nerdexam
GIAC

GSLC · Question #519

GSLC Question #519: Real Exam Question with Answer & Explanation

The correct answer is B. Unassign the IPTEST policy in the EXP Group Policy object.. To stop an IPSec policy from enforcing without permanently removing it, the policy must be unassigned within the GPO rather than deleted, preserving it for future use.

Question

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 Active Directory domain-based network. The domain consists of two Windows 2003 member servers and 500 Windows XP Professional client computers. The member servers are working as file servers. All the member servers are located in an OU named MEMSERV. Mark wants to test IPSec interoperability on the network. For this purpose, he creates a GPO named EXP. In the EXP GPO, he creates an IPSec policy named IPTEST. The IPTEST policy contains a rule that specifies the use of Encapsulating Security Payload (ESP) with null encryption. The IPTEST policy is applied to the member servers by linking the EXP GPO to the MEMSERV OU. After testing the IPSec interoperability, Mark wants to ensure that the member servers no longer use the IPTEST policy. What will he do to accomplish the task?

Options

  • ARun the REMOVEPOL command on all the member servers.
  • BUnassign the IPTEST policy in the EXP Group Policy object.
  • CDelete the IPTEST policy in the EXP Group Policy object.
  • DReset the IPTEST policy in the EXP Group Policy object.

Explanation

To stop an IPSec policy from enforcing without permanently removing it, the policy must be unassigned within the GPO rather than deleted, preserving it for future use.

Common mistakes.

  • A. REMOVEPOL is not a valid Windows command for managing IPSec policies; IPSec policy management is performed through Group Policy or the IP Security Policy Management MMC snap-in.
  • C. Deleting the IPTEST policy would permanently remove it from the GPO, which is destructive and unnecessary since the goal is only to stop enforcement, not to eliminate the policy.
  • D. There is no 'Reset' operation for IPSec policies in Windows Group Policy; this is not a valid administrative action for IPSec policy management.

Concept tested. IPSec policy assignment and deactivation via Group Policy

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice