MCSE Windows2000Designing考试指南(英文原版)

内容概要

本书是美国著名的出版商McGraw-Hill出版的畅销认证系列丛书All-in-One中的一本。本书包含现行的MCSE Windows 2000 Designing核心考试的全部内容，即Directory Services Infrastructure、Network Infrastructure和Network Security三门Designing（设计）考试。作者在本书中提供了极具洞察力的专家经验，每一章都包括详细的考试目标、实践问题和实用练习，详细讲述了Windows的安装、配置和故障排除等方面的内容，光盘中包含大量原汁原味的考试试题、测试引擎和专题讲座视频片断。本书适合MCSE认证考试的备考者使用。

书籍目录

Introduction 1
PartⅠ    Exam 70-219: Designing a Microsoft Windows 2000
               Directory Services Infrastructure 9
Chapter 1    Defining Directory Services 10
Common Understanding of Directory Services 10
Directory Services and Meta-Information 12
History and Types of Directory Services 12
Predicting the Future: Meta-Directories 14
Active Directory from the Top Down 15
Forests 15
Trees 16
Domains 16
Organizational Units 17
Lower-Level Objects 17
Data and Attributes 19
Sites 19
Directory Services in Different Versions of Windows 19
Top Reasons to Implement Windows 2000 and Active Directory 21
Top Reasons to Implement Windows 2000 21
Top Reasons to Implement Active Directory 26
Chapter Review 31
Questions 31
Answers 31
Key Skill Sets 31
Key Terms 31
Chapter 2    Analyzing Business Requirements 33
Analyzing the Existing and Planned Business Models 34
Analyzing the Company Model and the Geographical Scope 34
Analyzing Company Processes 41
Management 43
Company Organization 44
Vendor, Partner, and Customer Relationships 46
Acquisition Plans 46
Analyzing Factors That Influence Company Strategies 47
Identifying Company Priorities 47
Identifying the Projected Growth and Growth Strategy 48
Identifying Relevant Laws and Regulations 48
Identifying the Company誷 Tolerance for Risk 48
Identifying the Total Cost of Operations 48
Chapter Review 49
Questions 49
Answers 49
Key Skill Sets 49
Key Terms 49
Chapter 3    Analyzing Technical Requirements 50
Evaluating Existing and Planned Technical Environment 51
Analyzing Company Size and User and Resource Distribution 51
Assessing Available Connectivity 53
Assessing Net Available Bandwidth 55
Analyzing Performance Requirements 56
Analyzing Data- and System-Access Patterns 56
Analyzing Network Roles and Responsibilities 57
Analyzing Security Considerations 58
Analyzing the Impact of Active Directory 59
Assessing Existing Systems and Applications 59
Identifying Existing and Planned Upgrades and Rollouts 59
Analyzing the Technical Support Structure 59
Analyzing Existing and Planned Network and Systems Management 60
Analyzing the Business Requirements for Client-Desktop Management 61
Chapter Review 62
Questions 62
Answers 63
Key Skill Sets 63
Key Terms 63
Chapter 4    Designing a Directory Service Architecture 64
Designing an Active Directory Forest and Domain 65
Designing a Forest and Schema Structure 66
Designing a Domain Structure 69
Analyzing and Optimizing Trust Relationships 69
Designing an Active Directory Naming Strategy 71
Establishing the Scope of the Active Directory 72
Designing the Namespace 73
Planning DNS Strategy 74
Designing and Planning Organization Units 75
Developing an OU Delegation Plan 77
Planning Group Policy Object Management 78
Planning Policy Management for Client Computers 80
Planning for Coexistence 80
Designing an Active Directory Site Topology 81
Designing a Replication Strategy 81
Defining Site Boundaries 83
Designing a Schema Modification Policy 83
Designing an Active Directory Implementation Plan 85
Single-Domain Windows NT System 85
Single-Master-Domain Windows NT System 85
Multiple-Master-Domain Windows NT System 86
Complete-Trust-Domain Windows NT System 86
A New Windows 2000 Domain 87
Chapter Review 87
Questions 88
Answers 88
Key Skill Sets 88
Key Terms 89
Chapter 5    Designing Your Service Locations 90
Designing the Placement of Operations Masters 91
Understanding the Roles of Operations Masters 91
Schema Master 91
Domain Naming Master 93
Primary Domain Controller Emulator 93
Infrastructure Master 94
Relative Identifier Master 94
Role Placement 94
Permissions 95
Role Changing 95
Disaster Recovery 96
Designing the Placement of Global Catalog Servers 96
Global Catalog Servers 97
Global Catalog Server Placement Considerations 97
Designing the Placement of Domain Controller Servers 98
DNS Zone Planning 101
DNS Lookup Zones 102
DNS Zone Types 102
Where, Oh Where Should My DNS Go? 103
Designing the Placement of DNS Servers 103
Design 1 104
Design 2 105
Design 3 105
Design 4 105
Next Steps 105
Chapter Review 106
Questions 106
Answers 106
Key Skill Sets 107
Key Terms 107
PartⅡ    Exam 70-220: Designing Security for a Microsoft
               Windows 2000  109
Chapter 6    Introduction to Security 110
Intruder Perspectives 110
The Business Case 111
Technical Tangents of Networking and Security 112
User and Group Account Management 112
Machine Security 113
Network and Communication Security 113
Public Key Infrastructure (PKI) 116
The Security Life Cycle 117
Discovery 117
Design 117
Testing 117
Deployment 117
Evaluation 118
Final Steps-Feedback 118
Chapter Review 119
Questions 119
Answers 119
Key Skill Sets 119
Key Terms 120
Chapter 7    Analyzing Business and Technical Requirements 121
Defining Security in the Enterprise 122
Evaluating Business Factors That Affect Security Planning 123
Analyzing the Existing and Planned Business Models 124
Analyzing Business Factors That Influence Company Strategies 125
Evaluating Your Technology Options in Security Planning 129
Analyzing the Physical and Information-Security Models 130
Understanding the Logical Layout of Services and Applications 133
Understanding the People Factor in Security Planning 136
Analyzing Business and Security Requirements for the End User 137
Analyzing Network Roles and Responsibilities 137
Evaluating Specific Security Vulnerabilities 139
Lack of IT Staff Education 139
Ineffective, Incomplete, or Missing Corporate Security Policies 140
User Education 141
Proactive Anti-Hacking Measures 142
Disaster-Recovery Plan 143
Security Hotspots 144
Catywhompus Construction Updates 145
Chapter Review 145
Questions 146
Answers 146
Key Skill Sets 147
Key Terms 147
Additional Resources and Information 147
Chapter 8    Analyzing Security Requirements 149
Assessing Your Current Environment 149
Vulnerabilities 150
Creating a Baseline 153
Developing a Security Policy 155
Authenticating All User Access to System Resources 156
Applying Appropriate Access Control to All Resources 158
Establishing Appropriate Trust Relationships Between Multiple Domains 160
Enabling Data Protection for Sensitive Data 161
Setting Uniform Security Policies 161
Deploying Secure Applications 167
Managing Security Administration 168
Implementing Your Security Policy 168
Chapter Review 172
Questions 172
Answers 173
Key Skill Sets 173
Key Terms 174
Chapter 9    Designing a Windows 2000 Security Solution 175
Windows 2000 Security Policies 176
Audit Policies 176
Delegation of Authority 184
Policy Inheritance 189
Encrypting File System (EFS) 192
Design an Authentication Strategy 196
Authentication Methods 196
Security Group Strategy 203
Design a Public Key Infrastructure 204
Certificate Authority Hierarchies 204
Certificate Server Roles 205
Managing Certificates 208
Third-Party Certificate Authorities 212
Design Windows 2000 Network Services Security 214
DNS Security 214
Remote Installation Services (RIS) Security 215
SNMP Security 220
Terminal Services Security 223
Chapter Review 229
Questions 229
Answers 230
Key Skill Sets 230
Key Terms 231
Chapter 10    Designing a Security Solution for Access Between Networks 232
Accessing the Internet 232
Proxy Server 233
Firewall 233
Gateway 234
Internet Connection Server 234
Common Internet File System (CIFS) 236
IP Security (IPSec) 238
Windows 2000誷 Default IPSec Policies 239
Policy Configuration 240
Testing Your IPSec Configuration 249
Virtual Private Networks (VPNs) 249
The VPN Server 251
Installing a VPN Client 256
Lab Exercise 10.15: Install a VPN Client 256
Remote Access Service 258
Remote Access Authorization 262
Chapter Review 267
Questions 267
Answers 268
Key Skill Sets 268
Key Terms 268
Chapter 11    Designing Security for Communication Channels 269
Common Communication Channel Attacks 270
Designing a Signing Solution with the Server Message Block Protocol 272
SMB Signing Implementation 272
Designing IP Layer Security 273
Selecting IPSec Mode 274
Planning IPSec Protocol Usage 275
Using Predefined IPSec Policies 276
IPSec Implementation Components 278
Designing an IPSec Management Strategy 280
Defining Security Levels 280
Designing Negotiation Policies 281
Designing Security Policies and Policy Management 283
Designing IPSec Encryption 285
Designing IPSec Filters 285
IPSec Best Practices 286
Verifying IPSec Communications 287
Chapter Review 289
Questions 289
Answers 290
Key Skill Sets 290
Key Terms 291
PartⅢ    Exam 70-221: Designing a Microsoft Windows 2000 Network Infrastructure 294
Chapter 12    Overview of Designing a Network Infrastructure 294
Windows 2000 Networking Services Design Overview 294
The Networking Services Deployment Cycle 297
Designing the Networking Services 298
Testing the Design 299
Implementing the Design 299
Managing the Network Services 300
Microsoft Windows 2000 Networking Services 300
Lab Exercise 12.1: Developing a Design Approach 301
The Network Foundation 302
Base Protocol Support-TCP/IP 303
Automated Client Configuration-DHCP 303
Resolving Host Names-DNS 304
Lab Exercise 12.2: Solving a Name Resolution Design Problem 305
Resolving NetBIOS Names-WINS 305
Designing Internet Connectivity 306
Network Address Translation-NAT 306
Microsoft Internet Security and Acceleration Server 307
Designing Routing and Remote-Access Connectivity 307
Remote Access 308
RADIUS and IAS 308
IP Routing 308
Putting It All Together: Integrating the Network Services Infrastructure 309
Creating Performance Monitor Log Files 310
Defining the Network Design Attributes 315
Chapter Review 316
Questions 316
Answers 317
Key Skill Sets 317
Key Terms 317
Chapter 13    Analyzing Business and Technical Requirements 318
Analyzing the Business 319
Analyzing the Geographical Scope and Existing and Planned Business Models 320
Analyzing Company Processes 323
Analyzing the Existing and Planned Organizational Structures 326
Analyzing Factors That Influence Company Strategies 329
Analyzing the IT Management Structure 332
Business Requirements Analysis Checklist 337
Evaluating the Company誷 Technical Requirements 337
Documenting the Existing Infrastructure Design 338
Analyzing Client Computer Access Requirements 345
Analyzing the Existing Disaster-Recovery Strategy 346
Directions 349
Business Background 349
Current System 350
IT Management Sample Interviews 350
Envisioned System 351
Case Study Questions: BTI Analysis 353
Chapter Review 353
Questions 354
Answers 354
Key Skill Sets 355
Key Terms 355
Chapter 14    Designing a Network Infrastructure Using TCP/IP 356
TCP/IP Background 357
TCP/IP Protocol Suite 358
TCP/IP Standards 358
TCP/IP Protocol Architecture 359
Key TCP/IP Design Considerations 361
Windows 2000 TCP/IP Features 362
Windows 2000 TCP/IP Services 362
Designing a Functional TCP/IP Solution 363
IP Addressing Review 363
Private Network IP Addressing 366
Subnet Requirements 368
IP Configuration Approaches 369
TCP/IP Design for Improving Availability 370
TCP/IP Design for Improving Performance 371
Optimizing IP Subnetting 371
Optimizing Traffic on an IP Network 373
Using QoS Mechanisms 374
TCP/IP Security Solutions 376
Packet Filtering Techniques 377
Data Encryption Design 377
IPSec Encryption Algorithms 378
IPSec Authentication Protocols 378
IPSec Internet Key Exchange 379
Chapter Review 384
Questions 384
Answers 385
Key Skill Sets 385
Key Terms 385
Chapter 15    Designing an Automated IP Configuration Solution Using DHCP 387
Key DHCP Features 388
Management Features 389
Enhanced Monitoring and Statistical Reporting 389
DNS and WINS Integration 389
Rogue DHCP Server Detection 390
User-Specific and Vendor-Specific Option Support 390
DHCP Server Clustering 390
Multicast IP Address Allocation 391
DHCP Client Support 391
Automatic Client Configuration 391
Local Storage 391
BOOTP Client Support 392
Combining DHCP with Other Services 392
Active Directory Integration 392
Dynamic Updates in the DNS Namespace 392
Routing and Remote Access Integration 393
DHCP Design Choices 394
Functional Aspects of Designing a DHCP Solution 394
Using DHCP Servers on the Network 395
Configuring and Selecting TCP/IP Options on the Network 395
Providing IP Configuration Management to BOOTP and Non-Microsoft Clients 396
DHCP Sample Design for a Single Subnet LAN 397
DHCP Example Design for a Large Enterprise Network 398
DHCP Example Design for a Routed Network 398
Relay Agent Deployment 399
DHCP and Routing and Remote Access 400
DHCP Server Placement 400
Creating a DHCP Solution to Ensure Service Availability 401
Distributed Scope Solution 401
Clustering Solution 402
Creating a DHCP Solution to Enhance Performance 402
Increasing Performance of Individual DHCP Servers 402
Increasing Performance by Adding DHCP Servers 405
Designing a Secure DHCP Solution 405
Preventing Unauthorized Windows 2000 Servers 405
Security Risks Using DHCP in DMZ Networks 406
Directions 407
Scenario 407
Design Requirements and Constraints 407
Envisioned System 407
Availability 408
Performance 408
Security 408
Proposed System 409
Chief Technology Officer誷 Comments 409
Case Study Questions 409
Chapter Review 411
Questions 411
Answers 412
Key Skill Sets 413
Key Terms 413
Chapter 16    Creating a DNS Name-Resolution Design 414
The Domain Name System Solution 415
New Features in the Windows 2000 Implementation of DNS 415
Resolution Improvements 416
Key Components of DNS 417
DNS Resolution Process 418
Resource Load-Sharing Control 419
Collecting Information for the DNS Design Decisions 421
Creating a Functional Windows 2000 DNS Strategy 421
DNS Zones and Zone Types 421
DNS Server Placement and Zone Type Considerations 425
Integrating DNS and WINS 427
Integrating with BIND and Windows NT 4.0 DNS Servers 428
Internet Access Considerations 434
Existing Namespace Integration Issues 435
Hands-On Section Exercises 435
Availability Considerations in Windows 2000 DNS Designs 436
Optimization Strategies in Windows 2000 DNS Designs 437
Server Capacity Optimization 437
Monitoring Server Performance 438
Query Resolution Optimization 441
Reducing the Impact of Server-to-Server Traffic on the Network 442
Security Strategies in DNS Designs 443
Secured Dynamic Update 443
Controlling Update Access to Zones 443
DNS Dynamic Updates from DHCP and Windows 2000 444
DNS Zone Replication 444
DNS in Screened Subnets 444
Hands-On Section Exercises 444
Chapter Review 452
Questions 452
Answers 452
Key Skill Sets 453
Key Terms 453
Chapter 17    Designing with WINS Services and DFS 454
The Microsoft WINS Solution 454
WINS Background 455
NetBIOS Name Resolution 456
Creating a WINS Design 460
Initial WINS Design Steps 460
Designing a Functional WINS Solution 461
Enhancing WINS Availability 467
Optimizing WINS Performance 469
Securing a WINS Solution 471
Designing a Distributed File System (DFS) Strategy 472
DFS Architecture 473
DFS Platform Compatibility 473
DFS Features 473
Key DFS Terms 475
Placing a DFS Root 475
DFS Root Replica Strategy for High Availability 476
Chapter Review 482
Questions 482
Answers 484
Key Skill Sets 484
Key Terms 484
Chapter 18    Designing Internet and Extranet Connectivity Solutions 485
Firewalls 486
Common Firewall Technologies 488
Firewall Placement 491
Demilitarized Zones or Screened Subnets 491
Routing and Remote Access 491
Windows 2000 Network Address Translation 492
Designing a Functional NAT Solution 493
Designing for NAT Availability and Performance 495
NAT Security Considerations 495
Outbound Internet Traffic 496
Inbound Internet Traffic 496
VPNs and Network Address Translators 496
Internet Connection Sharing 496
Web Caching with a Proxy Server 497
What Does a Proxy Server Do? 497
Protecting the Network 497
Microsoft Proxy Server 498
Designing a Functional Proxy Server Solution 499
Designing for Proxy Server Availability and Performance 500
Proxy Server Security Considerations 501
Comparing Internet-Connection Sharing Solutions 502
Scenario 503
Case Study Question 503
Chapter Review 504
Questions 504
Answers 505
Key Skill Sets 506
Key Terms 506
Chapter 19    Designing a Wide Area Network Infrastructure 507
Connecting Private Networks Using RRAS 508
Installing and Configuring RRAS 509
Routing for Connectivity Between Private Networks 515
Designing a Functional Routing Solution 517
Securing Private Network Connections 525
Optimizing a Router Design for Availability and Performance 526
RRAS Solutions Using Demand-Dial Routing 526
Designing Remote-User Connectivity 526
Designing a VPN Strategy 527
Designing Remote-Access Dial-Up Solutions 529
Designing a Dial-Up or VPN Solution in a Routed Network 529
Performance and Availability Design Considerations 529
Security Considerations 530
VPN Best Practices 531
Dial-Up Best Practices 532
Designing a Remote-Access Solution Using RADIUS 533
Integrating Authentication with RADIUS 534
Why Use IAS? 536
Designing a Functional RADIUS Solution 536
RADIUS Fault-Tolerance and Performance Solutions 536
Security Considerations for RADIUS 537
Chapter Review 539
Questions 539
Answers 540
Key Skill Sets 541
Key Terms 541
Chapter 20    Designing a Management and Implementation 
                      Strategy for Windows 2000 Networking 543
Network Services Management Strategies 543
Identifying Management Processes 544
Monitoring the Network Services Status 545
Analyzing the Information 549
Reactive and Proactive Response Strategies 550
Combining Networking Services 550
Benefits of Combining Networking Services 550
Constraints on Combining Networking Services 550
Security Issues Related to Combining Services 551
Combining Networking Services That Are Cluster-Aware 551
Optimizing Performance by Combining Services 552
Chapter Review 553
Questions 553
Answers 554
Key Skill Sets 554
Key Terms 555
PartⅣ    Bringing It All Together 557
Chapter 21    The Holistic Windows 2000 Design Process 558
Building Blocks 558
Active DirectoryActive Directory 558
Security 559
Network Infrastructure 559
Common Elements 559
Next Steps-Life as an MCSE 560
Chapter Review 561
PartⅤ    Appendixes 563
Appendixes A    More Case Study Analyses and Questions 564
Four Case Studies for Analysis 564
Exam Questions on the Topics Presented in this Book 586
Encrypting File System (Six Questions) 586
Auditing (Three Questions) 588
Public Key Infrastructure (11 Questions) 589
Internet Protocol Security (Six Questions) 594
Active Directory Services (27 Questions) 597
Appendixes B    MCSE Certification Specifics 606
Microsoft誷 New Certification Track 606
Your Commitment to Getting Certified 607
Role of Real-World Experience 608
Opportunities for MCSEs 608
Compensation 609
Ongoing Certification Requirements 611
Life as an MCSE Professional 611
Work 612
Continuing Education 612
Conferences 612
User Groups 612
Certification Exam Objectives 612
Exam 70-210: Installing, Configuring, and Administering
    Microsoft Windows 2000 Professional 613
Exam 70-215: Installing, Configuring, and Administering 
    Microsoft Windows 2000 Server 615
Exam 70-216: Implementing and Administering a Microsoft 
    Windows 2000 Network Infrastructure 617
Exam 70-217: Implementing and Administering a Microsoft 
    Windows 2000 Directory Services Infrastructure 620
Exam 70-219: Designing a Microsoft Windows 2000 Directory 
    Services Infrastructure 622
Exam 70-220: Designing Security for a Microsoft Windows 2000 Network 623
Exam 70-221: Designing a Microsoft Windows 2000 Network Infrastructure 625
Appendixes C    Case Study Analysis Approach 629
Case Study Method 629
Management Value 630
How to Approach a Case 631

图书封面

评论、评分、阅读与下载

---

    MCSE Windows2000Designing考试指南(英文原版) PDF格式下载

---