Preparation Guide for Exam 70-214
Implementing and Administering Security in a Microsoft Windows 2000 Network
On This Page
 | Exam news |
| Audience profile |
| Credit toward certification |
| Preparation tools and resources |
| Skills measured |
Exam news
Exam 70-214 became available on January 15, 2003.
| • | This exam retired in March 2008 |
Audience profile
Candidates for this exam operate in medium-sized to very large computing environments that use Windows 2000 and Active Directory. Operating systems on client computers might include Windows NT Workstation 4.0, Windows 2000 Professional, and Windows XP Professional.
Candidates have a minimum of one year of experience in implementing and administering security and network infrastructures in environments that have the following characteristics:
| • | Supported users range from 200 to more than 26,000. |
| • | Physical locations range from five to more than 150. |
| • | Infrastructures include LAN, WAN, and wireless networks. |
| • | Typical network services and applications include file and print, database, messaging, proxy server and firewall, public key infrastructure, remote access, desktop management, and Web hosting. |
| • | Connectivity scenarios include connecting individual offices and users at remote locations to the corporate network and connecting corporate networks to other networks and the Internet. |
Credit toward certification
When you pass the Implementing and Administering Security in a Microsoft Windows 2000 Network exam, you achieve Microsoft Certified Professional (MCP) status. You also earn credit toward the following certifications:
| • | Elective credit toward Microsoft Certified Systems Administrator (MCSA) on Microsoft Windows 2000 certification |
| • | Elective credit toward Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows 2000 certification |
Preparation tools and resources
In addition to your hands-on experience working with the product, we recommend that you use the following tools and training to help you prepare for this exam.
Classroom training for this exam
| • | Course 2150: Designing a Security-Enhanced Microsoft Windows 2000 Network |
| • | Course 2153: Implementing a Microsoft Windows 2000 Network Infrastructure |
| • | Course 2800: Microsoft Security Clinic |
Microsoft Press self-paced training
| • |
Microsoft certified practice tests
| • | MeasureUp: Visit the MeasureUp Web site to take a practice test. |
| • | Self Test Software: Visit the Self Test Software Web site to take a practice test. |
Microsoft Online Resources
| • | TechNet: Designed for IT professionals, this site includes how-to instructions, best practices, downloads, technical chats, and much more. |
| • | MSDN: The Microsoft Developer Network (MSDN) is a reference for developers that features code samples, technical articles, newsgroups, chats, and more. |
| • | Training and certification newsgroups: There is a newsgroup for every Microsoft certification. By participating in the ongoing dialogue, you take advantage of a unique opportunity to exchange ideas with and ask questions of others, including more than 750 Microsoft Most Valuable Professionals (MVPs) worldwide. |
Skills measured
This exam measures your ability to implement and administer security and network infrastructures that use Windows 2000 and Active Directory. Before taking the exam, you should be proficient in the job skills listed in the following matrix. The matrix shows which Official Microsoft Learning Products may help you reach competency in the skills being tested in the exam.
| KEY: |  = The course provides a general introductory overview of this task. You will need to supplement the course with additional work.  = The course includes some material to prepare you for this task. You will need to supplement the course with additional work.  = The course includes material to prepare you for this task. |
| Skills measured by Exam 70-214 | Course 2150 | Course 2153 | Course 2800 | ||||||||||||||||
| Implementing, Managing, and Troubleshooting Baseline Security | |||||||||||||||||||
Configure security templates.
|  | ||||||||||||||||||
Deploy security templates. Deployment methods include using Group Policy and scripting. | | ||||||||||||||||||
Troubleshoot security template problems. Considerations include Group Policy, upgraded operating systems, and mixed client-computer operating systems. | | ||||||||||||||||||
Configure additional security based on computer roles. Computer roles include Microsoft SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, Internet Information Services (IIS) server, and mobile client computer. | |||||||||||||||||||
Configure additional security for client-computer operating systems by using Group Policy. | | ||||||||||||||||||
| Implementing, Managing, and Troubleshooting Service Packs and Security Updates | |||||||||||||||||||
Determine the current status of service packs and security updates. Tools include MBSA and HFNetChk. |  | ||||||||||||||||||
Install service packs and security updates. Consideration include slipstreaming and using Remote Installation Services (RIS), custom scripts, and isolated networks.
| | ||||||||||||||||||
Manage service packs and security updates. Considerations include server computers and remote client computers. Tools include Microsoft Software Update Service, Automatic Updates, and SMS. | | ||||||||||||||||||
Troubleshoot the deployment of service packs and security updates. Typical issues include third-party application compatibility, permissions, and version conflicts. | | ||||||||||||||||||
| Implementing, Managing, and Troubleshooting Security-Enhanced Communication Channels | |||||||||||||||||||
Configure IPSec to help protect communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers.
| | | |||||||||||||||||
Troubleshoot IPSec. Typical issues include IPSec rule configurations, firewall configurations, routers, and authentication. | | | |||||||||||||||||
Implement security for wireless networks.
| |||||||||||||||||||
Configure Server Message Block (SMB) signing to support packet authentication and integrity. | | ||||||||||||||||||
Deploy and manage SSL certificates. Considerations include renewing certificates and obtaining self-issued certificates versus public-issued certificates.
| | ||||||||||||||||||
Configure SSL to help protect communication channels. Communication channels include client computer to Web server, Web server to SQL Server computer, client computer to Active Directory domain controller, and e-mail server to client computer. | | ||||||||||||||||||
| Configuring, Managing, and Troubleshooting Authentication and Remote Access Security | |||||||||||||||||||
Configure and troubleshoot authentication.
| | ||||||||||||||||||
Configure and troubleshoot authentication for Web users. Authentication types include Basic, Integrated Windows, anonymous, digest, and client certificate mapping. |  | | |||||||||||||||||
Configure authentication for security-enhanced remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and Multi-factor authentication with smart cards and EAP. | | | |||||||||||||||||
Configure and troubleshoot virtual private network (VPN) protocols. Considerations include Internet service provider (ISP), client-computer operating system, Network Address Translation (NAT) devices, Routing and Remote Access server, and firewall server. | | | |||||||||||||||||
Manage client-computer configuration for remote access security. Tools include remote access policy and Connection Manager Administration Kit. | | ||||||||||||||||||
| Implementing and Managing a Public Key Infrastructure (PKI) and Encrypting File System (EFS) | |||||||||||||||||||
Install and configure Certificate Authority (CA) hierarchies. Considerations include enterprise, standalone, and third-party.
| | | |||||||||||||||||
Manage Certificate Authorities (CAs). Considerations include enterprise, stand-alone, and third-party.
| | | |||||||||||||||||
Manage client-computer and server certificates. Considerations include SMIME, EFS, exporting, and storage.
| | | |||||||||||||||||
Manage and troubleshoot EFS. Considerations include domain members, workgroup members, and client-computer operating systems. | | ||||||||||||||||||
| Monitoring and Responding to Security Incidents | |||||||||||||||||||
Configure and manage auditing. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Network Monitor Log, and RAS log files.
| | | |||||||||||||||||
Analyze security events. Considerations include reviewing logs and events. | | | |||||||||||||||||
Respond to security incidents. Incidents include hackers, viruses, denial-of-service (DoS) attacks, natural disasters, and maintaining chains of evidence.
| | | |
Note This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format.
| • | Learn more and download samples |