Exam 70-298:

Designing Security for a Microsoft Windows Server 2003 Network

Published:December 09, 2003
Language(s):English, French, German, Japanese
Audience(s):IT Professionals
Technology:Microsoft Windows Server 2003
Type:Proctored Exam

How To Get It: Schedule your exam through the following exam provider:

Take exam

Preparing for an Exam
This exam is scheduled to retire on July 31, 2013.
The Microsoft Certification website and this preparation guide contain a variety of resources to help you prepare for an exam. Preparing for and Taking an Exam — FAQ provides answers to frequently asked questions about exam registration ,preparation ,scoring ,and policies , including:
  • The most effective way to prepare to take an exam.
  • The relationship between Microsoft training materials and exam content.
  • Microsoft policy concerning the incorporation of service pack and revision updates into exam content.
  • Exam question types and formats.
  • Exam time limits and number of questions asked.
We recommend that you review this preparation guide in its entirety and familiarize yourself with the FAQs and resources on the Microsoft Certification website before you schedule your exam.
Audience Profile
The Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 credential is intended for IT professionals who work in the typically complex computing environment of medium to large companies. An MCSE candidate should have at least one year of experience implementing and administering a network operating system in environments that have the following characteristics:
  • 250 to 5,000 or more users
  • Three or more physical locations
  • Three or more domain controllers
  • Network services and resources such as messaging, database, file and print, proxy server, firewall, Internet, intranet, remote access, and client computer management
  • Connectivity requirements such as connecting branch offices and individual users in remote locations to the corporate network and connecting corporate networks to the Internet
In addition, an MCSE candidate should have at least one year of experience in the following areas:
  • Designing a network infrastructure
  • Implementing and administering a desktop operating system
Credit Toward CertificationExam 70-298: Designing Security for a Microsoft Windows Server 2003 Network: counts as credit toward the following certification(s):
Note This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format.
Skills Being MeasuredThis exam measures your ability to accomplish the technical tasks listed below.The percentages indicate the relative weight of each major topic area on the exam.The higher the percentage, the more questions you are likely to see on that content area on the exam.

The information after “This objective may include but is not limited to” is intended to further define or scope the objective by describing the types of skills and topics that may be tested for the objective. However, it is not an exhaustive list of skills and topics that could be included on the exam for a given skill area. You may be tested on other skills and topics related to the objective that are not explicitly listed here.
Creating the Conceptual Design for Network Infrastructure Security by Gathering and Analyzing Business and Technical Requirements
  • Analyze business requirements for designing security. Considerations include existing policies and procedures, sensitivity of data, cost, legal requirements, end-user impact, interoperability, maintainability, scalability, and risk.
    • Analyze existing security policies and procedures.
    • Analyze the organizational requirements for securing data.
    • Analyze the security requirements of different types of data.
    • Analyze risks to security within the current IT administration structure and security practices.
  • Design a framework for designing and implementing security. The framework should include prevention, detection, isolation, and recovery.
    • Predict threats to your network from internal and external sources.
    • Design a process for responding to incidents.
    • Design segmented networks.
    • Design a process for recovering services.
  • Analyze technical constraints when designing security.
    • Identify capabilities of the existing infrastructure.
    • Identify technology limitations.
    • Analyze interoperability constraints.
Creating the Logical Design for Network Infrastructure Security
  • Design a public key infrastructure (PKI) that uses Certificate Services.
    • Design a certification authority (CA) hierarchy implementation. Types include geographical, organizational, and trusted.
    • Design enrollment and distribution processes.
    • Establish renewal, revocation and auditing processes.
    • Design security for CA servers.
  • Design a logical authentication strategy.
    • Design certificate distribution.
    • Design forest and domain trust models.
    • Design security that meets interoperability requirements.
    • Establish account and password requirements for security.
  • Design security for network management.
    • Design the administration of servers by using common administration tools. Tools include Microsoft Management Console (MMC), Terminal Server, Remote Desktop for Administration, Remote Assistance, and Telnet.
    • Design security for Emergency Management Services.
    • Manage the risk of managing networks.
  • Design a security update infrastructure.
    • Design a strategy for identifying computers that are not at the current patch level.
    • Design a Software Update Services (SUS) infrastructure.
    • Design Group Policy to deploy software updates.
Creating the Physical Design for Network Infrastructure Security
  • Design network infrastructure security.
    • Specify the required protocols for a firewall configuration.
    • Design IP filtering.
    • Design an IPSec policy.
    • Secure a DNS implementation.
    • Design security for data transmission.
  • Design security for wireless networks.
    • Design public and private wireless LANs.
    • Design 802.1x authentication for wireless networks.
  • Design user authentication for Internet Information Services (IIS).
    • Design user authentication for a Web site by using certificates.
    • Design user authentication for a Web site by using IIS authentication.
    • Design user authentication for a Web site by using RADIUS for IIS authentication.
  • Design security for Internet Information Services (IIS).
    • Design security for Web sites that have different technical requirements by enabling only the minimum required services.
    • Design a monitoring strategy for IIS.
    • Design an IIS baseline that is based on business requirements.
    • Design a content management strategy for updating an IIS server.
  • Design security for communication between networks.
    • Select protocols for VPN access.
    • Design VPN connectivity.
    • Design demand-dial routing between internal networks.
  • Design security for communication with external organizations.
    • Design an extranet infrastructure.
    • Design a strategy for cross-certification of Certificate Services.
  • Design security for servers that have specific roles. Roles include domain controller, network infrastructure server, file server, IIS server, terminal server, and POP3 mail server.
    • Define a baseline security template for all systems.
    • Create a plan to modify baseline security templates according to role.
Designing an Access Control Strategy for Data
  • Design an access control strategy for directory services.
    • Design a permission structure for directory service objects.
    • Create a delegation strategy.
    • Analyze auditing requirements.
    • Design the appropriate group strategy for accessing resources.
  • Design an access control strategy for files and folders.
    • Design a strategy for the encryption and decryption of files and folders.
    • Design a permission structure for files and folders.
    • Design security for a backup and recovery strategy.
    • Analyze auditing requirements.
  • Design an access control strategy for the registry.
    • Design a permission structure for registry objects.
    • Analyze auditing requirements.
Creating the Physical Design for Client Infrastructure Security
  • Design a client authentication strategy.
    • Analyze authentication requirements.
    • Establish account and password security requirements.
  • Design a security strategy for client remote access.
    • Design an authentication provider and accounting strategy for remote network access by using Internet Authentication Service (IAS).
    • Design remote access policies.
    • Design access to internal resources.
  • Design a strategy for securing client computers. Considerations include desktop and portable computers.
    • Design a strategy for hardening client operating systems.
    • Design a strategy for restricting user access to operating system features.
Preparation Tools and ResourcesTo help you prepare for this exam, Microsoft Learning recommends that you have hands-on experience with the product and that you use the following training resources. These training resources do not necessarily cover all of the topics listed in the "Skills Measured" tab.
Learning Plans and Classroom Training
Microsoft E-Learning There is no Microsoft E-Learning training currently available.
Microsoft Press Books There are no Microsoft Press books currently available.
Practice Tests
Microsoft Online Resources
  • TechNet: Designed for IT professionals, this site includes how-to instructions, best practices, downloads, technical chats, and much more.
  • MSDN: The Microsoft Developer Network (MSDN) is a reference for developers that features code samples, technical articles, newsgroups, chats, and more.
  • Training and certification newsgroups: A newsgroup exists for every Microsoft certification. By participating in the ongoing dialogue, you take advantage of a unique opportunity to exchange ideas with and ask questions of others, including more than 750 Microsoft Most Valuable Professionals (MVPs) worldwide.
Have Questions? For advice about training and certification, connect with peers: For questions about a specific certification, chat with a Microsoft Certified Professional (MCP): To find out about recommended blogs, Web sites, and upcoming Live Meetings on popular topics, visit our community site: