Microsoft 70-411 Exam – Q87

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys.

What should you modify? To answer, select the appropriate object in the answer area.
Hot Area:
87a

Correct Answer:
87b

Explanation:
When choosing between PPTP, L2TP/IPsec, SSTP, and IKEv2 remote access VPN solutions, consider the following:

PPTP can be used with a variety of Microsoft clients, including Microsoft Windows® 2000 and later versions of Windows. Unlike L2TP/IPsec and IKEv2, PPTP does not require the use of a public key infrastructure (PKI). By using encryption, PPTP-based VPN connections provide data confidentiality (captured packets cannot be interpreted without the encryption key). PPTP-based VPN connections, however, do not provide data integrity (proof that the data was not modified in transit) or data origin authentication (proof that the data was sent by the authorized user).

L2TP can be used with client computers running Windows 2000 and later versions of Windows. L2TP supports either computer certificates or a preshared key as the authentication method for IPsec. Computer certificate authentication, the recommended authentication method, requires a PKI to issue computer certificates to the VPN server computer and all VPN client computers. By using IPsec, L2TP/IPsec VPN connections provide data confidentiality, data integrity, and data authentication.

Unlike PPTP and SSTP, L2TP/IPsec enables machine authentication at the IPsec layer and user level authentication at the PPP layer.

SSTP can only be used with client computers running Windows Vista Service Pack 1 (SP1), Windows Server 2008, and later versions of Windows. By using SSL, SSTP VPN connections provide data confidentiality, data integrity, and data authentication.

IKEv2 is supported only on computers running Windows 7 and Windows Server 2008 R2. By using IPsec, IKEv2 VPN connections provide data confidentiality, data integrity, and data authentication. IKEv2 supports the latest IPsec encryption algorithms. Because of its support for mobility (MOBIKE), it is much more resilient to changing network connectivity, making it a good choice for mobile users who move between access points and even switch between wired and wireless connections.

https://technet.microsoft.com/en-us/library/dd469817