Exam Profile: MCSE: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (70-293)

Date: Dec 21, 2010

As with any exam, it will vary from person to person as to what is deemed to be difficult. In this article Network Administrator Troy Thompson walks you through the Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (70-293) exam. He discusses trouble spots, preparation hints and detailed exam objectives. By reading this, you will get a better idea of what to expect from the exam and the exam process.

In order to pass the 70-293 exam, you must have the knowledge of Software Update Service (SUS), the four different versions of Windows, the five server roles, security changes, command line utilities, and much more. After you pass the Managing and Maintaining a Microsoft Windows Server 2003 Environment exam, in addition to being on your way to the MSCE certification, you achieve Microsoft Certified Professional (MCP) status. You also earn core credits toward the following certifications:

Microsoft Certified Systems Administrator (MCSA) on Windows Server 2003 certification
Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 certification
Microsoft Certified Database Administrator (MCDBA) on Microsoft SQL Server 2000 certification

In order to get your Microsoft MCSE certification, you will be required to pass seven exams (in any order):

Four exams on networking systems
One exam on client operating systems
One exam on design
One elective exam

The 70-293 is a core exam that counts toward one of the four networking system exams that must be taken.

Exam Details

Exam number: 70-293
Number of questions: Approximately 40-45 questions with 3-5 simulations (Since Microsoft does not publish this information, the number of exam questions may change without notice.)
Types of questions: This test consists mainly of multiple choice questions, but can also contain drag and drop, build list, and reorder questions. You will definitely see multiple simulation questions.
Passing score: 700 out of 1000
Time limit: 4 hours
How to register: Prometric.com or Certiport.com

Trouble Spots

As with any exam, it will vary from person to person as to what is deemed to be difficult. While one person may have trouble with groups, another will find RAID configurations to be hard to understand. There are no real issues with this exam that you need to watch for other than to know the objectives. Hands-on experience that deals with managing and maintaining a Windows network will be of immense value, especially when it comes to the simulations. Basically, the simulations present a mock-up of the computer screen that behaves similarly to an actual server. In a simulation, you may have to set permissions for a folder, or add users to a group, or some other task.

Trouble Spots

Preparation Hints

Review the Exam Objectives below and make sure that you are familiar with them. If you do have access to a Windows 2003 network, hands-on practice in that environment will help you to connect the theory with real life. Always check the Microsoft site for the specific exam you are going to take. In this instance, the site is http://www.microsoft.com/learning/en/us/exam.aspx?ID=70-293&locale=en-us. There are many web sites and blogs that can help you to research topics, but be careful to fully research the information you read. It is not advisable to try to find sites that list questions and answers for several reasons. First, you don’t know if you will be asked a specific question and second, the answers given in a blog may be inaccurate and third, you need to understand the information to adequately prepare.

When taking the exam, read each question carefully. Microsoft is notorious for adding a lot of unneeded information in their questions. Make sure that when you click on a choice, it is really marked. Be careful clicking anywhere on the screen. I found that by inadvertently clicking near the scroll bar on the right of the screen, I actually changed an answer. You get a single piece of paper and a marker for writing. You can use a small amount of time before you even start the exam to make notes once you enter the test area. Sometimes there is even a questionnaire at the beginning of the test that does not count against your test time. You can use this time to write down notes, facts, tables or other information that may help you during the exam. Since this particular exam is four hours, if you are prepared, you should have plenty of time.

Recommended Study Resources

MCSE 70-293 Exam Prep: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (2nd Edition) by Will Schmied

Trancender

Preparation Hints

Exam Objectives

This exam is broken up into six different categories. We will look at what you have to know in each category to pass the exam.

Planning and Implementing Server Roles and Server Security

Configure security for servers that are assigned specific roles.

Plan a secure baseline installation. Installing service packs, anti-virus, firewalls, removing unused service are part of securing your server.

Plan a strategy to enforce system default security settings on new systems. The best way to implement security for all systems or a group of systems is to use Group Policies.

Identify client operating system default security settings. If your environment contains different client operating systems, you need to consider them all when designing the default security settings. Windows 9X operates quite differently from Windows XP.

Identify all server operating system default security settings. As with clients, you may have several different operating systems on your servers with each of them having different types of security available.

Plan security for servers that are assigned specific roles. Roles might include domain controllers, Web servers, database servers, and mail servers.

Deploy the security configuration for servers that are assigned specific roles. There are many different roles for servers such as DNS, DHCP, Domain Controller, etc. The type of security you employ will depend on the server’s role.

Create custom security templates based on server roles. Windows 2003 provides you with default security templates. You can incorporate them as is or you can modify them to meet your needs.

Evaluate and select the operating system to install on computers in an enterprise.

Identify the minimum configuration to satisfy security requirements. To make your life less complex, you should choose the minimum security requirements that meet your needs.

Planning, Implementing, and Maintaining a Network Infrastructure

Plan a TCP/IP network infrastructure strategy.

Analyze IP addressing requirements. There are many things to consider when deciding an IP structure, including the number of hosts, the number of subnets, private vs. public.

Plan an IP routing solution. Manageable switches are almost always used instead of hubs for client computers. Routers are only needed to connect different networks. Normally you have at least one router on the edge of your network to communicate with the Internet. It is possible for some switches to be configured with virtual LANs.

Create an IP subnet scheme. Subnetting is the process of dividing the total available IP addresses for a network into subnetworks, or subnets. You may also see IP addresses and subnet masks represented in the format 198.10.10.46/28. The 28 tells you that there are 28 bits used for the subnet mask, which leave 4 bits for the hosts.

Plan the physical placement of network resources. Servers, switches and routers should always be placed in a secure area where only network administrators have access.

Identify network protocols to be used. TCP/IP is the primary protocol used on Windows network and the only protocol used on the Internet. Some other protocols are IPX/SPX used by Novell Netware and Appletalk used by Apple computers.

Plan an Internet connectivity strategy.

Once you connect your network to the Internet, your security concerns increase exponentially. You must take adequate protection such as implementing firewalls but must also train users as to the acceptable practices. If your company uses private IP addresses internally, you must use public IP addresses to access the Internet. It is possible using Network Address Translation (NAT) to hide your private network IP addresses.

Plan network traffic monitoring. Tools might include Network Monitor and System Monitor.
Troubleshoot connectivity to the Internet.

Diagnose and resolve issues related to client configuration. Use the IPconfig command to ensure that your client PC has received an IP address from the DHCP server.

Diagnose and resolve issues related to Network Address Translation (NAT). You must make sure that your DHCP server is configured properly and not issuing IP addresses that conflict with your NAT.

Troubleshoot TCP/IP addressing.

Diagnose and resolve issues related to client computer configuration. Use the IPconfig command to ensure that your client PC has received an IP address from the DHCP server.

Diagnose and resolve issues related to DHCP server address assignment. The DHCP server’s scopes must be setup correctly in order for the clients to receive the proper IP address. In addition, the DNS and Router must be configured properly in the DHCP server.

Plan a host name resolution strategy.

Plan a DNS namespace design. A host file is a static file on a server or PC that contains host names and IP addresses. This method is not dynamic or efficient. The preferred method for name resolution is to use a DNS server that clients register to automatically.

Plan a forwarding configuration. If a DNS server cannot resolve a name from an IP address, it has the potential to forward that request to another DNS server for resolution.

Plan for DNS security. Active Directory must authorize any changes to DNS. Otherwise, if invalid data were entered, your users could be sent to the wrong server or site.

Plan a NetBIOS name resolution strategy.

Plan a WINS replication strategy. WINS is being phased out by Microsoft in favor of DNS only, but it still can be used to resolve NetBIOS names.

Plan NetBIOS name resolution by using the Lmhosts file. Similar to a Host file, you can use a static Lmhosts file to resolve NetBIOS names. This file has to be managed manually and creates administrative overhead.

Troubleshoot host name resolution.

Diagnose and resolve issues related to DNS services. If DNS is not working properly, you will not be able to get to servers or sites. You can use the Event Viewer on your DNS server to troubleshoot problems.

Diagnose and resolve issues related to client computer configuration. Use the IPconfig command to ensure the user has a correct IP address.

Planning, Implementing, and Maintaining Routing and Remote Access

Plan a routing strategy.

You only have to route traffic if it is on a different network or subnet, in which case you will have to install a router.

Identify routing protocols to use in a specified environment.

RIP version 1 and 2 and OSPF are the routing protocols with which you need to be familiar.

Plan routing for IP multicast traffic.

Multicast IP address ranges are from 224.0.0.0 to 239.255.255.255. IP addresses in these ranges are for use on internal networks and cannot be routed on the Internet.

Plan security for remote access users.

Users may need to access the network remotely using VPN or RRAS.

Plan remote access policies.

A remote access policy is set to determine how users will connect remotely. You can have several different policies in place, but once one is matched, the user is connected and the other policies are ignored.

Analyze protocol security requirements.

RRAS supports the TCP/IP, IPX, NetBEUI, AppleTalk protocols as well as SLIP and PPP asynchronous connections.

Plan authentication methods for remote access clients.

Remote authentication methods include the following from least secure: PAP, SPAP, CHAP, MS-CHAP, MS-CHAP v2.

Implement secure access between private networks.

IPSec is a standard protocol that Microsoft uses in conjunction with Kerberos as its default method for authentication.

Create and implement an IPSec policy.

In Active Directory, use Group Policy to apply IPSec policies. Client, Server and Secure Server are the three built in policies that Microsoft provides. You should modify these policies to meet your needs.

Troubleshoot TCP/IP routing. Tools might include the route, tracert, ping, pathping, and netsh commands and Network Monitor.

Research the above commands by typing them at a command line using the /? for help.

Planning, Implementing, and Maintaining Server Availability

Plan services for high availability.

High availability means not having a single point of failure. Windows Server 2003 Enterprise and Windows Server 2003 Datacenter Server support this feature.

Plan a high-availability solution that uses clustering services.

Clustering is connecting several computers together to act as a single computer that provides high availability.

Plan a high-availability solution that uses Network Load Balancing.

Network Load Balancing, a clustering technology included in the Microsoft Windows 2000 Advanced Server and Datacenter Server operating systems, enhances the scalability and availability of mission-critical, TCP/IP-based services, such as Web, Terminal Services, virtual private networking, and streaming media servers.

Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks.

Eliminating system bottlenecks ensures your servers are operating efficiently. When choosing your hardware, always make sure you have sufficient RAM and processor power.

Identify system bottlenecks by using System Monitor.

System Monitor is a Windows tool that can be used to identify and diagnose bottleneck problems.

Recover from cluster node failure.

In a cluster, it is possible to lose a node or the entire cluster. You can use tools such as Confdisk.exe, ClusterRecovery.exe, ASR, and System State Restore.

Manage Network Load Balancing. Tools might include the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility.
Plan a backup and recovery strategy.

Any backup strategy, whether it is tape or hard disk, should be tested.

Identify appropriate backup types. Methods include full, incremental, and differential.

A full backup will backup all of your data. A differential backup will backup all of the data that has changed since the last full backup. An incremental backup will backup all data since the last incremental backup. An incremental backup is the quickest, but also requires more time to restore.

Plan a backup strategy that uses Volume Shadow Copy (VSS).

Shadow Copy must be enabled on the server and will keep copies of files that can be restored directly from the server. It provides a way for the end user to restore files, which can be quicker than waiting for the tech department to restore a file.

Planning and Maintaining Network Security

Configure network protocol security.

Each different protocol has its own vulnerabilities which must be taken into account during implementation.

Configure IPSec policy settings.

As mentioned before, Client, Server and Secure Server are the three built in policies that Microsoft provides. You should modify these policies to meet your needs.

Plan for network protocol security.
Some protocols are more vulnerable than others. For instance, FTP, Telnet and HTTP use clear text to transmit data.
Specify the required ports and protocols for specified services.
Port numbers that you need to be familiar with are as follows:
- FTP—21
- TELNET—23
- SMTP—25
- DNS—53
- DHCP—67 and 68
- HTTP—80
- POP3—110
- IMAP—143
- SNMP—161
- SSL—443
Plan secure network administration methods.

To save time and resources, you should be able to solve as many problems as you can remotely. Tools such as Remote Desktop for Windows users and Telnet for switches and routers will help you with this.

Create a plan to offer Remote Assistance to client computers.

As mentioned above, Remote Desktop allows you to assist users by controlling their desktop.

Plan for remote administration by using Terminal Services.

Microsoft Server Terminal Services Client (MSTSC.exe) can be used to remote into servers.

Plan security for wireless networks.

Wireless networks need to be secured using encryption such as Wired Equivalent Privacy (WEP)

Plan security for data transmission.

Virtual Private Networks (VPN) uses PPTP and IPSec protocols for security.

Troubleshoot security for data transmission. Tools might include the IP Security Monitor MMC snap-in and the Resultant Set of Policy (RSoP) MMC snap-in.

Planning, Implementing, and Maintaining Security Infrastructure.

Configure Active Directory service for certificate publication.

Directory Access Control Lists are used to by Active Directory to approve or deny certificate requests.

Plan a public key infrastructure (PKI) that uses Certificate Services.

PKI provides computers a secure way to communicate. It relies on digital signatures and encryption.

Identify the appropriate type of certificate authority to support certificate issuance requirements.

Windows 2003 can issue certificates or you can use a third party vendor such as Verisign.

Plan the enrollment and distribution of certificates.

If your Windows 2003 server is running Certificate Services, it is able to issue a certificate.

Plan for the use of smart cards for authentication.

Smart cards include an actual micro processor that contains information about the user. The smart card is used in conjunction with a Personal Identification Number (PIN).

Plan a framework for planning and implementing security.

The Microsoft Solution Framework (MSF) outlines an overall process for planning and implementing security.

Plan for security monitoring.

Each network is different and will have different requirement for security monitoring. You should be able to detect changes in common patterns and be familiar with new security threats that have developed. Microsoft Baseline Security Analyzer (MBSA) is a security tool that can be used to scan for security updates.

Plan a change and configuration management framework for security.

This includes topics such as making sure that you apply patches and upgrades, checking user, data and security settings.

Plan a security update infrastructure. Tools might include Microsoft Baseline Security Analyzer and Microsoft Software Update Services.

Recommended Study Resources

Where to Go from Here

After you pass the Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (70-293) Exam, you have three more core exams to pass on your way to becoming an MCSE:

Managing and Maintaining a Windows Server 2003 Environment Exam 70-290
Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Exam 70-291
Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Exam 70-294