An administrator is setting up a Windows terminal server. Which of the following settings should the administrator modify to increase server security? (Select two.)
A. Change the default access port
B. Enforce password complexity
C. Put the terminal server into the router’s DMZ
D. Disable logon time restrictions
E. Block all unused ports on the LAN smart switch
F. Use the local client certificate for server authentication
CompTIA A+ 220-1102 (Core 1) ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
 |
A & C
Not E — Blocking all unused ports on the LAN smart switch would protect the LAN not the server
(A) Change the default access port — [Changing the connection port can provide security. In Registry Editor, navigate to HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Control, Terminal Server, WinStations and RDP-Tcp. Right click on the PortNumber dword and select Modify. Change the base to Decimal and enter a new port between 1025 and 65535 that is not already in use. Click OK and reboot.]
(C) Put the terminal server into the router’s DMZ [Bastion hosts such as terminal servers are instances that sit within a public subnet (DMZ). A terminal server essentially acts as a bridge to your internal network. The front side (facing the clients) enables multiple client systems to connect directly (wired) to a Terminal Server from their RS-232C or RS-423 serial port. The back side of the terminal server connects through network interface cards (NICs) to a local area network. End users connect to the terminal server from the front side by using a remote desktop protocol (RDP) client. The RDP client communicates with the terminal server through a connection port at the server.
https://en.wikipedia.org/wiki/DMZ_(computing)