Exam Profile 70-162: Forefront Protection for Endpoints and Applications, Configuring

Date: Sep 17, 2012

This article profiles the Forefront Protection for Endpoints and Applications, Configuring (MCTS 70-162) exam, designed to test one’s ability to use Microsoft Forefront to protect an organization’s endpoints and applications. Pearson IT Certification provides a variety of exam preparation tools to help our customers in their quest for certification. As part of our service to you, we have developed this Exam Profile series. Each profile is developed based on the testing experience of one of our trainers or authors. You won’t get exact questions or answers, but you will get a real feel for the exam. Each profile describes question forms, trouble spots, hints for exam preparation, and recommendations for additional study resources. Find out what you can expect to see on the exam and how you can better prepare for it.

Security is a major concern in almost any organization. Exam 70-162 is designed to prove an IT pro’s ability to use Microsoft Forefront to protect an organization’s endpoints and applications. A candidate who passes this exam will prove that they know how to configure Forefront in an effective manner.

Exam Details

Number of questions: Microsoft does not disclose the number of questions on their exams, but this exam is estimated to have about 50 questions.
Types of questions: Microsoft does not disclose the types of questions appearing on certification exams, but you can expect to see multiple choice, reorder, build a tree, and possibly simulation questions.
Passing score: 700/1000
Time limit: Microsoft does not disclose exam time limits, but this exam is estimated to have a time limit of 120 minutes.
How to register: Prometric.com

Trouble Spots

There are two main things that are likely to cause problems for you on this exam. One is the lack of study materials. The other is the variety of products that you will need to be familiar with in order to pass this exam.

The exam focuses primarily around Microsoft Forefront Endpoint Protection, but you will also need to know how to deploy and configure the various Forefront Application Protection products. The exam places an especially heavy emphasis on Forefront Protection for SharePoint, but you will also need some knowledge of Forefront Protection for Exchange as well. This means that you will have to have some Exchange and SharePoint knowledge. For instance, you will have to be familiar with the Exchange Server roles (mailbox, hub transport, client access, edge transport, and unified messaging) and you will need to know how an Exchange server’s role impacts the way that Forefront has to be installed.

You will also have to be familiar with the way that Forefront ties in with your management servers. This primarily involves WSUS and System Center Configuration Manager.

Preparation Hints

The biggest challenge in preparing for this exam is the total lack of study resources. Microsoft does not offer any study resources at this time nor are reputable third party resources available. That being the case, there are really only two things that you can do to prepare for this exam.

First and foremost, you should work with the Forefront products and gain experience with them. Having hands on experience will prove to be invaluable in passing this exam.

Working with the product alone may not be enough however. Microsoft exams are notorious for testing “book knowledge”. That being the case, it is recommended that you spend some time in the TechNet library reading the Forefront documentation. A good place to start is: http://technet.microsoft.com/library/ff823816.aspx

Recommended Study Resources

At the present time there do not seem to be any legitimate preparation materials for this exam. Microsoft does not offer any Microsoft press books, E-Learning classes, or classroom based training. No third party training books or reputable practice exams seem to exist either.

Recommended Study Resources

Exam Objectives

The exam objectives are broken up into four different categories. The 70-162 exam measures your ability to accomplish the technical tasks listed below.

The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam.

The objectives for Exam 70-162 as stated by Microsoft are as follows:

Deploying Forefront Endpoint Protection 2010, Forefront Protection 2010 for Exchange Server, and Forefront Protection 2010 for SharePoint (24 percent)

Plan and implement a Forefront Endpoint Protection (FEP) topology.

This objective may include but is not limited to: where to install the remote reporting database; install FEP server components; WSUS configuration, System Center Configuration Manager single site vs. hierarchy considerations (reporting)

Design and install Forefront Protection for Exchange Server (FPE) and Forefront Protection for SharePoint (FPSP) components.

This objective may include but is not limited to: import and export configuration settings from and to multiple servers, deciding which server roles to install on (Mailbox, Hub Transport, and Edge), High Availability

Customize the System Center Configuration Manager and System Center Operations Manager configuration for FEP implementations.

This objective may include but is not limited to: create a collection in Configuration Manager, SUP configuration, configure advertisements, configure agent components, import security management pack (SMP), create custom Desired Configuration Management (DCM) baselines and configuration items

Deploy the FEP client.

This objective may include but is not limited to: operating system prerequisites, uninstall existing anti-virus software including Forefront Client Security (FCS), deploy Operations Manager and Configuration Manager agents to workgroup computers and to domain-joined computers, deploy using Configuration Manager, deploy using Group Policy, deploy manually, setup switches

Maintaining Endpoint and Application Protection (26 percent)

Configure Operations Manager Management Pack for FEP.

This objective may include but is not limited to: alerts, notifications, and monitoring

Configure alerts, notifications, and monitoring for FEP by using Configuration Manager.

This objective may include but is not limited to: reporting, SQL reporting services, creating subscriptions using DCM, collections and FEP console

Remediate FEP client issues.

This objective may include but is not limited to: using Operations Manager tasks; changes to policies; validate or audit FEP; client log files; quarantine; uninstall the FEP client, initiate client scan using Configuration Manager, remediating a locally removed client, diagnose and resolve a malware outbreak

Configure alerts, notifications, monitoring, and quarantine for FPE and FPSP.

This objective may include but is not limited to: email notifications, email alerts, Operations Manager alerts; set quarantine policy

Configuring the FEP Client (25 percent)

Configure FEP clients by using Configuration Manager.

This objective may include but is not limited to: create and manage policy using Configuration Manager, configure definitions within the client policy, export from Configuration Manager, choose which template to use, select exclusions

Configure the FEP client by using Group Policy.

This objective may include but is not limited to: import FEP configuration options into Group Policy (ADMX, ADML, FEP2010GPTool.exe), merge FEP policies, Group Policy precedence, manage Group Policy templates

Configure FEP clients manually.

This objective may include but is not limited to: import XML files, configure using the FEP Console, how to add an exclusion, how to disable, local vs. domain Group Policy precedence

Configuring FPE and FPSP Application Protection (25 percent)

Configure anti-spam protection by using FPE.

This objective may include but is not limited to: configure filter lists by keyword and by content, file filtering by name and/or by type, filtering by source, destination domain, or sender ID, block lists, backscatter

Configure anti-malware protection by using FPE.

This objective may include but is not limited to: different types of scans, perform an on-demand scan, configure real-time scan, configure scanning engines, definition distribution, optimize performance of the scan engine

Configure application protection with FPSP.

This objective may include but is not limited to: manage filter lists by keyword and by content, manage file filtering by name and/or by type, perform an on-demand scan, configure real-time scan, configure scanning engines, definition distribution, optimize performance of the scan engine

Diagnose and resolve malware and spam outbreaks.

This objective may include but is not limited to: read event logs, infected documents, and attachments

Exam Objectives

Where to Go from Here

Candidates who pass the 70-162 exam receive the Microsoft Certified Technology Specialist (MCTS): Forefront Endpoint and Applications, Configuring certification.

Although the 70-162 exam does not count as credit toward any additional Microsoft certifications, many people also choose to take Exam 70-158 TS: Forefront Identity Manager 2010, Configuring.

Have you taken the 70-162: TS: Forefront Protection for Endpoints and Applications, Configuring exam? Share your experiences by posting to the <thread name here> thread in our forums.