An administrator is setting up a Windows terminal server. Which of the following settings should the administrator modify to increase server security? (Choose two.)
A.
Change the default access port
B.
Enforce password complexity
C.
Put the terminal server into the router's DMZ
D.
Disable logon time restrictions
E.
Block all unused ports on the LAN smart switch
F.
Use the local client certificate for server authentication
AB is correct.
(A) security by obscurity, used with SSH server to change port from 22 to 2022 for example.
(B) complexity hardens against brute force attacks against server.
(C) router DMZ is used in a home network not enterprise. DMZ makes the LAN more secure.
(D) this makes penetration available 24/7.
(E) Disabling (not block) ports makes network more secure & is a Cisco concept.
(F) this makes it harder to RDP to LAN devices & doesn't protect server.
Why is this B and F? This is my reasoning...Option A is like changing the location of the door to your clubhouse. It might confuse some people at first, but if someone really wanted to find it, they could look around and find the door. Option F is like giving a special secret handshake to your friends. Only the friends who know this secret handshake can enter the clubhouse. This way, even if someone finds the door, they can’t get in unless they know the secret handshake. So, using the secret handshake (Option F) is a better way to keep your clubhouse safe than just moving the door (Option A). It’s a stronger way to make sure only your friends can get in.
Answer C is definitely wrong .The DMZ network itself is not safe. It enables hosts and systems stored within it to be accessible from untrusted external networks, such as the internet, while keeping other hosts and systems on private networks isolated.
Answer is A & B. Question asks to increase security on the SERVER.
C - DMZ is definitely not going to increase security of a server.
D - Obvious.
E - Nothing states anything refering to using a LAN smart switch.
F - Will not increase security.
A & B are the only logical answers that will increase security on a SERVER.
I fail to see how C and E go together.
If you were going to move the server into the DMZ you would also want to change the default access port to cut down on brute force attempts (A and C)
However we don't know what the intention of this server is, it may only be hosting an internal application, in which case there's no way you would want it in the DMZ. Also frankly if you needed external access to this server a more secure option would be to have a vpn concentrator in your DMZ and the server in the internal network.
I'm tempted to go with B and E just because C F and D would all seem to DECREASE security and there's little need to change a default port on an internal server.
its a terminal server remember. so it would be for a bunch of thin clients in a public space. so people would not have to log on. putting the terminal server on the DMZ would make sense becuase then the public doesnt have the abilty to access anything on the main servers, and blocking all unused ports would mean even less ways of 'getting in' so to speak. this question confused the hell out of me until i reread it 100 times and noticed it said 'terminal'.
I agree with kbarx11
Microsoft Windows Terminal Server is a core component of Windows Desktop products and Microsoft Windows Server that allows remote computers to connect to a Windows operating system computer using a remote terminal sessio
upvoted 2 times
...
...
...
This section is not available anymore. Please use the main Exam Page.220-1002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
clmxr16
3 months, 1 week agoNSA_Poker
1 year, 1 month agoc22e828
1 year, 3 months agoTurbowet
2 years, 11 months agosbubba
3 years, 2 months agoropea
1 year, 7 months agokingwillowdon
1 year, 7 months agoRobJob
3 years, 2 months agoMichael_Austin
3 years, 3 months agouser54321
3 years, 8 months agoJE39
3 years, 10 months agokbarx11
3 years, 10 months agopauliwog
2 years, 11 months ago