DRAG DROP
You administer desktop computers in your company’s research department. The computers run
Windows 8 Enterprise and are members of a workgroup. A new security policy states that all traffic
between computers in the research department must be encrypted and authenticated. You need to
configure the requested traffic authentication settings by using Windows Firewall with Advanced
Security. Which three actions should you perform in sequence? (To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.)
Answer: 
Explanation:
Box 1:
Box 2:
Box 3:
Note:
A connection security rule forces two peer computers to authenticate before they can establish a
connection and to secure information transmitted between the two computers. Windows Firewall
with Advanced Security uses IPsec to enforce these rules.
To create a connection security rule
1. In Windows Firewall with Advanced Security, in the console tree, click Connection Security Rules.
2. In the Actions list, click New Rule.
The Rule Type page, shown in the Figure below, allows you to select the type of rule you want to
create. Select a type, and use the wizard to configure the new rule according to the information in
the following sections.
Isolation
An isolation rule isolates computers by restricting inbound connections based on credentials, such as
domain membership or compliance with policies that define the required software and system
configurations. Isolation rules allow you to implement a server or domain isolation strategy. When
you create an isolation rule, you will see the following wizard pages:* Requirements. You can choose when authentication is required:
/Request authentication for inbound and outbound connections
/Require authentication for inbound connections and request authentication for outbound
connections
/Require authentication for inbound and outbound connections
*Authentication Method. You can select from the following authentication methods:
Default. This selection uses the current computer default selections specified on the IPsec Settings
tab of the Windows Firewall Properties page.
Computer and user (Kerberos V5). This method uses both computer- and user-based Kerberos V5
authentication to restrict connections to domain-joined users and computers. User authentication,
and therefore this method, is compatible only with computers running Windows Vista and later.
Computer (Kerberos V5). This method uses Kerberos V5 authentication to restrict connections to
domain-joined computers. This method is compatible with computers running Windows 2000 or
later.
Advanced. This setting allows you to designate multiple authentication methods, such as computer
certificate, NTLMv2, and preshared key.
* Profile. Choose the profiles (Domain, Public, and Private) to which the rule applies.
* Name. Name the rule and type an optional description.
Reference: Creating Connection Security Rules
