4.3.6 Firewalls
You need to configure Windows Firewall with Advanced Security to allow traffic for an application that dynamically opens up multiple ports on an as-needed basis. What should you do?
Add a program rule.
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. You have enabled outbound filtering for public networks in the Windows firewall with Advanced Security node of a Group Policy that applies to member servers. A member server named APP1 is being configured to host a custom web application named Application 1 that must contact a source server located on the Internet using port 735. After installing Application 1 on APP1, you discover that it is unable to contact the source server. You need to enable APP1 to contact the source server on the Internet. What should you do?
Configure a custom outbound rule.
You are in charge of managing several servers. Your company requires many custom firewall rules in Windows Firewall with Advanced Security. What should you do?
Configure firewall settings in Group Policy. Apply the GPO so that it applies to all applicable servers.
You run a custom application on a Windows server. You want to configure the firewall to allow the application to use a specific port but restrict access to only Wrk1 and Wrk2. How can you make the change using the least amount of effort possible?
In Windows Firewall with Advanced Security, add an inbound rule. Require only secure connections for the rule and add the computers to the list of authorized computers.
You run a custom application on a Windows server. You want to configure the firewall to allow the application to use a specific port but restrict access to specific users. How can you make the change using the least amount of effort possible?
In Windows Firewall with Advanced Security, add an inbound rule. Require only secure connections for the rule, and add the users to the list of authorized users.
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. Westsim.com often hosts business meetings for its partners and contractors at the New York office. During these meetings, personal laptops belonging to the contractors, partners, and some employees are connected to the company network. A server named FS1, which is located in the New York office, contains data related to confidential research. Management is concerned about the security of this data. You need to ensure that only those computers that are members of the westsim.com domain are allowed to connect to FS1, and only when logged on with a valid user account in the westsim.com domain. You must provide the highest level of security possible to the data located on FS1 to protect it from being compromised by unknown resources connected to the company network. What should you do?
In Windows Firewall with Advanced Security, create a new Isolation Connection Security Rule and require authentication for inbound and outbound connections.
You are the network administrator for westsim.com, and you manage a server named Web1 that is running the Web Server (IIS) role and hosting an internal company website. The website has no internal security. Westsim.com hires a group of contractors to perform maintenance on the network. The contractors will have Active Directory user accounts and be connected to the internal network using domain-joined workstations. The user accounts created for the contractors will be members of the Domain Admins and Domain Users global groups and a new global group named TechContractors. Management wants you to prevent contractors from accessing the internal company website for the duration of the project. The contractors may need to connect to Web1 using the Remote Desktop Client to perform maintenance. How can you ensure that contractors cannot access the internal company website on Web1 using the least amount of administrative effort?
On Web1, you should create a custom inbound firewall rule that allows HTTP traffic to Web1 from Domain Users. Add the TechContractors group as an exception to the rule.
You are the network administrator for westsim.com, and you manage a server named App1 that is running an application that uses a service named Custom App Service. This service is required to contact an internal database running on a server named SQL1. After installing the application, you determine that Custom App Service is not able to contact SQL1. You need to enable the Custom App Service to contact SQL1. What should you do?
You should create a custom rule using Windows Firewall with Advanced Security.