Which three actions should you perform in sequence?

DRAG DROP
You administer desktop computers in your company’s research department. The computers run Windows 8
Enterprise and are members of a workgroup.
A new security policy states that all traffic between computers in the research department must be encrypted
and authenticated.
You need to configure the requested traffic authentication settings by using Windows Firewall with Advanced
Security.
Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list
of actions to the answer area and arrange them in the correct order.)

DRAG DROP
You administer desktop computers in your company’s research department. The computers run Windows 8
Enterprise and are members of a workgroup.
A new security policy states that all traffic between computers in the research department must be encrypted
and authenticated.
You need to configure the requested traffic authentication settings by using Windows Firewall with Advanced
Security.
Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list
of actions to the answer area and arrange them in the correct order.)

Answer: See the explanation

Explanation:
Box 1:

Box 2:

Box 3:

Note:
A connection security rule forces two peer computers to authenticate before they can establish a connection
and to secure information transmitted between the two computers. Windows Firewall with Advanced Security
uses IPsec to enforce these rules.
To create a connection security rule

1. In Windows Firewall with Advanced Security, in the console tree, click Connection Security Rules.
2. In the Actions list, click New Rule.
The Rule Type page, shown in the Figure below, allows you to select the type of rule you want to create. Select
a type, and use the wizard to configure the new rule according to the information in the following sections.

Isolation
An isolation rule isolates computers by restricting inbound connections based on credentials, such as domain
membership or compliance with policies that define the required software and system configurations.
Isolation rules allow you to implement a server or domain isolation strategy. When you create an isolation
rule, you will see the following wizard pages:
* Requirements. You can choose when authentication is required:
/Request authentication for inbound and outbound connections
/Require authentication for inbound connections and request authentication for outbound connections
/Require authentication for inbound and outbound connections
*Authentication Method. You can select from the following authentication methods:
Default. This selection uses the current computer default selections specified on the IPsec Settings tab of the
Windows Firewall Properties page.
Computer and user (Kerberos V5). This method uses both computer- and user-based Kerberos V5
authentication to restrict connections to domain-joined users and computers. User authentication, and
therefore this method, is compatible only with computers running Windows Vista and later.
Computer (Kerberos V5). This method uses Kerberos V5 authentication to restrict connections to domainjoined computers. This method is compatible with computers running Windows 2000 or later.
Advanced. This setting allows you to designate multiple authentication methods, such as computer certificate,
NTLMv2, and preshared key.
* Profile. Choose the profiles (Domain, Public, and Private) to which the rule applies.
* Name. Name the rule and type an optional description.
Reference: Creating Connection Security Rules



Leave a Reply 1

Your email address will not be published. Required fields are marked *


OSA

OSA

Box3 is wrong :”members of a workgroup” means Kerberos and NTLM authentication are not options. Either certificates, or pre-shared key have to be used for authentication. Neither are available as options above. Answers may be missing or not for this question.
Box2 is wrong: IP addresses can not be provided in isolation mode. Server-to-server and custom provide IP addresses entry. Box2 should be “server-to-server”