System administration is a critical and dynamic discipline that demands a comprehensive skill set. The MSA course is designed to empower participants with the essential expertise required to excel in this dynamic field.

Throughout the program, participants will delve into advanced configuration techniques aimed at optimizing security settings for both Windows servers and computers. Topics covered include script writing, configuring Group Policy Objects (GPOs) to achieve stringent security objectives, and securing service configurations on Linux machines. By honing these skills, learners will gain the ability to troubleshoot effectively, resolving usage and security-related issues to maintain robust systems.

The course places significant emphasis on situational awareness within organizational computer networks. Participants will acquire the ability to detect vulnerabilities at network and host levels, learning the importance of maintaining a precise inventory of network assets. This proactive approach helps identify and address potential security risks promptly, reducing the likelihood of major disruptions.

Through practical case studies, participants will immerse themselves in administering real-world scenarios. This includes setting up, configuring, and managing complex Windows server and client environments, alongside maintaining services within a Windows domain setting. The hands-on experience gained through these case studies is invaluable, providing learners with the confidence and practical skills needed to manage sophisticated system environments effectively.

Upon completion of the MCSI System Administration certification, participants will be equipped with a diverse skill set enabling them to:

• Implement security protocols using scripts and Group Policy Objects to enhance Windows system security.
• Monitor and manage network traffic using firewall tools to ensure secure data flow.
• Conduct comprehensive host scans to identify and address vulnerabilities.
• Develop efficient troubleshooting methods to resolve common network and host issues systematically.
• Utilize Ansible for efficient configuration management across networked systems.
• Implement data security practices including regular backups and proficient recovery techniques.

MCSI is one of the most respected and trusted names in cyber security education and training. Our certifications teach critical skills, knowledge and abilities needed to advance a career in cyber security. Our courses are comprehensive and up-to-date, and our instructors are experienced professionals who are dedicated to helping students learn. MCSI provides the real-world skills and knowledge you need to protect any organization from cyber threats.

• Lab Setup and Virtualization

  Setting up and configuring VirtualBox is essential for creating virtualized environments to practice system administration tasks. Deploying virtual machines (VMs) within VirtualBox provides hands-on experience in managing virtualized systems.

  VirtualBox

  VirtualBox facilitates the creation of virtual machines in isolated network environments, providing a safe and controlled space for practicing cybersecurity skills. This setup ensures that learners can experiment with various configurations without risking the security of external systems or networks.

  By creating and configuring virtual machines, learners can develop essential skills in system administration, network security, and vulnerability assessment in a realistic environment. VirtualBox offers flexibility in creating and customizing virtualized environments to suit specific learning objectives. Learners can easily deploy multiple virtual machines with different operating systems, network configurations, and software installations, allowing for a diverse range of cybersecurity exercises and scenarios.

  ELK Stack

  The ELK Stack is a powerful combination of open-source tools used for log management and analysis. Elasticsearch provides real-time search and analytics, Logstash processes and transforms log data, and Kibana offers visualization and dashboarding capabilities, making it essential for monitoring system health, troubleshooting issues, and detecting security incidents in large-scale environments.

  The ELK Stack's relevance lies in its ability to centralize and analyze logs from various sources, enabling system administrators to gain actionable insights and maintain the security and performance of IT infrastructures efficiently.

  OpenVAS

  OpenVAS is an open-source tool designed for scanning and identifying security vulnerabilities in networked systems. It enables proactive security assessment and risk mitigation.

  OpenVAS is valuable for system administrators to conduct thorough vulnerability scans and enhance network security by identifying and addressing potential threats efficiently.

  Active Directory Environment

  Active Directory (AD) is a directory service developed by Microsoft, used to manage and organize resources in a networked environment. It provides centralized authentication, authorization, and management of users, groups, computers, and other network resources.

  In system administration, understanding and configuring Active Directory environments is essential for managing user accounts, permissions, group policies, and domain services within a Windows-based network. Active Directory simplifies network management tasks, enhances security through centralized access control, and streamlines user and resource management processes.

  Ansible

  Ansible is an open-source automation tool used for configuration management, application deployment, and task automation. It simplifies the process of automating repetitive tasks across multiple systems and environments.

  In system administration, Ansible plays a crucial role in streamlining IT operations by enabling administrators to automate provisioning, configuration, and deployment tasks. It enhances efficiency, reduces human error, and facilitates consistent management of IT resources across diverse infrastructure environments.

• Networking Fundamentals

  Network fundamentals cover the basic principles and technologies of computer networking, including protocols and architectures used for device communication.

  Understanding network fundamentals is crucial for system administrators to design, configure, and troubleshoot network infrastructures effectively, ensuring reliable connectivity, optimal performance, and secure network environments.

  Designing a Network

  Network designing is crucial for system administration as it lays the foundation for reliable and efficient communication across IT infrastructures. A well-designed network ensures optimal performance, scalability, and security, which are essential for maintaining and managing IT systems effectively.

• System Security

  System security is vital for system administrators as it protects critical assets, data, and resources from unauthorized access, breaches, and cyber threats. By implementing robust security measures, system administrators ensure the integrity, confidentiality, and availability of IT systems, minimizing risks and maintaining operational continuity.

  Windows & Linux Firewall

  Windows and Linux firewalls are critical tools for system administrators to enforce network security policies and protect systems from unauthorized access and threats. Firewalls control incoming and outgoing network traffic based on predefined rules, allowing administrators to filter traffic, block malicious connections, and mitigate potential security risks effectively.

  Configuring and managing firewalls on both Windows and Linux systems is essential for enhancing overall system security and safeguarding critical assets and data against cyber threats.

  ProcMon

  ProcMon, or Process Monitor, is a powerful system monitoring utility that captures and displays real-time information about processes, file system activity, registry access, and network connections on Windows systems. This tool is essential for system administrators to troubleshoot application issues, analyze system performance, and identify unauthorized or suspicious activities.

  ProcMon allows system administrators to track and monitor process behaviors, file accesses, and registry changes, providing valuable insights into system activities and potential security threats. By leveraging ProcMon's capabilities, administrators can diagnose complex issues, audit system events, and enhance overall system security and stability.

  Windows Registry

  The Windows Registry is a centralized database that stores configuration settings and system information for Microsoft Windows operating systems. It is a critical component for system administration because it manages settings for hardware, software, user profiles, and system security.

  Understanding the Windows Registry is important for system administrators to perform various tasks such as configuring system settings, troubleshooting issues, optimizing performance, and ensuring system security. Manipulating registry keys and values allows administrators to customize Windows environments, deploy policies, and maintain the stability and integrity of Windows systems.

  Password Management

  Password management software is essential for system administrators to securely store, manage, and access passwords and sensitive credentials used across various systems and applications. This software enhances security by promoting the use of strong, unique passwords and facilitating centralized management of access credentials.

  System administrators rely on password management software to streamline password-related tasks, such as generating complex passwords, securely sharing credentials with team members, enforcing password policies, and auditing password usage. By utilizing password management tools, administrators can mitigate the risks associated with weak or compromised passwords and strengthen overall security posture across IT infrastructures.

  System Activity Reporter

  System Activity Reporter (sar) is a command-line utility on Linux used to collect, report, and analyze system activity metrics over time. It monitors system performance by collecting data on CPU utilization, memory usage, disk activity, network traffic, and other system resources.

  sar is a crucial tool for performance monitoring, capacity planning, and troubleshooting. By analyzing sar reports, administrators can identify performance bottlenecks, diagnose system issues, and optimize resource utilization to ensure optimal system performance and reliability. Sar provides valuable insights into system behavior and helps administrators proactively manage and maintain Linux servers and infrastructure.

• Group Policy Management

  Group Policy Management is a feature in Microsoft Windows that enables system administrators to centrally manage and apply settings and configurations to users and computers within an Active Directory environment.

  It is important because it allows administrators to enforce security policies, manage user preferences, control system behavior, and ensure consistent configurations across the network efficiently and centrally.

  Using GPO to Harden Windows Authentication

  Using Group Policy Objects (GPO) to harden Windows authentication is important for system administrators to enhance security and mitigate the risks associated with unauthorized access and credential theft.

  By leveraging GPO settings, administrators can enforce stronger authentication methods such as multi-factor authentication (MFA), password complexity requirements, account lockout policies, and credential management practices.

  Using GPO to Prevent Unauthorized Connections

  Using Group Policy Objects (GPO) to prevent unauthorized connections is important for system administrators to enhance network security and protect against unauthorized access to resources.

  By leveraging GPO settings, administrators can configure firewall rules, network access controls, and port restrictions to limit access to specific services and resources based on organizational policies.

  Using GPO to Harden Windows Against Exploits

  Using Group Policy Objects (GPO) to harden Windows against exploits is important for system administrators to mitigate the risk of security vulnerabilities and protect systems from exploitation.

  By leveraging GPO settings, administrators can enforce security configurations such as disabling unnecessary services, restricting execution of certain scripts or applications, applying security patches and updates, and configuring Windows Defender settings.

• Network Security and Situational Awareness

  Network security and situational awareness are critical for system administrators to proactively detect, prevent, and respond to security threats and incidents within organizational networks.

  Situational awareness refers to the ability to understand and assess the current state of the network environment, including identifying potential risks, anomalies, or suspicious activities. It allows administrators to make informed decisions and take timely actions to protect network assets and ensure the integrity and availability of network resources.

  GrassMarlin

  GrassMarlin is important for system administrators working in critical infrastructure sectors because it provides visibility into ICS/SCADA networks, allowing administrators to detect anomalies, identify potential cyber threats, and assess network security posture.

  Scanning the Network for Vulnerabilities

  Scanning the network for vulnerabilities is essential for system administrators to identify and address security weaknesses that could be exploited by attackers.

  Nmap

  System administrators use Nmap to perform tasks such as port scanning, service version detection, OS fingerprinting, and vulnerability scanning. This helps administrators identify potential security risks, monitor network health, and proactively manage network security by understanding the network's composition and potential vulnerabilities.

  Monitoring Network Traffic

  By using ELK, administrators can analyze network packets, monitor bandwidth usage, and detect suspicious activities such as unauthorized access or data exfiltration.

• Backup, Recovery, and Troubleshooting

  Backup, recovery, and troubleshooting are essential practices for system administrators to ensure data availability, system resilience, and efficient problem resolution.

  Regular backups help protect against data loss due to hardware failures, human errors, or cyber attacks, while recovery processes enable rapid restoration of systems and services in the event of disruptions.

  Troubleshooting skills are crucial for diagnosing and resolving technical issues, minimizing downtime, and maintaining the operational continuity of IT environments. Implementing robust backup, recovery, and troubleshooting strategies is fundamental for system administrators to safeguard data integrity, optimize system performance, and ensure business continuity.

  Disaster Recovery Plan

  A Disaster Recovery Plan (DRP) is a structured approach that outlines procedures and protocols for recovering IT systems and infrastructure following a disruptive event or disaster. It is important for system administrators as it provides a roadmap to minimize downtime, restore critical services, and mitigate the impact of disruptions on business operations.

  Having a well-defined Disaster Recovery Plan enables organizations to respond effectively to unexpected events, protect data assets, and ensure continuity of operations, ultimately enhancing resilience and minimizing financial and operational losses.

  Recovering Deleted Files

  Recovering deleted files is a critical task for system administrators to restore lost data due to accidental deletion, file corruption, or other data loss scenarios.

  System administrators use specialized recovery tools and techniques to retrieve deleted files from storage devices, such as hard drives or storage servers.

  Backing up Active Directory

  System administrators use backup tools and methods, such as Windows Server Backup or third-party solutions, to create regular backups of AD. These backups are essential for disaster recovery, enabling administrators to restore AD in case of hardware failures, data corruption, or accidental deletions, ensuring continuity of directory services and minimizing downtime.

  Managing Disks

  System administrators use disk management tools to partition disks, format file systems, allocate storage space, and monitor disk health. Proper disk management helps prevent storage issues, such as disk failures or capacity shortages, and ensures efficient data storage and retrieval.

• Inventory Management and Monitoring

  Inventory management and monitoring are important for system administrators to maintain visibility and control over IT assets, devices, and resources within the organization.

  By accurately tracking hardware and software inventory, administrators can ensure compliance, optimize resource utilization, and plan for upgrades or replacements.

  Develop Audit Checklists for Hardware & Software

  Audit checklists enable administrators to verify compliance with organizational policies, identify unauthorized or non-compliant hardware and software, and assess security risks associated with outdated or unapproved applications.

  Develop System Testing Review Checklists

  System testing review checklists help administrators systematically evaluate testing procedures, verify compliance with requirements, and identify potential issues or gaps in testing coverage.

  Develop a BCP/ DRP Review Checklist

  A BCP/DRP review checklist helps administrators ensure that all necessary components of the plans are in place, including emergency procedures, communication protocols, data backup strategies, and recovery processes.

This course teaches the specific Knowledge, Skills, Abilities, and Tasks (KSATs) aligned with the DoD Cyber Workforce Framework (DCWF) as outlined in DoD 8140. By focusing on these critical competencies, the course ensures that you develop the essential capabilities required for various cybersecurity roles within the Department of Defense. This alignment not only guarantees that the training is relevant and comprehensive but also that it prepares you to meet the specific operational needs and standards of the DoD cyber workforce.

• knowledge

  ID	Description
  22	Knowledge of computer networking concepts and protocols, and network security methodologies.
  76	Knowledge of measures or indicators of system performance and availability.
  96	Knowledge of performance tuning tools and techniques.
  99A	Knowledge of principles and methods for integrating system components.
  108	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  344	Knowledge of virtualization technologies and virtual machine development and maintenance.
  986	Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).
  1033	Knowledge of basic system administration, network, and operating system hardening techniques.
  1158	Knowledge of cybersecurity principles.
  1159	Knowledge of cyber threats and vulnerabilities.
  6900	Knowledge of specific operational impacts of cybersecurity lapses.
  6935	Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
  6938	Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.
  70	Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  72	Knowledge of local area and wide area networking principles and concepts including bandwidth management.
  79	Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).
  81A	Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  112A	Knowledge of systems engineering theories, concepts, and methods.
  113	Knowledge of server and client operating systems.
  114A	Knowledge of system/server diagnostic tools and fault identification techniques.
  141	Knowledge of the enterprise information technology (IT) architecture.
  145	Knowledge of the type and frequency of routine maintenance needed to keep equipment functioning properly.
  148	Knowledge of Virtual Private Network (VPN) security.
  287	Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).
  342A	Knowledge of operating system command line/prompt.
  1034C	Knowledge of Personal Health Information (PHI) data security standards.
  1034B	Knowledge of Payment Card Industry (PCI) data security standards.
  1034A	Knowledge of Personally Identifiable Information (PII) data security standards.
  1072	Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  1074A	Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
  127	Knowledge of systems administration concepts.

• skills

  ID	Description
  171A	Skill in correcting physical and technical problems that impact system/server performance.
  211A	Skill in monitoring and optimizing system/server performance.
  216A	Skill in recovering failed systems/servers.
  219A	Skill in operating system administration.
  167A	Skill in conducting system/server planning, management, and maintenance.
  170	Skill in configuring and optimizing software.
  194	Skill in diagnosing connectivity problems.
  195A	Skill in troubleshooting failed system components (i.e., servers)
  202A	Skill in identifying and anticipating system/server performance, availability, capacity, or configuration problems.
  206A	Skill in installing system and component upgrades.
  209	Skill in maintaining directory services.
  386	Skill in using virtual machines.
  892	Skill in configuring and utilizing software-based computer protection tools (e.g., software firewalls, anti-virus software, anti-spyware).
  6590	Skill in interfacing with customers.
  6942	Skill in designing or implementing cloud computing deployment models.
  6945	Skill in migrating workloads to, from, and among the different cloud computing service models.

• abilities

  ID	Description
  6918	Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.
  6919	Ability to determine the best cloud deployment model for the appropriate operating environment.

• tasks

  ID	Description
  452	Conduct functional and connectivity testing to ensure continuing operability.
  518	Develop and document systems administration standard operating procedures.
  518A	Comply with organization systems administration standard operating procedures.
  521A	Implement and enforce local network usage policies and procedures.
  683	Maintain baseline system security according to organizational policies.
  695	Manage accounts, network rights, and access to systems and equipment.
  701A	Manage system/server resources including performance, capacity, availability, serviceability, and recoverability.
  713A	Monitor and maintain system/server configuration.
  781	Plan, execute, and verify data redundancy and system recovery procedures.
  835A	Troubleshoot hardware/software interface and interoperability problems.
  1153A	Install, update, and troubleshoot systems/servers.
  456A	Conduct periodic system maintenance including cleaning (both physically and electronically), disk checks, routine reboots, data dumps, and testing.
  499	Design group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs.
  572	Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
  728A	Oversee installation, implementation, configuration, and support of system components.
  811	Provide ongoing optimization and problem solving support.