You are the network administrator for a large shoe manufacturer. The network consists of a single Active Directory domain containing Windows Server 2003 computers and Windows XP Professional client computers. You have configured several Group Policy Objects (GPOs) to enforce IPSec for certain types of communications on your network. FileSrv1 provides file services for confidential corporate data. A GPO is supposed to encrypt all communication involving FileSrv1. However, it has recently been discovered that some files have been compromised. Management has asked you to view all IPSec settings applied through GPOs to FileSrv1. You must also be able to determine the GPO to which an active IPSec policy is assigned. Which two tools should you use? (Choose two. Each correct answer presents part of the solution.)
A. Netdiag.exe B. IP Security Monitor console C. IP Security Policy Management console D. Resultant Set of Policy (RSoP) console E. Microsoft Baseline Security Analyzer (MBSA)
Ip security monitor console-2. resultant set of policy (rsop) console-explanation: you should use the ip security monitor console to view all ipsec settings applied through gpos to filesrv1. you should use the resultant set of policy (rsop) console to determine the gpo to which an active ipsec policy is assigned. you should not use netdiag.exe. netdiag.exe can view all ipsec settings applied through gpos to windows xp and 2000 computers and can determine the gpo to which an active ipsec policy is assigned for windows xp and 2000 computers. you should not use the ip security policy management console. the ip security policy management console is used to view all ipsec settings applied through gpos to windows xp computers. you should not use microsoft baseline security analyzer (mbsa). mbsa is a graphical and command-line interface that can perform local or remote scans of windows systems. mbsa uses the hfnetchk tool technology to scan for missing security updates and service packs for windows, ie, iis, sql, exchange, and windows media player. it does not test any ipsec policy settings.