MCSE Windows 2000 Designing考试指南（英文原版）

Introduction

Part 1 Exam 70-219: Designing a Microsoft Windows 2000 Directory Services Infrastructure

Chapter 1 Defining Directory Services

Common Understanding of Directory Services

Directory Services and Meta-Information

History and Types of Directory Services

Predicting the Future: Meta-Directories

Active Directory 'from the Top Down

Forests

Trees

Domains

Organizational Units

Lower-Level Objects

Data and Attributes

Sites

Directory Services in Different Versions of Windows

Top Reasons to Implement Windows 20(X) and Active Directory

Top Reasons to Implement Windows 20(X),

Top Reasons to Implement Active Directory

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 2 Analyzing Business Requirements

Analyzing the Existing and Planned Business Models

Analyzing the Company Model and the Geographical Scope

Analyzing Company Processes

Management

Company Organization

Vendor Partner and Customer Relationships

Acquisition Plans

Analyzing Factors That Influence Company Strategies

Identifying Company Priorities

Identifying the Projected Growth and Growth Strategy

Identifying Relevant Laws and Regulations

Identifying the Company's Tolerance for Risk

Identifying the Total Cost of Operations

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 3 Analyzing Technical Requirements

Evaluating Existing and Planned Technical Environment

Analyzing Company Size and User and Resource Distribution

Assessing Available Connectivity

Assessing Net Available Bandwidth

Analyzing Performance Requirements

Analyzing Data- and System-Access Patterns

Analyzing Network Roles and Responsibilities

Analyzing Security Considerations

Analyzing the Impact of Active Directory

Assessing Existing Systems and Applications

Identifying Existing and Planned Upgrades and Rollouts

Analyzing the Technical Support Structure

Analyzing Existing and Planned Network and Systems Management

Analyzing the Business Requirements for Client-Desktop Management

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 4 Designing a Directory Service Architecture

Designing an Active Directory Forest and Domain

Designing a Forest and Schema Structure

Designing a Domain Structure

Analyzing and Optimizing Trust Relationships

Designing an Active Directory Naming Strategy

Establishing the Scope of the Active Directory

Designing the Namespace

Planning DNS Strategy

Designing and Planning Organization Units

Developing an OU Delegation Plan

Planning Group Policy Object Management

Planning Policy Management for Client Computers

Planning for Coexistence

Designing an Active Directory Site Topology

Designing a Replication Strategy

Defining Site Boundaries

Designing a Schema Modification Policy

Designing an Active Directory Implementation Plan

Single-Domain Windows NT System

Single-Master-Domain Windows NT System

Multiple-Master-Domain Windows NT System

Complete-Trust-Domain Windows NT System

A New Windows 2000 Domain

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 5 Designing Your Service Locations

Designing the Placement of Operations Masters

Understanding the Roles of Operations Masters

Schema Master

Domain Naming Master

Primary Domain Controller Emulator

Infrastructure Master

Relative Identifier Master

Role Placement

Permissions

Role Changing

Disaster Recovery

Designing the Placement of Global Catalog Servers

Global Catalog Servers

Global Catalog Server Placement Considerations

Designing the Placement of Domain Controller Servers

DNS Zone Planning

DNS Lookup Zones

DNS Zone Types

Where, Oh Where Should My DNS Go?

Designing the Placement of DNS Servers

Design 1

Design 2

Design 3

Design 4

Next Steps

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Part II Exam 70-220: Designing Security for a Microsoft Windows 2000

Chapter 6 Introduction to Security

Intruder Perspectives

The Business Case

Technical Tangents of Networking and Security

User and Group Account Management

Machine Security

Network and Communication Security

Public Key Infrastructure (PKI)

The Security Life Cycle

Discovery

Design

Testing

Deployment

Evaluation

Final Steps-Feedback

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 7 Analyzing Business and Technical Requirements

Defining Security in the Enterprise

Evaluating Business Factors That Affect Security Planning

Analyzing the Existing and Planned Business Models

Analyzing Business Factors That Influence Company Strategies

Evaluating Your Technology Options in Security Planning

Analyzing the Physical and Information-Security Models

Understanding the Logical Layout of Services and Applications

Understanding the People Factor in Security Planning

Analyzing Business and Security Requirements for the End User

Analyzing Network Roles and Responsibilities

Evaluating Specific Security Vulnerabilities

Lack of IT Staff Education

Ineffective, Incomplete, or Missing Corporate Security Policies

User Education

Proactive Anti-Hacking Measures

Disaster Recovery Plan

Security Hotspots

Catywhompus Construction Updates

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Additional Resources and Information

Chapter 8 Analyzing Security Requirements

Assessing Your Current Environment

Vulnerabilities

Creating a Baseline

Developing a Security Policy

Authenticating All User Access to System Resources

Applying Appropriate Access Control to All Resources

Establishing Appropriate Trust Relationships Between Multiple Domains

Enabling Data Protection for Sensitive Data

Setting Uniform Security Policies

Deploying Secure Applications

Managing Security Administration

Implementing Your Security Policy

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 9 Designing a Windows 2000 Security Solution

Windows 2000 Security Policies

Audit Policies

Delegation of Authority

Policy Inheritance

Encrypting File System (EFS)

Design an Authentication Strategy

Authentication Methods

Security Group Strategy

Design a Public Key Infrastructure

Certificate Authority Hierarchies

Certificate Server Roles

Managing Certificates

Third-Party Certificate Authorities

Design Windows 2000 Network Services Security

DNS Security

Remote Installation Services (RIS) Security

SNMP Security

Terminal Services Security

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 10 Designing a Security Solution for Access Between Networks

Accessing the Internet

Proxy Server

Firewall

Gateway

Internet Connection Server

Common Internet File System (CIFS)

IP Security (IPSec)

Windows 2000's Default IPSec Policies

Policy Configuration

Testing Your IPSec Configuration

Virtual Private Networks (VPNs)

The VPN Server

Installing a VPN Client

Lab Exercise 10.15: Install a VPN Client

Remote Access Service

Remote Access Authorization

Chapter Review

Questions

Answers.

Key Skill Sets

Key Terms

Chapter 11 Designing Security for Communication Channels

Common Communication Channel Attacks

Designing a Signing Solution with the Server Message Block Protocol

SMB Signing Implementation

Designing IP Layer Security

Selecting IPSec Mode

Planning IPSec Protocol Usage

Using Predefined IPSec Policies

IPSec Implementation Components

Designing an IPSec Management Strategy

Defining Security Levels

Designing Negotiation Policies

Designing Security Policies and Policy Management

Designing IPSec Encryption

Designing IPSec Filters

IPSec Best Practices

Verifying IPSec Communications

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Part III Exam 70-221: Designing a Microsoft Windows 2000 Network Infrastructure

Chapter 12 Overview of Designing a Network Infrastructure

Windows 2000 Networking Services Design Overview

The Networking Services Deployment Cycle

Designing the Networking Services

Testing the Design

Implementing the Design

Managing the Network Services

Microsoft Windows 2000 Networking Services

Lab Exercise 12. 1: Developing a Design Approach

The Network Foundation

Base Protocol Support-TCP/IP

Automated Client Configuration-DHCP

Resolving Host Names-DNS

Lab Exercise 12.2: Solving a Name Resolution Design Problem

Resolving NetBIOS Names-WINS

Designing Internet Connectivity

Network Address Translation-NAT

Microsoft Internet Security and Acceleration Server

Designing Routing and Remote-Access Connectivity

Remote Access

RADIUS and IAS

IP Routing

Putting It All Together: Integrating the Network Services Infrastructure

Creating Performance Monitor Log Files

Defining the Network Design Attributes

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 13 Analyzing Business and Technical Requirements

Analyzing the Business

Analyzing the Geographical Scope and Existing and Planned Business Models

Analyzing Company Processes

Analyzing the Existing and Planned Organizational Structures

Analyzing Factors That Influence Company Strategies

Analyzing the IT Management Structure

Business Requirements Analysis Checklist

Evaluating the Company's Technical Requirements

Documenting the Existing Infrastructure Design

Analyzing Client Computer Access Requirements

Analyzing the Existing Disaster-Recovery Strategy

Directions

Business Background

Current System

IT Management Sample Interviews

Envisioned System

Case Study Questions f BTI Analysis

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 14 Designing a Network Infrastructure Using TCP/IP

TCP/IP Background

TCP/IP Protocol Suite

TCP/IP Standards

TCP/IP Protocol Architecture

Key TCP/IP Design Considerations

Windows 2000 TCP/IP Features

Windows 2000 TCP/IP Services

Designing a Functional TCP/IP Solution

IP Addressing Review

Private Network IP Addressing

Subnet Requirements

IP Configuration Approaches

TCP/IP Design for Improving Availability

TCP/IP Design for Improving Performance

Optimizing IP Subnetting

Optimizing Traffic on an IP Network

Using QoS Mechanisms

TCP/IP Security Solutions

Packet Filtering Techniques

Data Encryption Design

IPSec Encryption Algorithms

IPSec Authentication Protocols

IPSec Internet Key Exchange

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 15 Designing an Automated IP Configuration Solution Using DHCP

Key DHCP Features

Management Features

Enhanced Monitoring and Statistical Reporting

DNS and WINS Integration

Rogue DHCP Server Detection

User-Specific and Vendor-Specific Option Support

DHCP Server Clustering

Multicast IP Address Allocation

DHCP Client Support

Automatic Client Configuration

Local Storage

BOOTP Client Support

Combining DHCP with Other Services

Active Directory Integration

Dynamic Updates in the DNS Namespace

Routing and Remote Access Integration

DHCP Design Choices

Functional Aspects of Designing a DHCP Solution

Using DHCP Servers on the Network

Configuring and Selecting TCPHP Options on the Network

Providing IP Configuration Management to BOOTP and Non-Microsoft Clients

DHCP Sample Design for a Single Subnet LAN

DHCP Example Design for a Large Enterprise Network

DHCP Example Design for a Routed Network

Relay Agent Deployment

DHCP and Routing and Remote Access

DHCP Server Placement

Creating a DHCP Solution to Ensure Service Availability

Distributed Scope Solution

Clustering Solution

Creating a DHCP Solution to Enhance Performance

Increasing Performance of Individual DHCP Servers

Increasing Performance by Adding DHCP Servers

Designing a Secure DHCP Solution

Preventing Unauthorized Windows 2000 Servers

Security Risks Using DHCP in DMZ Networks

Directions

Scenario

Design Requirements and Constraints

Envisioned System

Availability

Performance

Security

Proposed System

Chief Technology Officer's Comments

Case Study Questions

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 16 Creating a DNS Name-Resolution Design

The Domain Name System Solution

New Features in the Windows 2000 Implementation of DNS

Resolution Improvements

Key Components of DNS

DNS Resolution Process

Resource Load-Sharing Control

Collecting Information for the DNS Design Decisions

Creating a Functional Windows 2000 DNS Strategy

DNS Zones and Zone Types

DNS Server Placement and Zone Type Considerations

Integrating DNS and WINS

Integrating with BIND and Windows NT 4.0 DNS Servers

Internet Access Considerations

Existing Namespace Integration Issues

Hands-On Section Exercises

Availability Considerations in Windows 2000 DNS Designs

Optimization Strategies in Windows 2000 DNS Designs

Server Capacity Optimization

Monitoring Server Performance

Query Resolution Optimization

Reducing the Impact of Server-to-Server Traffic on the Network

Security Strategies in DNS Designs

Secured Dynamic Update

Controlling Update Access to Zones

DNS Dynamic Updates from DHCP and Windows 2000

DNS Zone Replication

DNS in Screened Subnets

Hands-On Section Exercises

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 17 Designing with WINS Services and DFS

The Microsoft WINS Solution

WINS Background

NetBIOS Name Resolution

Creating a WINS Design

Initial WINS Design Steps

Designing a Functional WINS Solution

Enhancing WINS Availability

Optimizing WINS Performance

Securing a WINS Solution

Designing a Distributed File System (DFS) Strategy

DFS Architecture

DFS Platform Compatibility

DFS Features

Key DFS Terms

Placing a DFS Root

DFS Root Replica Strategy for High Availability

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 18 Designing Internet and Extranet Connectivity Solutions

Firewalls

Common Firewall Technologies

Firewall Placement

Demilitarzed Zones or Screened Subnets

Routing and Remote Access

Windows 2000 Network Address Translation

Designing a Functional NAT Solution

Designing for NAT Availability and Performance

NAT Security Considerations

Outbound Internet Traffic

Inbound Internet Traffic

VPNs and Network Address Translators

Internet Connection Sharing

Web Caching with a Proxy Server

What Does a Proxy Server Do?

Protecting the Network

Microsoft Proxy Server

Designing a Functional Proxy Server Solution

Designing for Proxy Server Availability and Performance

Proxy Server Security Considerations

Comparing Internet-Connection Sharing Solutions

Scenario

Case Study Question

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 19 Designing a Wide Area Network Infrastructure

Connecting Private Networks Using RRAS

Installing and Configuring RRAS

Routing for Connectivity Between Private Networks

Designing a Functional Routing Solution

Securing Private Network Connections

Optimizing a Router Design for Availability and Performance

RRAS Solutions Using Demand-Dial Routing

Designing Remote-User Connectivity

Designing a VPN Strategy

Designing Remote-Access Dial-Up Solutions

Designing a Dial-Up or VPN Solution in a Routed Network

Performance and Availability Design Considerations

Security Considerations

VPN Best Practices

Dial-Up Best Practices

Designing a Remote-Access Solution Using RADIUS

Integrating Authentication with RADIUS

Why Use IAS?

Designing a Functional RADIUS Solution

RADIUS Fault-Tolerance and Performance Solutions

Security Considerations for RADIUS

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Chapter 20 Designing a Management and Implementation

Strategy for Windows 20O0 Networking

Network Services Management Strategies

Identifying Management Processes

Monitoring the Network Services Status

Analyzing the Information

Reactive and Proactive Response Strategies

Combining Networking Services

Benefits of Combining Networking Services

Constraints on Combining Networking Services

Security Issues Related to Combining Services

Combining Networking Services That Are Cluster-Aware

Optimizing Performance by Combining Services

Chapter Review

Questions

Answers

Key Skill Sets

Key Terms

Part IV Bringing lt All Together

Chapter 21 The Holistic Windows 2000 Design Process

Building Blocks

Active Directory Active Directory

Security

Network Infrastructure

Common Elements

Next Steps-Life as an MCSE

Chapter Review

Part V Appendixes

Appendixes A More Case Study Analyses and Questions

Four Case Studies for Analysis

Exam Questions on the Topics Presented in this Book

Encrypting File System (Six Questions)

Auditing (Three Questions)

Public Key Infrastructure (11 Questions)

Internet Protocol Security (Six Questions)

Active Directory Services (27 Questions)

Appendixes B MCSE Certification Specifics

Microsoft's New Certification Track

Your Commitment to Getting Certified

Role of Real-World Experience

Opportunities for MCSEs

Compensation

Ongoing Certification Requirements

Life as an MCSE Professional

work

Continuing Education

Conferences

User Groups

Certification Exam Objectives

Exam 70-210: Installing, Configuring, and Administering

Microsoft Windows 2000 Professional

Exam 70-215: Installing, Configuring, and Administering

Microsoft Windows 2000 Server

Exam 70-216: Implementing and Administering a Microsoft

Windows 2000 Network Infrastructure

Exam 70-217: Implementing and Administering a Microsoft

Windows 2000 Directory Services Infrastructure

Exam 70-219: Designing a Microsoft Windows 200() Directory

Services Infrastructure

Exam 70-220: Designing Security for a Microsoft Windows 2000 Network

Exam 70-221: Designing a Microsoft Windows 2000 Network Infrastructure

Appendixes C Case Study Analysis Approach

Case Study Method

Management Value

How to Approach a Case