Tips for Passing the MCSE 70-291

Published on Wednesday, July 19, 2006

As you may know, I've been taking a few of the MCSE:Security tests when I have time.  This afternoon I passed the 70-291, which is claimed to be the hardest of all the tests (and of the one's I've taken so far, I would concur).

 I'm taking my tests at the Geego Systems center.  If you are in Taipei for some reason, and needing a place to take some tests, this place is a safe bet.  Their staff is pretty darn cool, and they let me drink as much tea as I want.

 Anyways, the test.  I can't talk about any of the questions, 'cause I've "signed" an NDA, and Microsoft will take away my certification(s).  But, I'll tell you what I did to study.

I took three approaches, as I do to all the tests.

1) Get an Exam Cram2 70-291 book, and read it through, cover-to-cover.  This, in my opinion, is a great way to get to know the language used, and some of the concepts.  Exam Cram 2 books do a pretty good job of cutting out the fluff.

2) I have a copy of Mastering Windows Server 2003 that I picked up in Hong Kong last year.  It doesn't do a good job of cutting out the fluff, which makes it a great resource to flip through.  It is seems to have almost every tutorial you could imagine.  The one downside though, as there always is one, is that the book is starting to get a little dated.  Either way, this has to be one of the most complete books on 2003 I have ever flipped through.

3) It is all fine and dandy to read, but it is my belief that everything you read, you should do.  My little lab (see end of post for my cool diagram) seems to suite me quite well.  If you have read this far, and want some things to do in your test lab, this is what I would recommend:

  • DNS - Know how to add CNAME's, A records and play with MX records.  Know how to prioritize mail servers.  Know how to create aliases.
  • WSUS - Sadly, many of the books I've seen (or the two listed above), don't talk about WSUS.  I believe Microsoft just made the change on their tests, but it is on there.  And they hit this topic pretty hard, so be prepared.
  • Security Templates  - Creating baselines and doing audits
  • Network Security - Configuring firewalls, configure VPN between two networks (RRAS)
  • DHCP - Creating scopes, relay agents and reserving client addresses
  • TCP/IP -This test has a pretty big backbone of TCP/IP.  Know how to subnet, and general networking terms/methods.  Picking up a book on the Network+ certification, such as the Exam Cram2 Network+ book (which I read to refresh myself, and pass the Network+ test), could be useful.

Luckily I was able to get a few years of some real life hands-on experience with installing, implementing and managing AD through a previous I.T. position.   Practice always helps though.  Good luck!

 

LDAP Backend

Published on Friday, July 7, 2006

Status: Done!

Users don't like to remember passwords, heck, I don't like to remember to use passwords. I decided to upgrade all the webapps to authenticate off the domain, welcome a start to SSO. To do this I implemented the adldap php class to control authentication to each webapp. Thus, a simple GPO can control who has access to the app or not. A simple solution to a rather simple problem.