Well Written. As with most books in the vastly underappreciated Syngress series, the writing is a wonderful mixture of clarity and readability. Not that it's a day at the beach, by any stretch (this is a certification book, after all), but the Study Guide walks you with ease through the various issues that are involved in high-level Windows 2000 security. The sections on the political, organizational, and emotional sides of security are particularly worthwhile; you'll learn how IT security strategies must be shaped by the pressures from both upper management and the everyday user to be effective. The chapters on Active Directory planning and EFS are good from a technology standpoint, and illustrate the various approaches that one can take when using these two new Microsoft features.

Challenging. The multiple-choice questions probably are just a shade less difficult than what you'll find on the actual exam; but, to simulate the often complex (and much-feared) "scenario" questions that Microsoft has loved to throw out recently, there are also lab questions at the end of every chapter that give real-world business scenarios and ask you what you'd do to solve them. These questions tend to be rough, particularly near the end of the book, and they should prepare you quite nicely for the exam. The wealth of ExamSim questions also adds value.

Poorly Organized. Unfortunately, the Achilles heel of this book is the fact that, instead of making its own way, it follows the Microsoft test objectives chapter by chapter, which leads to a scattered and disjointed feel. The book skips from topic to topic, repeats certain ideas numerous times over the course of several sections, and brings up important topics only once or twice. For example, instead of detailing the security issues that are involved in, say, remote salesmen having to dial in to a Windows 2000 network all in one place, the Study Guide details the laws, regulations, and personnel issues of remote users in chapter 3; dialup permissions in chapter 4; laptop group policies in chapter 6; EFS hard-drive security strategies in chapter 8; and VPNs, which barely are mentioned until you're all the way through chapter 11. Almost every security issue is split and diced finely throughout the book.

If you already have hands-on experience with security issues, no doubt you'll be able to assemble these disparate topics into a coherent whole. But, if you're new to security and aren't quite sure how things mesh, you could be knocked off balance by a simple question like, "What are the security measures you need to take when hosting a Web site?"

I've been working with Windows 2000 since before it was release; administrating AD, migrating domains, and testing security aspects of it. I am very familiar with subject of the book and it is just poorly presented and explained.