Things to practice for Microsoft exam 70-298

The Microsoft exam 70-298 measures an individual’s ability to design security for a Microsoft Windows Server 2003 network. Before taking the 70-298 exam, you should practice the following:

1. Plan security templates based on computer role.
2. Configure registry and file system permissions, account policies, .pol files, audit policies, user rights assignment, security options, system services, restricted groups, and event logs.
3. Deploy security templates by using Active Directory-based Group Policy objects (GPOs) and by using command-line tools and scripting.
4. Troubleshoot security template problems in a mixed operating system environment.
5. Troubleshoot security policy inheritance and removal of security template settings.
6. Plan and configure security settings and software restriction policies.
7. Plan network zones for computer roles and security for infrastructure services including DHCP and DNS.
8. Plan and configure auditing and logging for a computer role.
9. Analyze security configuration by using tools such as Microsoft Baseline Security Analyzer (MBSA), the MBSA command-line tool, and Security Configuration and Analysis.
10. Plan the deployment of service packs and hotfixes. For example, evaluating the applicability of service packs and hotfixes, testing the compatibility of service packs and hotfixes for existing applications.
11. Plan patch deployment environments for both the pilot and production phases, batch deployment of multiple hotfixes, and rollback strategy.
12. Assess current patch levels by using the MBSA GUI tool and MBSA command-line tool with scripted solutions.
13. Deploy service packs and hotfixes on new and existing servers and client computers.
14. Plan IPSec deployment such as choosing IPSec mode, authentication methods for IPSec, and test the functionality of existing applications and services.
15. Configure IPSec authentication and appropriate encryption levels.
16. Configure the appropriate IPSec protocol such as Authentication Header (AH) and Encapsulating Security Payload (ESP).
17. Configure IPSec inbound and outbound filters and filter actions.
18. Deploy IPSec policies by using Local policy objects or Group Policy objects (GPOs).
19. Deploy IPSec policies by using commands and scripts. Tools include IPSecPol and NetSh.
20. Monitor IPSec policies by using IP Security Monitor and Configure IPSec logging.
21. Troubleshoot IPSec certificates including enterprise trust policies and certificate revocation list (CRL) checking.
22. Plan the authentication and encryption methods for a wireless network.
23. Plan wireless access policies and configure wireless encryption.
24. Install and configure wireless support for client computers.
25. Configure SSL for secure communication.
26. Install certificates for SSL and Renew certificates.
27. Configure authentication for secure remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and multifactor authentication that combines smart cards and EAP.
28. Configure and troubleshoot virtual private network (VPN) protocols including Internet service provider (ISP), client operating system, network address translation devices, Routing and Remote Access servers, and firewall servers.
29. Manage client configuration for remote access security by using tools such as remote access policy and the Connection Manager Administration Kit.
30. Plan, configure, and troubleshoot trust relationships.
31. Plan and configure authentication protocols, multifactor authentication, authentication for Web users, delegated authentication.
32. Decide which types of groups to use and plan security group scope and nested group structure.
33. Configure access control lists (ACLs).
34. Plan and troubleshoot the assignment of user rights and plan requirements for digital signatures.
35. Install and configure root, intermediate, and issuing certification authorities (CAs). Considerations include renewals and hierarchy.
36. Configure certificate templates and archival and recovery of keys.
37. Configure, manage, and troubleshoot the publication of certificate revocation lists (CRLs).
38. Deploy and revoke certificates to users, computers, and CAs.
39. Back up and restore the CA.