manage client-computer and server certificates. Considerations include SMIME, EFS, exporting, and storage.

• Publish certificates through Active Directory.

• Issue certificates using MMC, Web enrollment, programmatic, or auto enrollment using Windows XP.

• Recover KMS-issued keys.

Manage and troubleshoot EFS. Considerations include domain members, workgroup members, and client-computer operating systems.

Monitoring and Responding to Security Incidents
Configure and manage auditing. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Network Monitor Log, and RAS log files.

• Manage audit log retention.

• Manage distributed audit logs by using EventComb.

Analyze security events. Considerations include reviewing logs and events.

Respond to security incidents. Incidents include hackers, viruses, denial-of-service (DoS) attacks, natural disasters, and maintaining chains of evidence.

• Isolate and contain the incident. Considerations include preserving the chain of evidence.

• Implement counter measures.

• Restore services.

QUESTION 1:

You are the network administrator for Certkiller . The network consists of a Windows
2000 Active Directory domain named Certkiller .com.
You have deployed a new Windows 2000 Server computer as a Web server in the perimeter network (also known as the DMZ). The Web server is not a member of
Certkiller .com. A firewall between the network and the DMZ is configured to allow only
HTTP traffic to be sent from the DMZ to the private network.
Your Web server administrator creates a security template named Webserver.inf that defines the default security settings required for the Web server. The security template settings must be enforced at the Web server and applied at regular intervals.
What should you do?

A. Make the Web server a member of the Certkiller .com domain and place the Web server computer account into a new organizational unit (OU).
Import the Webserver.inf security template to the Default Domain Policy.
B. Create a batch file that applies the security template by using the secedit /configure
/cfg Webserver.inf /db web.sdb command.
In Scheduled Tasks, create a new task to run the batch file daily.
C. Apply the security template using the Security Configuration and Analysis console on the Web server.
Create a batch file that updates the security policy of the Web server by using the secedit
/refreshpolicy machine_policy /enforce command.
In Scheduled Tasks, create a new task to run the batch file daily.
D. Import the Webserver.inf security template to the Local Computer policy of the Web server.
Create a batch file that updates the security policy of the Web server by using the secedit
/refreshpolicy machine_policy /enforce command.
In Scheduled Tasks, create a new task to run the batch file daily. Answer: C
Explanation:
We apply the security template using the Security Configuration and Analysis console. We then update the security policy at regular intervals using a scheduled task.
Incorrect Answers
A: We do not want to apply the Webserver.inf to all computers in the domain. B: We do repeatedly have to apply the security template.
D: The initial template applied to a computer is called the Local Computer Policy. It is not a good practice to change this template.

QUESTION 2:

You are the network administrator for Certkiller . The network consists of a Windows
2000 Active Directory domain. The domain contains two Windows 2000 domain

TK

070-214

controllers and 500 Windows 2000 Professional computers.
The relevant portion of the Active Directory hierarchy is shown in the exhibit.

The user accounts for all administrators are located in the IT_Users organizational unit
(OU). All other user accounts are located in the Employee_Users OU. The client computer accounts for the administrators’ computers are located in the IT_Computers OU. All other client computer accounts are located in the Employee_Computers OU.
You company employs 10 security auditors to ensure that servers and client computers comply with the written security policy of Certkiller . You create a domain security group named Security_Audit. You add the computer accounts for each security auditor to this group.
You create several Group Policy objects (GPOs) and link them to the Employees OU. The GPOs configure security settings to enforce the written policy. The priority and configuration of each GPO are shown in the following table.

GPO
name
Policy
Setting

Object with Read and Apply
Group Policy Permissions
Priority
No Override

GPO1
Audit object access
Success and Failure
AuthenticateUsers
Security_Audit
1

GPO2
Audit logon
Failure
Security_Audit
2

TK

070-214

events

GPO3
Audit account logon events
Success

AuthenticateUsers
Security_Audit
3
X
You discover that the Security logs on many client computers are full of successful object access events from the users of the client computers. You do not want users to be audited when they access files on their own computers. However, you want the security auditors
to be audited when they access any file on any client computer. What should you do?

A. Clear the No Override check box in GPO3.
B. Remove the Authenticated Users group from the DACL for GPO1.
C. Configure the policy settings for GPO3 so that success and failure events are audited.
D. Configure the DACL for GPO1 so that the Authenticated Users group has Deny – Apply Group Policy permission.
Answer: B Explanation:
By removing the Authenticated Users group from the DACL of GPO1, only members of the Security_Auditgroup would be audited for Object Access.
Incorrect Answers
A, C: GPO1 would still be applied, and object Access by the Authenticated Users group would still be audited.
D: The auditors, like all users, belong to the Authenticated Users group. They would also
be receive Deny – Apply Group Policy permission, and they would not be audited contrary to the requirements in this scenario.

QUESTION 3:

You are the network administrator for Certkiller . The network consists if a Windows
2000 Active Directory domain. The domain contains five Windows 2000 Server domain controllers and 50 Windows NT Workstation 4.0 computers.
You perform a clean installation of Windows 2000 Professional on four client computers. You do not install Internet Information Services (IIS) on these computers.
The written security policy for Certkiller allows Windows 2000 Professional users to install and run IIS. Every computer running IIS must be configured to meet the written policy before the computer can be connected to Certkiller network.
You want to ensure that the written policy for IIS is enforced automatically if IIS is installed on a Windows 2000 Professional computer.
What should you do before the user receive their computers?

pass4sure 70-214
Questions and Answers : 150 questions Expected Date: October 22nd , 2008 Price: $129.99 $89.99 Pre-Buy price: $62.99 Save $27

Free download:pass4sure microsoft 70-214 v2.83
Free download:testking microsoft 70-214 v2.83

PassGuide provides high-quality test materials, for example, Cisco CCNA CCNP CCIE, Comptia A + NETWORK + Security +, Juniper jncia, jncis, Vmware VCP-410,certification practice exams and so on.We are committed to give full refund to candidates if they fail the exam with use of our products.And we are confident to make such a guarantee. Buy Best Practice Exam,high-quality ,100% Guarantee ,Pls contact me,Mail:Sales@passguide.com

P4S Free Downloads

Type	Exam Braindumps	New Questions & Answers	Latest Updated	Available link
	All Pass4sure's Exam Pack	858	1 days ago	Download Free Testing Engines

PassGuide Braindumps-Free Test king Help You Quick Pass Any it Certifications Exams

Click links: www.testking.la/braindumps/free/down/crack/all/testking