The most effective way to prepare to take an exam.
The relationship between Microsoft training
materials and exam content.
Microsoft policy concerning the incorporation of
service pack and revision updates into exam content.
Exam question types and formats.
Exam time limits and number of questions asked.
We recommend that you review this preparation
guide in its entirety and familiarize yourself with the FAQs
and resources on the Microsoft Certification website before
you schedule your exam.
Audience Profile
The Microsoft Certified Systems Administrator (MCSA) on
Windows Server 2003 credential is intended for IT
professionals who work in the typically complex computing
environment of medium to large companies. An MCSA candidate
should have 6 to 12 months of experience administering
client and network operating systems in environments that
have the following characteristics:
• 250 to 5,000 or more users
• Three or more physical locations
• Three or more domain controllers
• Network services and resources such as messaging,
database, file and print, proxy server, firewall, public key
infrastructure (PKI), Internet, intranet, remote access, and
client computer management
• Connectivity requirements such as connecting branch
offices and individual users in remote locations to the
corporate network and connecting corporate networks to the
Internet
Credit Toward CertificationWhen
you pass Exam 70-699: Windows Server 2003, MCSA Security
Specialization Skills Update, you complete the requirements for the
following certification(s):Microsoft
Certified Systems Administrator: Security Specialization Plus
Recertification
Skills
Being MeasuredThis exam measures your
ability to accomplish the technical tasks listed below.The
percentages indicate the relative weight of each major topic area on the
exam.The higher the percentage, the more questions you are likely to see
on that content area on the exam.
The information after “This
objective may include but is not limited to” is intended to further
define or scope the objective by describing the types of skills and
topics that may be tested for the objective. However, it is not an
exhaustive list of skills and topics that could be included on the exam
for a given skill area. You may be tested on other skills and topics
related to the objective that are not explicitly listed here.
Managing Security for Users, Computers, and Groups
Manage local,
roaming, and mandatory user profiles.
Create and manage
computer accounts in an Active Directory environment.
This objective
may include but is not limited to: reset computer accounts
Create, manage, and
troubleshoot user and group accounts.
This objective
may include but is not limited to: identify and modify the
scope of a group; find domain groups in which a user is a
member; manage group membership; import user accounts;
diagnose and resolve account lockouts; diagnose and resolve
issues related to user account properties
Troubleshoot user
authentication issues.
This objective
may include but is not limited to: set password policies;
trust relationships; multifactor authentication
Configure access to
files and folders.
This objective
may include but is not limited to: folder shares
permissions; file permissions; verify effective permissions;
change ownership of files and folders
Monitor and analyze
security events.
This objective
may include but is not limited to: Event Viewer, System
Monitor, PerfMon, Resource Monitor (Windows Vista)
Implementing, Managing, and Maintaining Network Security
This objective
may include but is not limited to: implement security
baseline settings and audit security settings by using
security templates; implement the principle of least
privilege
Manage security for
system recovery.
This objective
may include but is not limited to: verify the data integrity
of backup job; manage backup storage media; manage backup
and restore permissions; system state data; back up files
and System State data to media
Configure security
based on server roles.
This objective
may include but is not limited to: roles such as SQL,
Microsoft Exchange, and Domain Controller; plan and
configure security settings; plan network zones for computer
roles; plan and configure software restriction policies;
audit and log computer roles (Windows events, Internet
Information Services [IIS], firewall log files, network
logons, and RAS log files); Microsoft Baseline Security
Analyzer (MBSA); Security Configuration and Analysis
Plan and deploy
security settings.
This objective
may include but is not limited to: registry and file system
permissions, account policies, audit policies, rights
assignment, security options, system services, restricted
groups, and event logs; desktop and portable client
computers, mobile devices, Group Policy, and command-line
tools and scripting; mixed operating systems, inheritance,
and removal of security template settings
Implementing, Managing, and Troubleshooting Security for Network
Communications
Configure Routing
and Remote Access user authentication.
This objective
may include but is not limited to: configure remote access
authentication protocols; configure Routing and Remote
Access policies to permit or deny access; configure security
for remote access users; authentication and VPN protocols
Plan IPsec
deployment.
This objective
may include but is not limited to: modes, authentication
methods, and functionality of existing applications and
services
Deploy and manage
IPsec policies.
This objective
may include but is not limited to: local computer policy and
Group Policy objects (GPOs), commands and scripts, and
certificate deployment; monitor and troubleshoot network
protocol security; IP Security Monitor MMC snap-in; Event
Viewer and Network Monitor; Kerberos support tools
Implement security
for wireless networks.
This objective
may include but is not limited to: authentication,
encryption methods, and policies
Install, manage,
and configure Certificate Services.
This objective
may include but is not limited to: hierarchy, renewals,
certificate templates, certificate revocation lists (CRLs),
archival and recovery of keys
Configuring Client Security Features
Configure Windows
Firewall.
This objective
may include but is not limited to: configuring rules for
multiple profiles; allowing or denying an application;
network-profile-specific rules; configuring notifications;
configuring authenticated exceptions
Configure Windows
Internet Explorer.
This objective
may include but is not limited to: configuring compatibility
view; configuring security settings; configuring providers;
managing add-ons; controlling InPrivate mode; certificates
for secure Web sites
Configure file and
folder access.
This objective
may include but is not limited to: encrypting files and
folders by using EFS; configuring NTFS permissions;
resolving effective permissions issues; copying files vs.
moving files
Configure user
account control (UAC).
This objective
may include but is not limited to: configuring local
security policy; configuring admin vs. standard UAC prompt
behaviors; configuring Secure Desktop
Configure BitLocker
and BitLocker To Go.
This objective
may include but is not limited to: configuring BitLocker and
BitLocker To Go policies; managing Trusted Platform Module
(TPM) PINs; configuring startup key storage; data recovery
agent support
Configure
application restrictions.
This objective
may include but is not limited to: setting software
restriction policies; setting application control policies;
setting through group policy or local security policy
Configure
authentication and authorization.
This objective
may include but is not limited to: resolving authentication
issues; configuring rights; managing credentials; managing
certificates; smart cards with PIV; elevating user
privileges; multifactor authentication