You are the systems engineer for your company. The network consists of three physical networks connected by hardware-based routers. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Each physical network contains at least one domain controller and at least one DNS server. One physical network contains a Microsoft Internet Security and Acceleration (ISA) Server array that provides Internet access for the entire company. The network also contains a certificate server. Company management wants to ensure that all data is encrypted on the network and that all computers transmitting data on the network are authenticated.
You decide to implement IPSec on all computers on the network. You edit the Default Domain Policy Group Policy object (GPO) to apply the Secure Server (Require Security) IPSec policy.
Users immediately report that they cannot access resources located in remote networks. You investigate and discover that all packets are being dropped by the routers. You also discover that Active Directory replication is not functioning between domain controllers in different networks. You need to revise your design and implementation to allow computers to communicate across the entire network. You also need to ensure that the authentication keys are stored encrypted.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

A.
Configure the routers to use IPSec and a preshared key for authentication.

B.
Configure the routers to use IPSec and a certificate for authentication.

C.
Configure the routers to use IPSec and Kerberos for authentication

D.
Reconfigure the GPOs to require a preshared key for IPSec authentication.

E.
Reconfigure the GPOs to require a certificate for IPSec authentication.