You are a security administrator for your company. The network consists of two Active Directory domains named tailspintoys.com and wingtiptoys.com. Each domain resides in a separate Active Directory forest and no trust relationships are established.
The Active Directory domains each contain an certification authority (CA) running Windows Server 2003 Certificate Services. These computers are named CA1 and CA2. Each CA belongs to separate and isolated CA hierarchies. Computers trust only the CA in their Active Directory domain. All computers are issued a standard Computer certificate from the CA in their Active Directory domain. Two Windows Server 2003 computers named Server1 and Server2 function as file servers as shown in the exhibit. (Refer to the Exhibit.)
Users from both domains access confidential data on both Server1 and Server2. You decide to implement IPSec to encrypt the file data during transmission. You configure an IPSec policy that uses ertificate-based IPSec authentication on both servers to encrypt file data transmissions. You configure an IPSec policy that uses certificate-based IPSec authentication on the client computers in both Active Directory domains to encrypt file data transmissions to Server1 and Server2. During testing, you notice that client computers use IPSec only when communicating with the file server in the same Active Directory domain.
You need to enable all client computers to use IPSec when communicating with both Server1 and Server2. What should you do?
A.
Enable the Trust Computer for delegation option on Server1 and on Server2.
Add the Active Directory default (Kerberos V5 protocol) authentication method to the IPSec policies used by all computers in both Active Directory domains.
B.
Add the root CA certificates from each public key infrastructure (PKI) to the Trusted Roots Certification Authorities store on all computers in both Active Directory domains.
Add the Use a certificate from this CA authentication method for the root CA certificate to the IPSec policies used by all computers in both Active Directory domains.
C.
Issue each computer in the wingtiptoys.com domain an IPSec certificate from a CA in the tailspintoys.com domain.
Issue each computer in the tailspintoys.com domain an IPSec certificate from a CA in the wingtiptoys.com domain.
D.
Issue each computer in the wingtiptoys.com domain an IPSec certificate from a CA in the wingtiptoys.com domain.
Issue each computer in the tailspintoys.com domain an IPSec certificate from a CA in the tailspintoys.com domain.