You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008 and all client computers run Windows Vista Service Pack 1.
Some employees of the company use laptop computers and work remotely from home. You have been assigned the task to suggest a data provisioning infrastructure to secure sensitive files on the network from being accessed by unauthorized remote users.
In your plan you need to ensure that the sensitive files must be stored in an encrypted format and must be encrypted while they are transmitted over the Internet. They should however be accessible by remote users over the Internet.
Which of the following options would you choose to accomplish the desired goal?
A.
Deploy a Windows SharePoint Services site that can be accessible to remote users by using a Secure Socket Transmission Protocol (SSTP) connection.
B.
Use Encrypting File System (EFS) to encrypt the folders that store sensitive files. Use Secure Socket Transmission Protocol (SSTP) to allow access to files to remote users.
C.
Configure a Network Policy and Access Server (NPAS) to act as a VPN server. Use IPsec connection to the VPN server to allow access to files to remote users.
D.
Deploy two Windows SharePoint Services sites, one site for internal users and other site for remote users. Publish the SharePoint sites by using HTTPS.
E.
None of the above
Explanation:
To ensure that the sensitive files must be stored in an encrypted format and must be encrypted while they are transmitted over the Internet, you need to store all sensitive files in folders that are encrypted by using Encrypting File System (EFS). Require remote users to access the files by using Secure Socket Transmission Protocol (SSTP).
Microsoft EFS allows users to store confidential information on a computer when people who have physical access to a computer could otherwise compromise that information, intentionally or unintentionally. EFS is especially useful for securing sensitive data on portable computers or on computers shared by several users. Another layer of security is added by encrypting sensitive files by means of EFS.
SSTP is a new kind of Virtual Private Networking (VPN) tunnel that is available in the Routing and Remote Access Server role in Windows Server 2008. SSTP allows for Point-to-Point Protocol (PPP) packets to be encapsulated over HTTP. This allows for a VPN connection to be more easily established through a firewall or through a Network Address Translation (NAT) device. Also, this allows for a VPN connection to be established through an HTTP proxy device.
http://www.securitysoftwarezone.com/vista-and-windows-server-2008-encryption-broken-review968-6.html