You need to comply with the written security policy

You are a network administrator for your company. The company has a main office and one branch office. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The company needs to connect the main office network and the branch office network by using Routing and Remote Access servers at each office. The networks will be connected by a VPN connection over the Internet.

The company’s written security policy includes the following requirements for VPN connections over the Internet. All data must be encrypted with end-to-end encryption. VPN connection authentication must be at the computer level. Credential information must not be transmitted over the Internet as part of the authentication process.

You need to configure security for VPN connection between the main office and the branch office. You need to comply with the written security policy.

What should you do?

You are a network administrator for your company. The company has a main office and one branch office. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The company needs to connect the main office network and the branch office network by using Routing and Remote Access servers at each office. The networks will be connected by a VPN connection over the Internet.

The company’s written security policy includes the following requirements for VPN connections over the Internet. All data must be encrypted with end-to-end encryption. VPN connection authentication must be at the computer level. Credential information must not be transmitted over the Internet as part of the authentication process.

You need to configure security for VPN connection between the main office and the branch office. You need to comply with the written security policy.

What should you do?

A.
Use an L2TP connection with MS-CHAP v2 authentication.

B.
Use a PPTP connection with EAP-TLS authentication.

C.
Use an L2TP connection with EAP-TLS authentication.

D.
Use a PPTP connection with MS-CHAP v2 authentication.

Explanation:
Strictly speaking, this answer is incomplete, because it doesn’t mention IPSec. For computer level authentication, we must use L2TP/IPSec connections. To establish an IPSec security association, the VPN client and the VPN server use the Internet Key Exchange (IKE) protocol to exchange either computer certificates or a preshared key. In either case, the VPN client and server authenticate each other at the computer level. Computer certificate authentication is highly recommended, as it is a much stronger authentication method. Computer-level authentication is only done for L2TP/IPSec connections.

Reference:

“A Composite Solution With Just One Click” – Certification Guaranteed 84 Microsoft 70-293 Exam
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training System, Syngress Publishing Inc., Rockland, 2003, pp. 591, 594-595



Leave a Reply 0

Your email address will not be published. Required fields are marked *