Designing a Windows 2000 Security Solution
This objective covers many topicsall of which you've probably encountered before if you've already taken the core exams.
Now that you've set the security for users and resource access within your domain, how will you keep an eye on it? Through auditing, of course! Know how to create an audit policy, and how to retrieve and save the audit logs for reference.
Do you know Group Policies? If not, you'd better learn them. You need to know how to create Site, Domain, and OU policies, and structure them effectively throughout an enterprise for inheritance. Group Policies are one of the cornerstones of security, so if you don't have them mastered, focus your attention there first.
You will need a method to secure authentication. This focuses primarily on RRAS and the supported authentication protocols. Know the different levels of authentication: smart cards, NTLM, RADIUS, and SSL.
Certificate services, a new service native to Windows 2000, is one of the most overlooked security devices in Windows 2000 Server. You will need to have an advanced knowledge of creating a hierarchy of Certificate Authorities (CAs). This includes installing servers, and issuing and revoking certificates. Of course, most CAs integrate with third-party certificate servers, so you'll need to know how to do that as well.
Network services have to be secured to ensure the integrity of network traffic, reliability, and membership within a domain. You'll need to know how to secure the following network services:
Remote Installation Services (RIS)
Study Hint: Be certain you know how an organization requests an originating certificate from a third party and then uses that certificate to create an internal CA hierarchy.