The company consists of an Active Directory domain called ABC.com. All servers on the corporate
network run Windows Server 2003.
The network contains a server that runs Internet Authentication Service (IAS) called ABC-SR01.
ABC-SR01also runs the Routing and Remote Access service to provide VPN access to the
network for external users. During routine monitoring you discover that an external unauthorized
user is trying to access the network through ABC-SR01.
How would you set up ABC-SR01 to log the IP addresses of the remote computers when they
attempt to connect to the network using the VPN connection?
A.
Log the details of the access attempts by the VPN users by using IAS to configure the
Authentication requests option enabled in the Remote Access Logging.
B.
Log the details of the access attempts by the VPN users by configuring the Routing and
Remote Access service to log all IPSec connections.
C.
Log the details of the access attempts by the VPN users by enabling auditing of TCP/IP.sys.
D.
Log the details of the access attempts by the VPN users by enabling auditing of all Account
Logon events on a domain controller.
Explanation:
Internet Authentication Service for Windows Server allows you to configure Remote
access logging, which consists of the types of events to be logged, the log file format, and log filesettings. Remote access logging in the Internet Authentication Service administrative tool is used
to configure log file settings. To access the properties for local logging, click Remote Access
Logging, right-click Local File, and then click Properties.
You can Enable or disable the logging of authentication requests in the IAS log file to log the
details of access attempts by VPN users. This setting is not enabled by default
Reference: IAS Configuration/ Remote Access Logging
http://technet.microsoft.com/en-us/library/bb742384.aspx