You are working as the administrator at ABC.com. The ABC.com network consists of a single
Active Directory domain named ABC.com. The ABC.com network contains a DMZ that contains a
two-node Network Load Balancing cluster, which is located in a data centre that is physically
impenetrable to unauthorized persons.
The cluster servers run Windows Server 2003 Web Edition and host an e-commerce website. The
NLB cluster uses a virtual IP address that can be accessed from the Internet.
What can you do to mitigate the clusters most obvious security vulnerability?
A.
Configure the cluster to require IPSec.
B.
Configure the network cards to use packet filtering on all inbound traffic to the cluster.
C.
Use EFS on the server hard disks.
D.
Configure intrusion detection the servers on the DMZ.
E.
Configure Mac addressing on the servers in the DMZ.
Explanation:
The most sensitive element in this case is the network card that uses an Internet-addressable virtual IP address. The question doesnt mention a firewall implementation or an
intrusion detection system (Usually Hardware). Therefore, we should set up packet filtering.
You can configure packet filtering to accept or deny specific types of packets. Packet headers are
examined for source and destination addresses, TCP and UDP port numbers, and other
information.
Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft
Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 7:
5