AZ-801 Question #29: Real Exam Question with Answer & Explanation

Question

You have 10 servers that run Windows Server in a workgroup. You need to configure the servers to encrypt all the network traffic between the servers. The solution must be as secure as possible. Which authentication method should you configure in a connection security rule?

Options

• ANTLMv2
• Bpre-shared key
• CKerberosV5
• Dcomputer certificate

Explanation

For encrypting network traffic between servers in a workgroup with the highest security, computer certificates are the most secure authentication method for IPsec connection security rules. Certificates provide strong, scalable, and non-repudiable authentication without relying on shared secrets or a domain controller.

Common mistakes.

• A. NTLMv2 is an authentication protocol primarily used for user and computer authentication in Windows, but it is less secure and not the recommended or most robust method for authenticating IPsec connections, especially when maximum security is desired.
• B. Pre-shared key (PSK) authentication is simpler but less secure than certificates because the same secret key must be distributed and securely maintained on all servers, which poses a higher risk of compromise if the key is exposed.
• C. KerberosV5 authentication relies on the presence of an Active Directory Domain Controller to issue tickets, making it unsuitable and unusable in a workgroup environment where no domain controller is present.

Concept tested. IPsec authentication methods for workgroups

Reference. learn.microsoft.com/windows/security/threat-protection/windows-firewall/configure-ipsec-authentication

No community discussion yet for this question.