You need to choose a secure authentication method

You are the network administrator for your company. The network consists of a single Active Directory domain. The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional, and they are not members of the domain.

The remote users’ client computers have local Internet access through an ISP. The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server, and the remote users will use it to connect to the company network.

Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server. You need to choose a secure authentication method.

What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional, and they are not members of the domain.

The remote users’ client computers have local Internet access through an ISP. The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server, and the remote users will use it to connect to the company network.

Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server. You need to choose a secure authentication method.

What should you do?

A.
Create a custom IPSec policy and use certificate-based authentication.

B.
Use the authentication method of the Routing and Remote Access custom IPSec policy for L2TP connection.

C.
Use the authentication method of the default IPSec policies.

D.
Create a custom IPSec policy and use preshared key authentication.

E.
Create a custom IPSec policy and use the Kerberos version 5 authentication protocol.

Explanation:
The security of a VPN is based on the tunneling and authentication protocols that you use and the

“A Composite Solution With Just One Click” – Certification Guaranteed 69 Microsoft 70-293 Exam

level of encryption that you apply to VPN connections. For the highest level of security, use a remote access VPN based on L2TP/IPSec with certificate-based IPSec authentication and Triple- DES for encryption. If you decide to use a PPTP-based VPN solution to reduce costs and improve manageability and interoperability, use Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) as the authentication protocol. Tunneling and authentication protocols, and the encryption levels applied to VPN connections, determine VPN security. L2TP/IPSec provides the highest level of security. For a VPN design, determine which VPN protocol best meets your requirements. Windows Server 2003 supports two VPN protocols: Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol with Internet Protocol security (L2TP/IPSec).

Reference:

Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp.
5: 8-10



Leave a Reply 0

Your email address will not be published. Required fields are marked *