ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-744 All Questions

View all questions & answers for the 70-744 exam
Go to Exam

Exam 70-744 topic 1 question 174 discussion

Actual exam question from Microsoft's 70-744
Question #: 174
Topic #: 1
[All 70-744 Questions]

Your network contains an Active Directory domain named contoso.com.
The network contains a server named Server1. Server1 is in a workgroup. Server1 contains sensitive data and will be accessed by a domain-joined computer named Computer1.
You need to create connection security rules to encrypt the data sent between Server1 and Computer1.
You need to identify which authentication method to use for the connection security rules. The solution must use the most secure method possible.
Which authentication method should you identify?

  • A. Kerberos V5
  • B. a computer certificate
  • C. a preshared key
  • D. NTLMv2
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
References:
https://www.sciencedirect.com/topics/computer-science/connection-security-rule https://blogs.msdn.microsoft.com/james_morey/2005/06/20/ipsec-and-certificate-authentication/
by Gwenting at April 28, 2020, 4:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Gwenting
Highly Voted 5 years, 2 months ago
Server1 is in a workgroup Kerberos V5 would not work. Therefore the most secure method would be B a computer certificate.
upvoted 15 times
...
shifaneesa
Most Recent 4 years, 5 months ago
You can choose Computer to use Kerberos v5 and restrict communications to connections from domain-joined computers only.
upvoted 1 times
...
rodobew
4 years, 6 months ago
what are you all on about? Of course Kerberos will work if it's configured properly. Even Linux machines can use Kerberos to authenticate to AD if needed. The given answer is correct.
upvoted 1 times
Yebubbleman
4 years, 5 months ago
Server1, being the target here, is not a member of AD, so your point would appear to be moot.
upvoted 1 times
...
...
SamsOtro
4 years, 6 months ago
Agree with - B. a computer certificate
upvoted 1 times
...
Flacky_Penguin32
4 years, 6 months ago
I concur, B is the answer, since one desktop is in a workgroup and not domain joined it can't participate in Kerberos which is used by Active Directory.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel