Microsoft's first nuts-and-bolts Windows security exam guide

Late last month, Microsoft made its first real foray into certification requirements for nuts-and-bolts Windows security administration. It came in the form of a new exam preparation guide: "Implementing and Administering Security in a Microsoft Windows 2000 Network" (Exam 20-214).

I see the 70-214 exam as the first real Windows security exam from Microsoft mostly because exam 70-220 "Designing Security for a Microsoft Windows 2000 Network" -- like most designing exams -- concentrates more on analysis, security policies, postures and solutions than routine day-to-day security.

Likewise, although 70-227 "Installing, Configuring and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition" has a lot of strong security-related content, it's focused almost entirely on Microsoft's ISA product and its related firewall, Web and server publishing, proxy and application gateway capabilities.

In short, 70-214 -- scheduled for beta release in November and commercial release by early 2003 -- is the first Microsoft exam to concentrate on routine matters of Windows security implementation and maintenance for system and network administrators. A quick review of its major categories' skills matrix shows why:

• Implementing, Managing and Troubleshooting Baseline Security
  Setting policies, permissions, user rights assignments and configuring key aspects of system behavior from a security standpoint. It also covers security templates, role-based security for various types of Windows servers and managing client computer operating system security.
• Implementing, Managing and Troubleshooting Service Packs and Hot Fixes
  Use of version and status tools like MBSA and HFNetChk, and management and troubleshooting service packs and hotfixes for clients and servers.
• Implementing, Managing and Troubleshooting Secure Communication Channels
  Covers configuring, using and troubleshooting various aspects of IPSec, including authentication, encryption, related protocols and digital certificates. Also covers wireless network security issues, SMB signing and SSL certificates.
• Configuring, Managing and Troubleshooting Authentication and Remote Access Security
  Relevant authentication protocols, especially Kerberos, mixed-mode Windows authentication, UNIX interoperability and extranet authentication. Also covers Web user authentication, secure remote access authentication, VPN protocols and remote access security management.
• Implementing and Managing a Public Key Infrastructure (PKI) and Encrypting File System (EFS)
  Installation, configuration and management of Certificate Authority hierarchies including CA server roles and functions, certificate templates, CRLs, public key Group Policy, certificate renewal and enrollment, certificate deployment and backing up and restoring a CA. Also deals with certificate management issues plus managing and troubleshooting EFS.
• Monitoring and Responding to Security Incidents
  Auditing and service logging topics plus analyzing, identifying and responding to security events or incidents.

To my knowledge, this is the first and only Microsoft exam that covers operational, day-to-day security matters both broadly and specifically for Windows-based networks. I look forward to watching this exam unfold as the beta and commercial release dates approach. This could spell a whole new era of security coverage and awareness in the MCP community!

Ed Tittel is a principal at a small content development company based in Austin, Texas, and the creator of the Exam Cram series, and has worked on over 60 books on Microsoft, CompTIA, CIW, Sun/Java, and various security certifications.