You are the security analyst for your company. The company’s written security policy does not allow direct dial-in connections to the network. During a routine security audit, you discover a Windows Server 2003 server named Server1 that has a modem installed and is connected to an outside analog phone line.
You investigate and discover that Server1 is also running Routing and Remote Access and is used by the sales department. The modem supports the caller ID service. This remote access connection is used by an application at a partner company to upload product and inventory information to Server1. Each day at midnight, the partner application connects to Server1 and uploads the information. The connection never lasts longer than 30 minutes. The application is currently using the sales manager’s domain user account to make the connection. The partner application does not support incoming connections. The partner company has no plans to update this application to support your written security policy, and the sales department requires this updated product and inventory information to be available each morning.
Company management directs you to design a solution that provides the highest level of security for this connection until a more secure solution can be developed by the two companies. You need to design and implement a solution that will ensure that only the partner’s application can connect to your network over the dial-up connection. Your solution must prevent the connection from being used by unauthorized users, and it must allow only the minimum amount of access to the network. Which two actions should you take?
(Each correct answer presents part of the solution. Choose two.)
A.
Create an account named PartnerDialup in the domain, and add this account to the Domain Guests group. Grant this user account permissions for the folder to which the sales information is uploaded.
Direct the partner company to use this account for remote access.
B.
Create an local account named PartnerDialup on Server1, and add this account to the local Users group. Grant this user account permissions for the folder to which the sales information is uploaded.
Direct the partner company to use this account for remote access.
C.
Configure a remote access policy on Server1 that allows the connection for only the specified user account between midnight and 1.00 A.M. Configure the policy to require callback authentication to the partner company’s server.
D.
Configure a remote access policy on Server1 that allows the connection for only the specifed user account between midnight and 1.00 A.M. Configure the policy to allow only the specific calling station identifier of the partner company’s computer.