The worst exam preparation book I have read
Written: Mar 05 '07 (Updated Mar 06 '07)
|
Product Rating:
|
|
|
Pros: Windows 2003 server evaluation and MeasureUP software that comes with it
Cons: the book itself
The Bottom Line: If you're looking for one good resource for the exam, look somewhere else. If you need the Windows Software and test questions, at least try getting the book on sale.
|
|
|
| twofish72's Full Review: Microsoft - Designing Security for a Microsoft Win... |
Microsoft's 70-298 exam, titled "Designing Security for a Microsoft Windows Server Network" is a so called "Design" exam. What's different compared to most "regular" exam's like the dreaded 70-291 is it's focus on "case studies". Meaning you get an extensive background of a fictitious company, including mission statement, interviews with key employees, diagrams of the network and the organization itself and so on and so forth. Then, a couple of questions are presented to solve upcoming or pending "problems" of that company.
"Regular" exams usually follow the scheme of having a one question delivering a specific problem ("You are the network admin of Fireworks Inc. and your server just blew up, what do you do?") and then moving on to a different problem with a different question.
This said, I expected a different approach on the preparation for the 70-298 exam than in other preparation guides... what I got though was not only different but the worst exam preparation in the entire MCSE package I did so far (since this is my last one, I already had six others.) What's funny about that is, that the book is actually okay in relaying general security issues of the Windows 2003 Server enviroment and the respective solutions for those problems. Describing and explaining general Security concerns though should not be the prime task for this book... it should be a book preparing you for the exam to take. And it fails at that.
Contents of the book
The book is actually a small package of things. Like most exam preparation guides from Microsoft press, it contains the book itself (duh!), a CD containing a 180 days evaluation copy of Windows Server 2003 an an additional CD containing such useful things as a "Test-Yourself"-software from MeasureUP (contains 300 questions to check yourself much like the actual exam) and the whole book as and e-book (PDF) to read while you have your notebook with you.
The book itself is divided into five different sections:
Section I : Documenting the Impact of Business and Technical Constraints on the Security Design Process
Section II : Creating a Security Design for the Network Infrastructure
Section III: Creating a Security Design for Management and Maintenance of the Network
Section IV : Creating a Security Design for Basic Network Functions
Section V : Creating a Security Design for Wireless Networks and Web Servers
As in all the other Exam preparation guides, this one follows a common scheme. First, the author tells you all you need to know about any given topic in a specific section in conjunction with it's implementation in Windows Server 2003. Then, you get to do a practice and then a little test, usually consisting of 2-6 questions that are meant to reinforce what you should have learned. After that, a short summary about the topic is given. Then, we move on to the next topic. After a complete section is finished, you will be able to look at the answers of the little tests and see how you have done. And after that, the books move on to a different section.
This book kind of does the same thing. "Kind of" means that some stuff is missing that I think is pretty important for a preparation book on a Microsoft exam.
Things missing
First of all, you will rarely encounter much advise on how to actually do something in any given Windows Server / Active Directory Enviroment. The book tells you more about the philosophies behind network and computer security than actually giving hard advice on how to implement that. The author pretty much assumes that you are fluent in the handling and operation of Windows Server 2003. I give you two examples:
1. As everybody knows (well, at least the ones reading this review probably should), Microsoft Exams are mostly multiple choice tests. This is why in all the other books, the little tests in between the chapters are 90% multiple choice too. The same style of questions with roughly the same difficulty level. Answering those gives you a pretty good idea where you stand. In this book, all the little tests are questions that you have to write out. This might be good for reinforcing the general knowledge, but it does not prepare you for the actual tests. And on top of that, some questions do not even have one right answer! Seriously, in some answers, the first sentence is: "Answers may vary". Okay, I cannot do "Answers may vary" in an actual exam. I cannot discuss matters with the test computer and present two different methods of resolution to it. The questions is the exam (and even in the MeasureUP test software) are pretty precise and require precise answers.
2. Every other book contains practices with hands-on stuff on the actual software. Before a chapter starts, the author tells you how you should prepare a testing enviroment on your computer in case you want to try out said practices. That part is always called "Before you begin" In this book, the practices are the little annoying written tests. And to make it even more ridiculous... in the requirement for every chapter-practice, it lists the prerequisites of going into a Microsoft Exam in the first place (1 year Experience with at least 250 Users, two or more locations, multiple domain controllers, bla , bla - you know the deal) and tells you that "many" design exercises are paper based (Many? Should have said: "all"!) and that you should have "some hands-on experience with products".
This is more than ridiculous. Microsoft exams test exactly that hands-on-experience and the book does close to nothing to prepare you for those exam questions.
So.... what actually is in the book then?
If you continue reading the book, you will find that it is actually good in making you more security aware in case you are already a network admin of some sort. It points out requirements of security in every field of modern networking, be it certificates, network security, network design, authentication, authorization, etc, etc. All the information is very useful for that. But that is not what I paid for. I wanted to get a book preparing me for a specific exam and not tell me about general thoughts on network security. I give you another example about a typical paragraph you will encounter in the book:
Let's say, the author writes about securing your email servers. You will find the book written in a style like:
"Have you thought about splitting server roles? Frontend and Backend servers? How should they communicate? IPSec? How strong should the key for the certificates be? 2048 bit or better 4096? Who should be in charge of which server? Can you trust those persons? How far should you split up responsibilities? Those are questions you have to think about."
And then, in the MeasureUP test, comes a precise question like: "Which IPSEC solution is possible with this given Network diagram?"
The whole book is like that. Vague information, packed in questions (or sometimes just short statements), followed by a "practice" that asks you for your opinion or solution to a certain problem and then tells you there is no one answer. And in the actual test, you will find very precise questions that demand very precise answers.
The MeasureUP tests contained on the CD are very good, as in all the exam guides I have purchased so far. 300 questions divided into different scenarios (much like the real exam) prepare you for what's ahead. The MeasureUP tests are usually harder than the actual exam itself, but the questions are neither the exact same style nor a guideline of what topics you should focus on learning. Still, if you can master the MeasureUP tests and you really understand the logic and solution behind the questions, you will probably pass the real thing.
The other drawback with the approach in this book is that it's extremely dry. Doing no hands-on stuff gets boring quickly. If you are a person (like I am) who cannot just read and read and read without actually trying something out, this will be hard to work through for you.
My epinion
If you go for this exam... don't get this book, at least not as a single source. Unless you get it cheaper or want to have the MeasureUP test questions you might want to skip it entirely. I am glad I only paid $30 instead of the original $60, since this book was on sale at Amazon when I got it (Gee, I wonder why?).
I guess since the "Design" exams from Microsoft are different in the way they test knowledge, they call for a preparation guide that is different from the rest. It still calls for one that prepares you for the actual test. This book sadly does not even come close to doing that. A funny side note: You have to reach page 115 (of 831 pages) until you see your first picture of an actual Windows Server 2003 window. No joke, there are pictures or diagrams before that, but nothing that actually shows Windows.
To me, it seems like the author already had this book finished half way as a general network security guideline book with no focus on a specific operating system. And then some friends came by and convinced her to write some passages for Windows Server 2003 into there and sell it to Microsoft.
If you are looking on a book about the general philosophy of network security, this might be a little more interesting. But I have read way better and less dry books in that field too. All in all, I sadly have to say: Stay away from this one, folks.
Recommended:
No
|
|
|
|
Epinions.com ID:
twofish72
|
|
Member: Michael Opitz
Location: Wisconsin
Reviews written: 36
Trusted by: 0 members
|
|
|
- Add to My Yahoo!: 
- Add to Google Homepage: 
© 1999-2009 Shopping.com, Inc.