You are on page 1of 2

Microsoft.

com > Microsoft Learning > Training Catalog > Exam

Exam 98-367:
Security Fundamentals
Published: Language(s): Audience(s): Technology: Type: August 02, 2010 English Academic Windows Server 2008 Proctored Exam

Save to My Learning

How To Get It : Schedule your exam through the following exam provider:

Preparing for an Exam

The Microsoft Certification website and this preparation guide contain a variety of resources to help you prepare for an exam. Preparing for and Taking an Exam FAQ provides answers to frequently asked questions about exam registration ,preparation ,scoring ,and policies , including: The most effective way to prepare to take an exam. The relationship between Microsoft training materials and exam content. Microsoft policy concerning the incorporation of service pack and revision updates into exam content. Exam question types and formats. Exam time limits and number of questions asked. We recommend that you review this preparation guide in its entirety and familiarize yourself with the FAQs and resources on the Microsoft Certification website before you schedule your exam.
Audience Profile This exam is designed to provide candidates with an assessment of their knowledge of fundamental security concepts. It can also serve as a stepping stone to the Microsoft Certified Technology Specialist exams. Candidates for this exam are seeking to prove fundamental security knowledge and skills. Before taking this exam, candidates should have a solid foundational knowledge of the topics outlined in this preparation guide. It is recommended that candidates become familiar with the concepts and the technologies described here by taking relevant training courses. Candidates are expected to have some hands-on experience with Windows Server, Windows based networking, Active Directory, AntiMalware products, firewalls, network topologies and devices, and network ports. Note This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format.

Skills Being Measured This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam.The higher the percentage, the more questions you are likely to see on that content area on the exam. The information after This objective may include but is not limited to is intended to further define or scope the objective by describing the types of skills and topics that may be tested for the objective. However, it is not an exhaustive list of skills and topics that could be included on the exam for a given skill area. You may be tested on other skills and topics related to the objective that are not explicitly listed here. Understanding Security Layers Understand core security principles. This objective may include but is not limited to: confidentiality; integrity; availability; how threat and risk impact principles; principle of least privilege; social engineering; attack surface Understand physical security. This objective may include but is not limited to: site security; computer security; removable devices and drives; access control; mobile device security; disable Log On Locally; keyloggers Understand Internet security. This objective may include but is not limited to: browser settings; zones; secure Web sites Understand wireless security. This objective may include but is not limited to: advantages and disadvantages of specific security types; keys; SSID; MAC filters Understanding Operating System Security Understand user authentication. This objective may include but is not limited to: multifactor; smart cards; RADIUS; Public Key Infrastucture (PKI); understand the certificate chain; biometrics; Kerberos and time skew; using Run As to perform administrative tasks; password reset procedures Understand permissions. This objective may include but is not limited to: file; share; registry; Active Directory; NTFS vs. FAT; enabling or disabling inheritance; behavior when moving or copying files within the same disk or on another disk; multiple groups with different permissions; basic permissions and advanced permissions; take ownership; delegation; Understand password policies. This objective may include but is not limited to: password complexity; account lockout; password length; password history; time between password changes; enforce by using group policies; common attack methods Understand audit policies. This objective may include but is not limited to: types of auditing; what can be audited; enabling auditing; what to audit for specific purposes; where to save audit information; how to secure audit information Understand encryption. This objective may include but is not limited to: EFS; how EFS encrypted folders impact moving/copying files; BitLocker (To Go); TPM; software-based encryption; MAIL encryption and signing and other uses; VPN; public-key / private key; encryption algorithms; certificate properties; certificate services; PKI/certificate services infrastructure; token devices Understand malware. This objective may include but is not limited to: buffer overflow; worms; Trojans; spyware; Understanding Network Security Understand dedicated firewalls. This objective may include but is not limited to: types of hardware firewalls and their characteristics; why to use a hardware firewall instead of a software firewall; SCMs and UTMs; stateful vs. stateless inspection Understand Network Access Protection (NAP).

25/10/12
Understand network isolation.

Security Fundamentals
This objective may include but is not limited to: purpose of NAP; requirements for NAP

This objective may include but is not limited to: VLANs; routing; honeypot; perimeter networks; NAT; VPN; Ipsec; Server and Domain Isolation. Understand protocol security. This objective may include but is not limited to: protocol spoofing; IPSec; tunneling; DNSsec; network sniffing; common attack methods Understanding Security Software Understand client protection. This objective may include but is not limited to: antivirus; User Account Control (UAC); keeping client operating system and software updated;encrypting offline folders; software restriction policies Understand e-mail protection. This objective may include but is not limited to: antispam; antivirus; spoofing, phishing, and pharming; client vs. server protection; SPF records; PTR records Understand server protection. This objective may include but is not limited to: separation of services; hardening; ); keeping server updated; secure dynamic DNS updates; disabling unsecure authentication protocols; Read-Only Domain Controllers; separate management VLAN; Microsoft Baseline Security Analyzer (MBSA)

Preparation Tools and Resources To help you prepare for this exam, Microsoft Learning recommends that you have hands-on experience with the product and that you use the following training resources. These training resources do not necessarily cover all of the topics listed in the "Skills Measured" tab. Learning Plans and Classroom Training There is no classroom training currently available. Microsoft E-Learning There is no Microsoft E-Learning training currently available. Microsoft Press Books There are no Microsoft Press books currently available. Practice Tests MeasureUp (Measureup.com)

Microsoft Online Resources Windows Server 2008 Learning Portal: Find special offers and information on training and certification. Product information: Visit the Windows Server 2008 Web site for detailed technology information. Microsoft Learning Community: Join newsgroups and visit community forums to connect with your peers for suggestions on training resources and advice on your certification path and studies. TechNet: Designed for IT professionals, this site includes how-to instructions, best practices, downloads, technical resources, newsgroups, and chats. MSDN: Designed for developers, the Microsoft Developer Network (MSDN) features code samples, technical articles, downloads, newsgroups, and chats.

Have Questions? For advice about training and certification, connect with peers: Visit the training and certification forum For questions about a specific certification, chat with a Microsoft Certified Professional (MCP): Visit our MCP newsgroups To find out about recommended blogs, Web sites, and upcoming Live Meetings on popular topics, visit our community site: Visit the Microsoft Learning community

Exam index

Site Map | Manage Your Profile | Contact Us | Terms of Use | Trademarks | Privacy Statement
2012 Microsoft

www.microsoft.com/learning/en/us/exam.aspx?ID=98-367&locale=en-us#tab2

2/2