What should you do?

Correct Answer for the following Question is given below

Your company has a single Active Directory domain. All servers run Windows Server 2008 R2. You install an iSCSI storage area network (SAN) for a group of file servers.Corporate security policy requires that all data communication to and from the iSCSI SAN must be as secure as possible.You need to implement the highest security available for communications to and from the iSCSI SAN.What should you do?SecurityMicrosoft iSCSI Initiator supports using and configuring Challenge Handshake Authentication Protocol (CHAP) and Internet Protocol security (IPsec). All supported iSCSI HBAs also support CHAP; however, some may not support IPsec.IPsecIPsec is a protocol that provides authentication and data encryption at the IP packet layer. The Internet Key Exchange (IKE) protocol is used between peers to allow the peers to authenticate each other and negotiate the packet encryption and authentication mechanisms to be used for the connection.Because Microsoft iSCSI Initiator uses the Windows TCP/IP stack, it can use all of the functionality that is available in the Windows TCP/IP stack. For authentication, this includes preshared keys, Kerberos protocol, and certificates. Active Directory is used to distribute the IPsec filters to computers running Microsoft iSCSI Initiator. 3DES and HMAC-SHA1 are supported, in addition to tunnel and transport modes.Because iSCSI HBA has a TCP/IP stack embedded in the adapter, the iSCSI HBA can implement IPsec and IKE, so the functionality that is available on the iSCSI HBA may vary. At a minimum, it supports preshared keys and 3DES and HMAC-SHA1. Microsoft iSCSI Initiator has a common API that is used to configure IPsec for Microsoft iSCSI Initiator and iSCSI HBA.Easier Firewall configuration for Windows Server 2008 R2 and Windows 7Allowing the use of an Internet Storage Name Service (iSNS) server through the firewall is possible directly from the iSCSICLI command-line utility. However, you can still controll it through the Windows Firewall with Advanced Security, if desired.To enable iSNS traffic for use with Microsoft iSCSI Initiator Use the following command to enable iSNS traffic through the firewall. This allows you to use an iSNS server with the local Microsoft iSCSI Initiator:iscsicli FirewallExemptiSNSServerSource: http://technet.microsoft.com/en-us/library/ee338480.aspx

Question:

What should you do?

Options:

Create a Group Policy object (GPO) to enable the System objects: Strengthen default permission of internal systems objects setting.

Create a Group Policy object (GPO) to enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting.

Implement IPsec security in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.

Implement mutual Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2) authentication in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.

Correct Answer

The Correct Answer for this Question is

Implement IPsec security in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.

Explanation

The Question – What should you do? has been answered correctly and answers for the question is Implement IPsec security in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.

More about these Exams

These Exam Questions and the order of these questions keep changing. but the answers are obviously same. so if you don’t find a question after another we suggest you search it in the search box and we are sure you’ll find it. you can bookmark this site for Quick access in future.

We hope you found it helpful don’t forget to leave a comment if you feel a need to correct or ask we’re always here to help.

you can find more here at mnccertified

Feel free to contact via comment or email.

Happy Learning

Cheers, Team MNCcertified

Leave a Comment