CISSP-ISSAP · Question #219
In your office, you are building a new wireless network that contains Windows 2003 servers. To establish a network for secure communication, you have to implement IPSec security policy on the servers.
The correct answer is B. Kerberos C. Preshared keys D. Digital certificates. IPSec in Windows Server 2003 supports exactly three configurable authentication methods in its Security Policy: Kerberos (B), Preshared Keys (C), and Digital Certificates (D). Kerberos is the default method for Windows domain environments, leveraging Active Directory for mutual a
Question
In your office, you are building a new wireless network that contains Windows 2003 servers. To establish a network for secure communication, you have to implement IPSec security policy on the servers. What authentication methods can you use for this implementation? Each correct answer represents a complete solution. Choose all that apply. (ISC)2 CISSP-ISSAP Exam
Options
- APublic-key cryptography
- BKerberos
- CPreshared keys
- DDigital certificates
How the community answered
(51 responses)- A24% (12)
- B76% (39)
Explanation
IPSec in Windows Server 2003 supports exactly three configurable authentication methods in its Security Policy: Kerberos (B), Preshared Keys (C), and Digital Certificates (D). Kerberos is the default method for Windows domain environments, leveraging Active Directory for mutual authentication. Preshared keys use a shared secret configured identically on both endpoints - simple but less scalable. Digital certificates use X.509 certificates issued by a trusted CA, making them the strongest and most scalable option.
Option A (Public-key cryptography) is wrong because it's an underlying cryptographic concept, not a discrete, selectable authentication method within Windows 2003's IPSec policy interface - even though digital certificates use public-key cryptography internally. The question asks what you can configure, not what runs under the hood.
Memory tip: Think of the three Windows IPSec auth methods as "K-P-C" - Keys (Preshared), Certificates (Digital), and Kerberos - matching the three options you actually see in the IPSec Security Policy wizard. If an answer choice names a cryptographic primitive (like "public-key cryptography") rather than a specific mechanism, it's likely a distractor.
Topics
Community Discussion
No community discussion yet for this question.