Your network contains an Active Directory domain named contoso.com. The domain
contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server2 establishes an IPSec connection to Server1.
You need to view which authentication method was used to establish the initial IPSec
connection.
What should you do?

A.
From Windows Firewall with Advanced Security, view the quick mode security
association.

B.
From Event Viewer, search the Application Log for events that have an ID of 1704.

C.
From Event Viewer, search the Security Log for events that have an ID of 4672.

D.
From Windows Firewall with Advanced Security, view the main mode security
association.

Explanation:
Main mode negotiation establishes a secure channel between two computers by determining
a set of cryptographic protection suites, exchanging keying material to establish a shared
secret key, and authenticating computer and user identities. A security association (SA) is
the information maintained about that secure channel on the local computer so that it can
use the information for future network traffic to the remote computer. You can monitor main
mode SAs for information like which peers are currently connected to this computer and
which protection suite was used to form the SA.
References:
http://technet.microsoft.com/en-us/library/dd448497(v=ws.10).aspx