Securing Windows Server 2016 — Question 66

Your network contains an Active Directory domain named contoso.com.
The network contains a server named Server1. Server1 is in a workgroup. Server1 contains sensitive data and will be accessed by a domain-joined computer named Computer1.
You need to create connection security rules to encrypt the data sent between Server1 and Computer1.
You need to identify which authentication method to use for the connection security rules. The solution must use the most secure method possible.
Which authentication method should you identify?

Answer options

• A. Kerberos V5
• B. a computer certificate
• C. a preshared key
• D. NTLMv2

Correct answer: A

Explanation

Kerberos V5 is the most secure authentication method available for this scenario as it utilizes strong encryption and mutual authentication. In contrast, a computer certificate is secure but requires a Public Key Infrastructure (PKI) setup, while a preshared key lacks the robustness of Kerberos and is less secure. NTLMv2, although improved over its predecessors, still does not match the security level provided by Kerberos V5.