Microsoft Security Fundamentals (98-367) Practice Exam
Security Fundamentals (98-367) Certification Exam
About Security Fundamentals (98-367) Certification Exam
This exam validates that a candidate has fundamental security knowledge and skills. It can serve as a stepping stone to the Microsoft Certified Solutions Associate (MCSA) exams. It is recommended that candidates become familiar with the concepts and the technologies described here by taking relevant training courses.
For more details visit: Microsoft Certified: Azure Security Engineer Associate (AZ-500)
This MTA exam must be purchased by June 30, 2021. If you are currently studying for this exam, it must be taken within one year, by June 30, 2022, at which point it will be retired.
Exam Details
- Published: August 2, 2010
- Languages: English, Chinese (Simplified), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, Spanish, Spanish (Latin America)
- Audiences: Academic
- Technology: Windows 10
- Credit toward certification: MTA
Who should take this exam?
This exam validates that a
candidate has fundamental security knowledge and skills. It can serve as
a stepping stone to the Microsoft Certified Solutions Associate (MCSA)
exams. It is recommended that candidates become familiar with the
concepts and the technologies described here by taking relevant training
courses. Candidates are expected to have some hands-on experience with
Windows Server, Windows-based networking, Active Directory, anti-malware
products, firewalls, network topologies and devices, and network ports
Course Structure for Security Fundamentals (98-367) Certification Exam
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam.
Note: As of June 23, 2016, this exam includes updates for Windows 10, in addition to updates to security and threat terms.
1. Understand security layers (25–30%)
- Understand core security principles - Confidentiality; integrity; availability; how threat and risk impact principles; principle of least privilege; social engineering; attack surface analysis; threat modelling
- Understand physical security - Site security; computer security; removable devices and drives; access control; mobile device security; keyloggers
- Understand Internet security - Browser security settings; secure websites
- Understand wireless security - Advantages and disadvantages of specific security types; keys; service set identifiers (SSIDs); MAC filters
2. Understand operating system security (35-40%)
- Understand user authentication - Multifactor authentication; physical and virtual smart cards; Remote Authentication Dial-In User Service (RADIUS); biometrics; use Run As to perform administrative tasks
- Understand permissions - File system permissions; share permissions; registry; Active Directory; enable or disable inheritance; behavior when moving or copying files within the same disk or on another disk; multiple groups with different permissions; basic permissions and advanced permissions; take ownership; delegation; inheritance
- Understand password policies - Password complexity; account lockout; password length; password history; time between password changes; enforce by using Group Policies; common attack methods; password reset procedures; protect domain user account passwords
- Understand audit policies - Types of auditing; what can be audited; enable auditing; what to audit for specific purposes; where to save audit information; how to secure audit information
- Understand encryption - Encrypting file system (EFS); how EFS-encrypted folders impact moving/copying files; BitLocker (To Go); TPM; software-based encryption; MAIL encryption and signing and other uses; virtual private network (VPN); public key/private key; encryption algorithms; certificate properties; certificate services; PKI/certificate services infrastructure; token devices; lock down devices to run only trusted applications
- Understand malware - Buffer overflow; viruses, polymorphic viruses; worms; Trojan horses; spyware; ransomware; adware; rootkits; backdoors; zero day attacks
3. Understand network security (20–25%)
- Understand dedicated firewalls - Types of hardware firewalls and their characteristics; when to use a hardware firewall instead of a software firewall; stateful versus stateless firewall inspection; Security Compliance Manager; security baselines
- Understand network isolation - Routing; honeypot; perimeter networks; network address translation (NAT); VPN; IPsec; server and domain isolation
- Understand protocol security - Protocol spoofing; IPsec; tunneling; DNSsec; network sniffing; denial-of-service (DoS) attacks; common attack methods
4. Understand security software (15–20%)
- Understand client protection - Antivirus; protect against unwanted software installations; User Account Control (UAC); keep client operating system and software updated; encrypt offline folders, software restriction policies; principle of least privilege
- Understand email protection - Antispam, antivirus, spoofing, phishing, and pharming; client versus server protection; Sender Policy Framework (SPF) records; PTR records
- Understand server protection - Separation of services; hardening; keep server updated; secure dynamic Domain Name System (DNS) updates; disable unsecure authentication protocols; Read-Only Domain Controllers (RODC)
What do we offer?
- Full-Length Mock Test with unique questions in each test set
- Practice objective questions with section-wise scores
- In-depth and exhaustive explanation for every question
- Reliable exam reports to evaluate strengths and weaknesses
- Latest Questions with an updated version
- Tips & Tricks to crack the test
- Unlimited access
What are our Practice Exams?
- Practice exams have been designed by professionals and domain experts that simulate real time exam scenario.
- Practice exam questions have been created on the basis of content outlined in the official documentation.
- Each set in the practice exam contains unique questions built with the intent to provide real-time experience to the candidates as well as gain more confidence during exam preparation.
- Practice exams help to self-evaluate against the exam content and work towards building strength to clear the exam.
- You can also create your own practice exam based on your choice and preference
100% Assured Test Pass Guarantee
We have built the TestPrepTraining Practice exams with 100% Unconditional and assured Test Pass Guarantee!
If you are not able to clear the exam, you can ask for a 100% refund.