| Planning and Implementing Server
Roles and Server Security |
Configure security for servers that are assigned specific roles
|
Plan a secure baseline installation
- Plan a strategy to enforce system default security settings
on new systems
- Identify client operating system default security settings
- Identify all server operating system default security
settings
|
Plan security for servers that are assigned specific roles,
including domain controllers, Web servers, database servers, and
mail servers
- Deploy the security configuration for servers that are
assigned specific roles
- Create custom security templates based on server roles
|
Evaluate and select the operating system to install on computers in
an enterprise
- Identify the minimum configuration to satisfy security
requirements
|
| Planning, Implementing, and
Maintaining a Network Infrastructure |
Plan a TCP/IP network infrastructure strategy
- Analyze IP addressing requirements
- Plan an IP routing solution
- Create an IP subnet scheme
|
Plan and modify a network topology
- Plan the physical placement of network resources
- Identify network protocols to be used
|
Plan an Internet connectivity strategy
|
Plan network traffic monitoring using Network Monitor and System
Monitor
|
Troubleshoot connectivity to the Internet
- Diagnose and resolve issues related to Network Address
Translation (NAT)
- Diagnose and resolve issues related to name resolution cache
information
- Diagnose and resolve issues related to client configuration
|
Troubleshoot TCP/IP addressing
- Diagnose and resolve issues related to client computer
configuration
- Diagnose and resolve issues related to DHCP server address
assignment
|
Plan a host name resolution strategy
- Plan a DNS namespace design
- Plan zone replication requirements
- Plan a forwarding configuration
- Plan for DNS security
- Examine the interoperability of DNS with third-party DNS
solutions
|
Plan a NetBIOS name resolution strategy
- Plan a WINS replication strategy
- Plan NetBIOS name resolution by using the Lmhosts file
|
Troubleshoot host name resolution
- Diagnose and resolve issues related to DNS services
- Diagnose and resolve issues related to client computer
configuration
|
Planning, Implementing, and
Maintaining Routing and Remote Access
|
Plan a routing strategy
- Identify routing protocols to use in a specified environment
- Plan routing for IP multicast traffic
|
Plan security for remote access users
- Plan remote access policies
- Analyze protocol security requirements
- Plan authentication methods for remote access clients
|
Implement secure access between private networks
- Create and implement an IPSec policy
|
Troubleshoot TCP/IP routing using route, tracert, ping, pathping,
netsh, & Network Monitor
|
| Planning, Implementing, and
Maintaining Server Availability |
Plan services for high availability
- Plan a high availability solution that uses clustering
services
- Plan a high availability solution that uses Network Load
Balancing
|
Identify system bottlenecks, including memory, processor, disk, and
network related bottlenecks
- Identify system bottlenecks by using System Monitor
|
Implement a cluster server
- Recover from cluster node failure
|
Manage Network Load Balancing, using Network Load Balancing Monitor
Microsoft Management Console (MMC) snap-in and the WLBS cluster
control utility
|
Plan a backup and recovery strategy
- Identify appropriate backup types including: full,
incremental, and differential
- Plan a backup strategy that uses volume shadow copy
- Plan system recovery that uses Automated System Recovery
(ASR)
|
| Planning and Maintaining Network
Security |
Configure network protocol security
- Configure protocol security in a heterogeneous client
computer environment
- Configure protocol security by using IPSec policies
|
Configure security for data transmission
- Configure IPSec policy settings
|
Plan for network protocol security
- Specify the required ports and protocols for specified
services
- Plan an IPSec policy for secure network communications
|
Plan secure network administration methods
- Create a plan to offer Remote Assistance to client computers
- Plan for remote administration by using Terminal Services
|
Plan security for wireless networks
|
Plan security for data transmission
- Secure data transmission between client computers to meet
security requirements
- Secure data transmission by using IPSec
|
Troubleshoot security for data transmission using IP Security
Monitor MMC snap-in and the Resultant Set of Policy (RSoP) MMC
snap-in
|
Planning, Implementing, and Maintaining Security Infrastructure
|
| Configure Active Directory directory
service for certificate publication |
Plan a public key infrastructure (PKI) that uses Certificate
Services
- Identify the appropriate type of certificate authority to
support certificate issuance requirements
- Plan the enrollment and distribution of certificates
- Plan for the use of smart cards for authentication
|
Plan a framework for planning and implementing security
- Plan for security monitoring
- Plan a change and configuration management framework for
security
|
Plan a security update infrastructure using Microsoft Baseline
Security Analyzer and Microsoft Software Update Services
|