nerdexam
(ISC)2

CISSP-ISSAP · Question #219

In your office, you are building a new wireless network that contains Windows 2003 servers. To establish a network for secure communication, you have to implement IPSec security policy on the servers.

The correct answer is B. Kerberos C. Preshared keys D. Digital certificates. IPSec in Windows Server 2003 supports exactly three configurable authentication methods in its Security Policy: Kerberos (B), Preshared Keys (C), and Digital Certificates (D). Kerberos is the default method for Windows domain environments, leveraging Active Directory for mutual a

Infrastructure Security

Question

In your office, you are building a new wireless network that contains Windows 2003 servers. To establish a network for secure communication, you have to implement IPSec security policy on the servers. What authentication methods can you use for this implementation? Each correct answer represents a complete solution. Choose all that apply. (ISC)2 CISSP-ISSAP Exam

Options

  • APublic-key cryptography
  • BKerberos
  • CPreshared keys
  • DDigital certificates

How the community answered

(51 responses)
  • A
    24% (12)
  • B
    76% (39)

Explanation

IPSec in Windows Server 2003 supports exactly three configurable authentication methods in its Security Policy: Kerberos (B), Preshared Keys (C), and Digital Certificates (D). Kerberos is the default method for Windows domain environments, leveraging Active Directory for mutual authentication. Preshared keys use a shared secret configured identically on both endpoints - simple but less scalable. Digital certificates use X.509 certificates issued by a trusted CA, making them the strongest and most scalable option.

Option A (Public-key cryptography) is wrong because it's an underlying cryptographic concept, not a discrete, selectable authentication method within Windows 2003's IPSec policy interface - even though digital certificates use public-key cryptography internally. The question asks what you can configure, not what runs under the hood.

Memory tip: Think of the three Windows IPSec auth methods as "K-P-C" - Keys (Preshared), Certificates (Digital), and Kerberos - matching the three options you actually see in the IPSec Security Policy wizard. If an answer choice names a cryptographic primitive (like "public-key cryptography") rather than a specific mechanism, it's likely a distractor.

Topics

#IPSec authentication#IKE#Kerberos#Digital certificates

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice