What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
A server named Server1 is not a member of the domain. All other computers are members of the domain. The network contains an enterprise certification authority (CA). All computers on the network trust the CA. The company’s written security policy states that all network traffic from the computers in the domain to Server1 must be encrypted. Server1 must not be added to the domain. You configure a Group Policy object (GPO) that assigns the predefined IPSec policy named Client (Respond Only). You link the GPO to the domain. You configure Server1 to use the predefined IPSec policy named Secure Server (Require Security). When you test this configuration, you cannot connect to Server1 from the computers in the domain.
You need to implement the written security policy. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
A server named Server1 is not a member of the domain. All other computers are members of the domain. The network contains an enterprise certification authority (CA). All computers on the network trust the CA. The company’s written security policy states that all network traffic from the computers in the domain to Server1 must be encrypted. Server1 must not be added to the domain. You configure a Group Policy object (GPO) that assigns the predefined IPSec policy named Client (Respond Only). You link the GPO to the domain. You configure Server1 to use the predefined IPSec policy named Secure Server (Require Security). When you test this configuration, you cannot connect to Server1 from the computers in the domain.
You need to implement the written security policy. What should you do?

A.
Disable the default exemptions to IPSec filtering on All computers in the domain.

B.
Disable the default response rule in the Client (Respond Only) IPSec policy in the domain.

C.
Configure Server1 so that it uses the predefined IPSec policy named Server (Request Security).

D.
Configure the security options of the local computer policy on Server1 to always digitally sign communications.

E.
Configure the assigned IPSec policies on Server1 and in the domain to use certificate-based authentication.



Leave a Reply 0

Your email address will not be published. Required fields are marked *