The ABC.com network consists of a single Active Directory domain named ABC.com. ABC.com
has its headquarters in Chicago and several branch offices at various locations throughout the
country. All servers on the ABC.com network run Windows Server 2003.
You are in the process of configuring a VPN connection between the Chicago office and a branch
office in Dallas using Windows Server 2003 computers running Routing and Remote Access
(RRAS).
A ABC.com written security policy states that the requirements below must be met:
Data transmitted over the VPN must be encrypted with end to end encryption.
The VPN connection authentication should be at the computer level rather than at user level and
with no credential information transmitted over the internet.
How should you configure the VPN? Choose two.
A.
Use a PPTP connection.
B.
Use EAP-TLS authentication.
C.
Use a PPP connection.
D.
Use MS-CHAP v2 authentication.
E.
Use MS-CHAP authentication.
F.
Use PAP authentication.
G.
Use an L2TP/IPSec connection.
Explanation:
For computer level authentication, we must use L2TP/IPSec connections. To
establish an IPSec security association, the VPN client and the VPN server use the Internet Key
Exchange (IKE) protocol to exchange either computer certificates or a preshared key. In either
case, the VPN client and server authenticate each other at the computer level. Computer
certificate authentication is highly recommended, as it is a much stronger authentication method.
Computer-level authentication is only done for L2TP/IPSec connections.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, Implementing,
Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training
System, Syngress Publishing Inc., Rockland, 2003, pp. 591, 594-595