You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains a Windows Server 2003 computer named Server1 that is located in an organizational unit (OU) named Servers. Server1 contains confidential data, and all network communications with Server1 must be encrypted by using IPSec.

The default Client (Respond Only) IPSec policy is enabled in the Default Domain Policy Group Policy object (GPO). You create a new GPO and link it to the Servers OU. You configure the new GPO by creating and enabling a custom IPSec policy. You monitor and discover that network communications with Server1 are not being encrypted.

You need to view all IPSec policies that are being applied to Server1.

What should you do?

A.
Use IP Security Monitor to view the Active Policy for Server1.

B.
Use Local Security Policy to view the Security Options for Server1.

C.
Use Local Security Policy to view the IP Security Policies on Local Computer for Server1.

D.
Use Resultant Set of Policy (RSoP) to run an RSoP planning mode query to view the Security Options for Server1.

E.
Use Resultant Set of Policy (RSoP) to run an RSoP logging mode query to view the IP Security Policies on Local Computer for Server1.

F.
Use IP Security Monitor to view the IKE Policies for Server1.

Explanation:
You can use RSoP to view all the effective group policy settings for a computer or user, including the IPSec policies. To use RSoP, you must first load the snap-in into an MMC console, and then perform a query on a specific computer (select Generate RSoP Data from the Action menu), specifying the information you want to gather. The result is a display of the group policy settings that the selected computer is using.

You can run an RSoP logging mode query to view all of the IPSec policies that are assigned to an IPSec client. The query results display the precedence of each IPSec policy assignment, so that you can quickly determine which IPSec policies are assigned but are not being applied and which IPSec policy is being applied.
When you run a logging mode query, RSoP retrieves policy information from the WMI repository on the target computer, and then displays this information in the RSoP console. In this way, RSoP provides a view of the policy settings that are being applied to a computer at a given time.

Reference:

Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, Chapter 12

Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr. Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructur* Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA, Chapter 10, pp. 768