- The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 16, 2003

Windows 2003
Windows 2000
Windows XP
Book Reviews
Career Tools
Device Drivers
Hardware Guides
MCSE Toolkit
  Where to Start
  Articles & Advice
  Book Reviews
  Certification News
  Cheap Study Guides
  Exam Prep Software
  MCSE Links
Exam Guides
  Exam 70-270
  Exam 70-210
  Exam 70-215
  Exam 70-216
  Exam 70-217
  Exam 70-218
  Exam 70-219
  Exam 70-220
  Exam 70-221
  Exam 70-222
Service Packs






Windows 2000 MCSE Exam 70-220: 
Designing Security for a Microsoft Windows 2000 Network

This certification exam tests the skills required to analyze the business requirements for security and design a security solution that meets business requirements. Security includes: Controlling access to resources Auditing access to resources Authentication Encryption
Exam Objectives:
Analyzing Business Requirements

Analyze the existing and planned business models.
  • Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices.
  • Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making.

Analyze the existing and planned organizational structures. Considerations include management model; company organization; vendor, partner, and customer relationships; and acquisition plans.

Analyze factors that influence company strategies.

  • Identify company priorities.
  • Identify the projected growth and growth strategy.
  • Identify relevant laws and regulations.
  • Identify the company's tolerance for risk.
  • Identify the total cost of operations.

Analyze business and security requirements for the end user.

Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management process.

Analyze the current physical model and information security model.

  • Analyze internal and external security risks.

Analyzing Technical Requirements

Evaluate the company's existing and planned technical environment.

  • Analyze company size and user and resource distribution.
  • Assess the available connectivity between the geographic location of work sites and remote sites.
  • Assess the net available bandwidth.
  • Analyze performance requirements.
  • Analyze the method of accessing data and systems.
  • Analyze network roles and responsibilities. Roles include administrative, user, service, resource ownership, and application.
Analyze the impact of the security design on the existing and planned technical environment.
  • Assess existing systems and applications.
  • Identify existing and planned upgrades and rollouts.
  • Analyze technical support structure.
  • Analyze existing and planned network and systems management.

Analyzing Security Requirements

Design a security baseline for a Windows 2000 network that includes domain controllers, operations masters, application servers, file and print servers, RAS servers, desktop computers, portable computers, and kiosks.

Identify the required level of security for each resource. Resources include printers, files, shares, Internet access, and dial-in access.

Designing a Windows 2000 Security Solution

Design an audit policy.

Design a delegation of authority strategy.

Design the placement and inheritance of security policies for sites, domains, and organizational units.

Design an Encrypting File System strategy.

Design an authentication strategy.

  • Select authentication methods. Methods include certificate-based authentication, Kerberos authentication, clear-text passwords, digest authentication, smart cards, NTLM, RADIUS, and SSL.
  • Design an authentication strategy for integration with other systems.
Design a security group strategy.

Design a Public Key Infrastructure.

  • Design Certificate Authority (CA) hierarchies.
  • Identify certificate server roles.
  • Manage certificates.
  • Integrate with third-party CAs.
  • Map certificates.
Design Windows 2000 network services security.
  • Design Windows 2000 DNS security.
  • Design Windows 2000 Remote Installation Services (RIS) security.
  • Design Windows 2000 SNMP security.
  • Design Windows 2000 Terminal Services security.

Designing a Security Solution for Access Between Networks

Provide secure access to public networks from a private network.

Provide external users with secure access to private network resources.

Provide secure access between private networks.

  • Provide secure access within a LAN.
  • Provide secure access within a WAN.
  • Provide secure access across a public network.
Design Windows 2000 security for remote access users.

Designing Security for Communication Channels

Design an SMB-signing solution.

Design an IPSec solution.

  • Design an IPSec encryption scheme.
  • Design an IPSec management strategy.
  • Design negotiation policies.
  • Design security policies.
  • Design IP filters.
  • Define security levels.


Entire contents
© 1999-2003 and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with The products referenced in this site are provided by parties other than makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.