You are the network administrator for a large electronics company, - ProProfs Discuss
Topics
Products
Follow Us:

You are the network administrator for a large electronics company, which is a division of Verigon Incorporated. The network contains only Windows Server 2003 and Windows XP Professional computers in a single Active Directory domain named verigonelec.com. Several companies purchase your products for resale. These companies connect to your network over a VPN using Windows XP Professional computers that are not members of your domain and need access to a Windows Server 2003 file server named FS1. To protect confidential data, you have implemented the Secure Server IPSec policy on all servers and the Client IPSec policy on all client computers. The computers owned by the purchasers have had the Client IPSec policy applied. However, you have noticed that the purchaser connections are not encrypted. You must ensure that the purchaser connections are encrypted without compromising your domain security. What should you do?



A. Change the IPSec policy on FS1 to Server.
B. Add the purchaser computers to the verigonelec.com domain.
C. Configure FS1 and the purchaser computers to use Kerberos authentication.
D. Create a trust between the verigonelec.com domain and the purchaser domains.
E. Implement a certificate authority (CA) and configure FS1 and the purchaser computers to use certificates.

This question is part of

Microsoft 70-291 Practice Exam
Asked by Elvin, Last updated: Jun 18, 2020

+ Answer
Request

1 Answer

John Smith

John Smith

Answered Sep 08, 2016

Change the ipsec policy on fs1 to server.-2. implement a certificate authority (ca) and configure fs1 and the purchaser computers to use certificates. -explanation: you should implement a certificate authority (ca) and configure fs1 and the purchaser computers to use certificates. this option has the least possibility of causing security risks. with the current configuration, kerberos authentication is used, which only works if all computers involved are part of the same active directory forest. you should not change the ipsec policy on fs1 to server. doing so could possibly permit unencrypted traffic to fs1. you should not add the purchaser computers to the verigonelec.com domain. this option can possibly cause security risks because the purchaser computers would have direct access to your network. you should not configure fs1 and the purchaser computers to use kerberos authentication. kerberos authentication only works if the computers involved are part of the same active directory forest. you should not create a trust between the verigonelec.com domain and the purchaser domains. this option can possibly cause security risks because the purchaser computers could have direct access to your network.
 

Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer

Email Sent
We have sent an email to your address "" with instructions to reset your password.