You are the systems engineer for your company. The network consists of three physical networks connected by hardware-based routers. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Each physical network contains at least one domain controller and at least one DNS server. One physical network contains a Microsoft Internet Security and Acceleration (ISA) Server array that provides Internet access for the entire company. The network also contains a certificate server.
Company management wants to ensure that all data is encrypted on the network and that all computers transmitting data on the network are authenticated. You decide to implement IPSec on all computers on the network. You edit the Default Domain Policy Group Policy object (GPO) to apply the Secure Server (Require Security) IPSec policy.
Users immediately report that they cannot access resources located in remote networks. You investigate and discover that all packets are being dropped by the routers. You also discover that Active Directory replication is not functioning between domain controllers in different networks. You need to revise your design and implementation to allow computers to communicate across the entire network. You also need to ensure that the authentication keys are stored encrypted.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A.
Reconfigure the GPOs to require a preshared key for IPSec authentication.
B.
Reconfigure the GPOs to require a certificate for IPSec authentication.
C.
Configure the routers to use IPSec and a preshared key for authentication.
D.
Configure the routers to use IPSec and a certificate for authentication.
E.
Configure the routers to use IPSec and Kerberos for authentication
Explanation:
“A Composite Solution With Just One Click” – Certification Guaranteed 113 Microsoft 70-293 ExamIPSec allows encryption of data across the network.
Certificates are digital documents that are commonly used for authentication and to secure information on open networks. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing certificate authority (CA), and they can be issued for a user, a computer, or a service. Group policies are used in Active Directory to configure auto-enrollment. In Computer Configuration | Windows Settings | Security Settings | Public Key Policies, there is a group policy entitled Automatic Certificate Request Settings. The property sheet for this policy enables you to choose to either Enroll certificates automatically or not. Also, you will need to ensure that the Enroll subject option is selected on the Request Handling tab of the certificate template property sheet without requiring any user input.Reference:
Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder , and Dr. Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructur* Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA, Chapter 10, pp. 763.