#70-299

From: O.A. (oa2000_at_hotmail.com.com)
Date: 08/18/04 

Date: Wed, 18 Aug 2004 09:36:55 -0700

>-----Original Message-----

>QUESTIONS IN THE EXAM?
>THANK YOU IN ADVANCED.
>
>O.A.
>A+, N+, CCNA, SECURITY+, MCSE2003
>.

Exam 70-299: Implementing and Administering Security in a
Microsoft Windows Server 2003 Network<

Be sure to check out the Preparation Guide for Exam 70-299
(http://www.microsoft.com/learning/exams/70-299.asp)when
you are preparing for this exam!

I have to be honest: I really like this exam. Was it easy?
No. Was it the first Windows Server 2003 MCP exam you
should take? No. Was it a good exam that covered all of
the objectives listed and dug deep into some areas that
you really need to know? Yes, it was. This was not an easy
exam, not by any means. It was, however, not an impossible
exam. Some people might compare this one to the "beast" of
70-216...not that I think 70-216 is a beast in any way,
but don't think that's a valid comparison. This was a
tough, but fair, exam.

In it's beta form, exam 70-299 was known as 71-299. Either
way you slice it, here are the basic details on this beta
exam:
70 questions

180 minutes for the exam

50 minutes for post exam review, commenting and survey
taking
I would expect these numbers to be cut down to somewhere
around 50 - 55 questions in about 150 minutes when the
exam goes live in early 2004.

My grades for this exam (all on a 1 = Easy to 10 = Whoa
momma! scale):
Amount of reading required: 8

Technical content of the reading: 9

Difficulty (overall) of the questions: 8

Number of times you will have to refer back to the reading
material: 7
If you've previously taken the 70-293, 70-294 or 70-296
exams, you've definitely got an advantage in this one as a
lot of the same material is tested...only with a security
twist this time around. I would not recommend this exam to
anyone as an elective until you're nearing the end of your
MCSE certification path. If you're going to take this
exam, consider also taking the associated design exam, 70-
298, as well since there is a great deal content area
overlap.

In keeping with their promise, Microsoft has included
several different question types on this exam, including
(but not limited to):
Hot area

Active screen

Drag and drop

Tree building

Choose one correct answer

Choose multiple correct answer
Check out the full details on the question methods that
Microsoft might use at the
Frequently Asked Questions and Demos page. Now on with the
nitty gritty details...

First, and foremost, let me just say that if it is a new
security-related feature in Windows Server 2003 then you
MUST know about it. Second, if you are looking to start
getting ready for this exam, you should seriously consider
a few things:
How much experience do you have in a medium to large
Active Directory Windows 2000 or Windows Server 2003
network?

How much experience do you have with performing very
particular (and minute) configuration changes to Windows
Server 2003 computers?

How familiar are you with creating, testing, implementing
and troubleshooting your own security solution using
security templates, IPSec and digital certificates?

How much experience do you have with PKI, Certificate
Authorities, IPSec, VPNs and high level forest and domain
security administration and maintenance?
You absolutely must must must be familiar with Windows
Server 2003 to have a good chance to pass this exam.

Now, for some "top areas" that I think you ought to be
familiar and comfortable with:
SUS configuration and implementation, including all
available options for client downloads

IPSec configuration, including when to use AH and ESP by
themselves

IPSec policies

IPSec modes, tunnel vs. transport

IPSec authentication

VPN creation

RRAS policies, processing order and properties for user
accounts

EFS usage on the local computer

EFS recovery agent design

EFS usage on remote computers, delegated authority

Security template creation, usage, importing, exporting,
troubleshooting, deployment

Security template areas

Properties and functions of the preconfigured security
templates

Properties and functions of the preconfigured IPSec
policies

What is the function and operation of the IPSec default
response rule

Multiple user EFS

Delegation of authority

IIS authentication methods

WLAN authentication methods

WLAN policies and configuration, including RADIUS, 802.1x
and WEP

IIS architecture

Services configuration, security and control

Stand-alone server and workstation security issues

Implementing security templates and certificates on stand-
alone computers

CA hierarchy, planning, design and implementation

Custom certificate templates

Using the CRL and CTL

Using SMB signing

Using third-party CA certificates

When to use specific CAs

Cross forest trusts

Securing the SAM from anonymous access

Auditing (in great detail)

Configuring NTFS and share permissions

Controlling Terminal Services access

Controlling Remote Desktop access

Securing Remote Desktop access

Smart Card usage and support

GPO processing order

GPO loopback

Group scopes

Group types

Group nesting

Requirements for group scopes

Domain functional modes

Forest functional modes

SMTP configuration, including relay design

MBSA usage

mbsacli.exe usage

Security Configuration and Analysis usage

secedit.ext usage

gpupdate usage

Netsh for IPSec usage

Securing DNS zone transfers

Event Log security and analysis

IIS logging and analysis

IIS and SSL

Using ISA server with SUS

Scripting patch installation, using the uninstall option

Using logon and startup scripts

Publishing and assigning software via GPO
Overall, I would rate this exam at around 8 out of 10 in
terms of difficulty. The amount and technical depth of the
reading was very deep, even for the advanced audience that
would be taking this exam. This is an exam that you will
want to do a lot of studying, and more importantly,
practicing for before you attempt it. It is interesting to
note that I did find and comment on three problematic
questions during my exam, two of which had glaring errors
that should be corrected before this exam sees the light
of public. If you are going after your MCSE on Windows
Server 2003: Security, then you will need to pass this
exam.

Good luck!

O.A.
MCSE2003

Relevant Pages

  • RE: Value of certifications
    ... I took a 40 hour CCNA course before taking the exam. ... Through the years, I've touched on security in various fashion, and the ... law issues in the case of forensics, but we have a law department that ... So, to summarize, from a knowledge aspect: Some certs = good (you can ...
    (Security-Basics)
  • Re: Career Advancement
    ... 70-291 Implementing, Managing, and Maintaining a Windows Windows Server 2003 Network Infrastructure ... Once you have passed those you only need an elective to be an MCSA, or you can pass two more exams to earn your MCSA: Security. ... Exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network ...
    (microsoft.public.cert.exam.mcse)
  • Re: exam 70-330.
    ... >which one will see me through the exam. ... Applications with Microsoft Visual Basic .NET and Microsoft ... security and security with reference to Forms Authentication ... initialization vector to the stream. ...
    (microsoft.public.cert.exam.mcsd)
  • Re: Advise on next exam ????
    ... There is the entire book of Improving Web Application security for free ... As a lot of it doesn't completely relate to the exam, ... I don't really know of any quick online refreshers, ... Microsoft Certified Solution Developer ...
    (microsoft.public.cert.exam.mcsd)
  • Re: Advise on next exam ????
    ... I actually found the security one to be the easiest of them all - ... Microsoft Certified Solution Developer ... How hard do you feel that security exam compare to other? ... Aplication security or SQL Server ...
    (microsoft.public.cert.exam.mcsd)