Your network contains an Active Directory domain. The domain contains a member server named Server1.
Server1 has a single network connection.
You need to log every attempt to connect to Server1 on a restricted port. What should you do?
A.
Change the settings of the private firewall profile.
B.
Change the settings of the domain firewall profile.
C.
Modify the properties of the inbound firewall rules.
D.
Modify the properties of the outbound firewall rules.
The correct answer should be B (“Change the settings of the domain firewall profile”)
Since the computer is domain joined and probably connected to the domain network since it is a server, answer A doesn’t apply to the scenario.
Since we are requested to log inbound connections to Server1, answer B doesn’t apply.
Answer C is not correct because there’s no place on the rule definition to enable logging, unless we are required to create a new inbound blocking rule not yet available.
Answer B seems to be the correct one (see http://technet.microsoft.com/en-us/library/cc742433)
Mr.Major u said wrong. u’re understanding this question wrongly. it’s All restriction port if this ques so that came ur answer by domain firewall profile will be correctly. here asked. when u every attempt connect to the server by restictor port.so pls . think.here.we’ll be correct (C)
Dear bis,
If C were the right one, it should enable logging of connection attempt to a restricted (blocked) port. Windows Adv Firewall has logging disabled by default and there is no way to enable it from the firewall rule properties.
On the other hand, if the “restricted port” on the question were not already defined in a rule, the correct answer should be B+C.
In this case, I’m assuming that there is a blocking rule in place (thus the “a restricted port” on the question), so there’s no need to even click on the firewall rule entry. At this point, to enable “logging of every attempt to connect” over that port, I need to enable the “Log dropped packets” option on the Domain Profile settings.
Of course, in the log there will also be entries related to other ports, but the request is to log “every attempt to connect to Server1 on a restricted port” and they will be logged. We are not required to log ONLY packets from the restricted port.
If I were requested to log packets from the bocked port, I would run nmcap.exe.
Regards
you said correctly friend. I accept that.thanks bis
I agree, there is no option to enable logging on inbound rules.
Only on the WFwAS > profile level > Logging > Customize.
AllenVisser is correct. Answer should be B. Change the settings of the Domain profile.