Exam Profile: MTA: Security Fundamentals (98-367)
Date: May 10, 2011
Microsoft’s Security Fundamentals exam tests your knowledge of physical security, Internet security, operating system security, network security and software security. The Security Fundamentals exam is similar to the CompTIA Security+ exam. After you pass the Security Fundamentals exam, you will have earned your Microsoft Technology Associate (MTA) Certification.
Many people would like to pursue a career in technology, but lack the foundational knowledge necessary to pursue Technology Specialist or Professional certifications. The MTA certification creates a new entry point to help those who have little practical experience get into the career field, and can be the first step towards becoming a Microsoft Technology Specialist (MCTS).
The MTA is a new, entry-level certification designed to help individuals take the first step toward a career as an IT professional or developer. Also, when you earn an MTA Certification, you become a member of the Microsoft Certified Professional community. You will get access to members-only benefits such as special offers, the MCP transcript tool, and private newsgroups where you can network, find peer support, and share your accomplishments other certified professionals worldwide.
At this time, MTA is only available to students, faculty, and staff of an accredited academic institution that is an approved MTA testing center. MTA exams are only available at academic institutions that have purchased an MTA Campus License or MTA vouchers; they are delivered in an internet-based testing platform, and the institution’s educators serve as proctors.
The next step in the Microsoft certification path is Microsoft Technology Specialist (MCTS) which requires hands on experience with the Microsoft technology platform. Microsoft makes its complete developer toolset available for students to download and install at no cost through the DreamSpark Program.
Each MTA Certification exam covers a broad technology area, including:
- Software Development Fundamentals
- Web Development Fundamentals
- Windows Development Fundamentals
- Database Fundamentals
- System Administrator Fundamentals
- Networking Fundamentals
- Security Fundamentals
In order to earn an MTA Certification, candidates only need to pass one exam. The MTA Certification will expire after five years.
Exam Details
- Number of Questions: Approximately 30-50 questions (Since Microsoft does not publish this information, the number of exam questions may change without notice.)
- Types of Questions: multiple choice
- Passing Score: 70
- Time Limit: 50 minutes
- How to register: Search for an institution that can administer the exam by visiting the Certiport site.
This passing score does not mean that you must answer 70 percent of the items correctly in order to pass the exam The actual percentage varies from exam to exam and may be more or less than 70 percent. There is no penalty for guessing. No points are deducted for incorrect answers. If a question specifies that you must choose multiple correct answers, you must choose the exact number of correct answers specified in the question in order to earn a point for that item. Some of the questions on the exam may not count toward the calculation of your score. Microsoft will often throw a question in that is meant to gather data that will help them improve the exam.
Trouble Spots
As with any exam, it will vary from person to person what is deemed to be difficult. Some of the common trouble spots include NTFS and share permissions, password policy, VLANS, VPN, server updates, hardware vs. software firewall, threat and risk, social engineering. Each of these topics is outlined below.
NTFS and Share Permissions
There are two levels of security you must be familiar with: Share and NTFS. The Share permissions that let you protect your resources are Read, Change, Full Control, and No Access. NTFS permissions are List, No Access, Change, Add, and Read and Add. Share permissions can only apply to the subdirectory level, but NTFS permissions are applied to the file level and are in affect whether the user is logged on locally or across a network. When NTFS and shared folder permissions are combined, the most restrictive set of permissions takes precedence. When logging on locally, a user's level of access for a folder is determined by his least restrictive level of access. The least restrictive level would be the level of permission a user has for accessing an NTFS folder locally. When No Access permission is combined with any other permission, an access level of No Access is always the result. Only drives formatted as NTFS will have the Permissions tab.
Hidden Share
Hidden shares are created by using a $ at the end of the share name. They can only be accessed using the share name$. This is a good idea if you have special software that you want to limit access to, but do not feel that using NTFS permissions is the best way to accomplish this. If you have created a hidden share, you would access it by typing \\servername\hiddensharename$ from the Start/Run prompt. You can also right click on My Computer and Map a Drive to a hidden share.
Administrative Share
Administrative shares are shares created by the system on Windows Workstations and Servers and cannot be changed without a registry edit.
There is an administrative share on each drive letter. To access an administrative share, from the Start/Run command, type \\servername\drive letter$. Accessing a server via administrative shares allows you to delete, copy, or move files or folders and to create files or folders. You can also administer NTFS permission, but not share permissions. A good use of this is to open an administrative share in one window and create a folder. Then go to My Computer and copy files between the server and workstation. You can also right click on My Computer and Map a Drive to an administrative share.
Password Policy
Passwords have become much more complex since users started logging in. You must determine how you will setup the password requirements in your organization. You can set your password length, prevent users from changing their passwords, make a password never expire, require a password to have upper and lower case, require it to have a numeral, and require it to have special characters. You can control your password policy using a Group Policy.
Virtual Local Area Networks (VLANS)
A VLAN is a network that does not exist physically. It is a way of using your existing infrastructure to create two different networks over the same Local Area Network (LAN). By doing this, you keep traffic from one network separate from the other network. Most VLANs are created on a switch, which keeps track of the traffic and of the network on which it transverses by placing some type of a VLAN tag on the packets. A router is used to allow two different networks or VLANS to communicate.
Virtual Private Network (VPN)
A Virtual Private Network (VPN) is used to connect two private networks across the Internet. You must have a VPN server to authenticate users connecting via VPN. Some firewalls have VPN built in to them.
Server Updates
Keeping your servers up to date with the latest patches, hotfixes and service packs from Microsoft is vital. You can do this manually, but if you have many servers in an enterprise network, it would be too time consuming. Microsoft offers a solution in their Windows Server Update Service (WSUS). Loading WSUS on a server allows it to be a central point of contact for Microsoft updates. This server would receive the updates and then distribute them across your network to the other servers you have specified.
Hardware vs. Software Firewall
Every broadband internet connections should be protected with a firewall. A hardware firewall is an actual device that resided on your network such as a switch or router that you use to permit or deny traffic in or out of your network. Hardware firewalls are more robust, but cost more than software firewalls. A hardware firewall controls traffic at the packet and port level and are not concerned with applications. A software firewall is a piece of software that is usually installed on a PC that is used to permit or deny network traffic. Depending on the number of PCs you have, it can be a cumbersome to manage.
Threat and Risk
Managing threat and risk can be a delicate balancing act. You want to keep your network safe, but keep the expense low. Since the cost of eliminating all threats is virtually impossible, you have to decide the amount of risk you are willing to take. For instance, if you wanted to remove all threat of being in a car accident, you would never travel by car. You assume a certain amount of risk each time you travel, but you help to minimize the risk of accidents by trying to follow the rules of good driving. It is the same with networking: the only way to eliminate all threats would be to turn all devices on your network off. As a network administrator, you have to determine what measures you can afford to put in place and manage, which will protect your network.
Social Engineering
Social engineering is manipulating people instead of hacking networks to get information. Since people are usually the weakest link in a network environment, by manipulating someone into performing an action or divulging confidential information, you can easily get what you need to compromise a network. This type of corporate espionage is one of the oldest and most effect ways to infiltrate a company.
Preparation Hints
Review the Exam Objectives below and make sure that you are familiar with them. If you do have access to a Windows 2008 network, hands-on practice in that environment will help you to connect the theory with real life. Always check the Microsoft site for the specific exam you are going to take. In this instance, the site is http://www.microsoft.com/learning/en/us/exam.aspx?ID=98-367&locale=en-us. There are many web sites and blogs that can help you to research topics, but be careful to fully research the information you read. It is not advisable to try to find sites that list questions and answers for several reasons. First, you don’t know if you will be asked a specific question and second, the answers given in a blog may be inaccurate and third, you need to understand the information to adequately prepare.
When taking the exam, read each question carefully. Microsoft is notorious for adding a lot of unneeded information in their questions. Make sure that when you click on a choice, that it is really marked. Be careful clicking anywhere on the screen. I found that by inadvertently clicking near the scroll bar on the right of the screen, I actually changed an answer. You get a single piece of paper and a marker for writing. You can use a small amount of time before you even start the exam to make notes once you enter the test area. Sometimes there is even a questionnaire at the beginning of the test that does not count against your test time. You can even use this time to write down notes, facts, tables or other information by taking your time between answers.
Recommended Study Resources
98-367: MTA Security Fundamentals by Microsoft Official Academic Course
Exam Objectives
The exam objectives are broken up into four different categories.
Understanding Security Layers
- Understand core security principles.
- Understand physical security.
- Understand Internet security.
- Understand wireless security.
This objective may include but is not limited to: confidentiality; integrity; availability; how threat and risk impact principles; principle of least privilege; social engineering; attack surface
This objective may include but is not limited to: site security; computer security; removable devices and drives; access control; mobile device security; disable Log On Locally; keyloggers
This objective may include but is not limited to: browser settings; zones; secure Web sites
This objective may include but is not limited to: advantages and disadvantages of specific security types; keys; SSID; MAC filters
Understanding Operating System Security
- Understand user authentication.
- Understand permissions.
- Understand password policies.
- Understand audit policies.
- Understand encryption.
- Understand malware.
This objective may include but is not limited to: multifactor; smart cards; RADIUS; Public Key Infrastucture (PKI); understand the certificate chain; biometrics; Kerberos and time skew; using Run As to perform administrative tasks; password reset procedures
This objective may include but is not limited to: file; share; registry; Active Directory; NTFS vs. FAT; enabling or disabling inheritance; behavior when moving or copying files within the same disk or on another disk; multiple groups with different permissions; basic permissions and advanced permissions; take ownership; delegation;
This objective may include but is not limited to: password complexity; account lockout; password length; password history; time between password changes; enforce by using group policies; common attack methods
This objective may include but is not limited to: types of auditing; what can be audited; enabling auditing; what to audit for specific purposes; where to save audit information; how to secure audit information
This objective may include but is not limited to: EFS; how EFS encrypted folders impact moving/copying files; BitLocker (To Go); TPM; software-based encryption; MAIL encryption and signing and other uses; VPN; public-key / private key; encryption algorithms; certificate properties; certificate services; PKI/certificate services infrastructure; token devices
This objective may include but is not limited to: buffer overflow; worms; Trojans; spyware;
Understanding Network Security
- Understand dedicated firewalls.
- Understand Network Access Protection (NAP).
- Understand network isolation.
- Understand protocol security.
This objective may include but is not limited to: types of hardware firewalls and their characteristics; why to use a hardware firewall instead of a software firewall; SCMs and UTMs; stateful vs. stateless inspection
This objective may include but is not limited to: purpose of NAP; requirements for NAP
This objective may include but is not limited to: VLANs; routing; honeypot; perimeter networks; NAT; VPN; Ipsec; Server and Domain Isolation.
This objective may include but is not limited to: protocol spoofing; IPSec; tunneling; DNSsec; network sniffing; common attack methods
Understanding Security Software
- Understand client protection.
- Understand e-mail protection.
- Understand server protection.
This objective may include but is not limited to: antivirus; User Account Control (UAC); keeping client operating system and software updated;encrypting offline folders; software restriction policies
This objective may include but is not limited to: antispam; antivirus; spoofing, phishing, and pharming; client vs. server protection; SPF records; PTR records
This objective may include but is not limited to: separation of services; hardening; ); keeping server updated; secure dynamic DNS updates; disabling unsecure authentication protocols; Read-Only Domain Controllers; separate management VLAN; Microsoft Baseline Security Analyzer (MBSA)
Where to Go from Here
After you pass the Security Fundamentals exam, you are a certified MTA in the IT Professional category. Some other exams you may want to consider taking are:
- Network Fundamentals Exam 98-366
- Windows Server Administration Fundamentals Exam 98-365
All available MTA exams can be found at: http://www.microsoft.com/learning/en/us/certification/mta.aspx#certification