Correct Answer:
Explanation/Reference:
Note:
A connection security rule forces two peer computers to authenticate before they can establish a connection and to secure information transmitted between the two computers. Windows Firewall with Advanced Security uses IPsec to enforce these rules.
To create a connection security rule
1. In Windows Firewall with Advanced Security, in the console tree, click Connection Security Rules.
2. In the Actions list, click New Rule.
The Rule Type page, shown in the Figure below, allows you to select the type of rule you want to create. Select a type, and use the wizard to configure the new rule according to the information in the following sections.
Isolation
An isolation rule isolates computers by restricting inbound connections based on credentials, such as domain membership or compliance with policies that define the required software and system configurations. Isolation rules allow you to implement a server or domain isolation strategy. When you create an isolation rule, you will see the following wizard pages:
* Requirements. You can choose when authentication is required:
/Request authentication for inbound and outbound connections
/Require authentication for inbound connections and request authentication for outbound connections
/Require authentication for inbound and outbound connections
*Authentication Method. You can select from the following authentication methods:
Default. This selection uses the current computer default selections specified on the IPsec Settings tab of the Windows Firewall Properties page. Computer and user (Kerberos V5). This method uses both computer- and user-based Kerberos V5 authentication to restrict connections to domain- joined users and computers. User authentication, and therefore this method, is compatible only with computers running Windows Vista and later.
Computer (Kerberos V5). This method uses Kerberos V5 authentication to restrict connections to domain-joined computers. This method is compatible with computers running Windows 2000 or later.
Advanced. This setting allows you to designate multiple authentication methods, such as computer certificate, NTLMv2, and preshared key.
* Profile. Choose the profiles (Domain, Public, and Private) to which the rule applies.
* Name. Name the rule and type an optional description.
Reference: Creating Connection Security Rules
http://technet.microsoft.com/en-us/library/cc772017.aspx