"Increasing Server Security: Windows Terminal Server"
Question
An administrator is setting up a Windows terminal server.
Which of the following settings should the administrator modify to increase server security? (Choose two.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.CE.
The correct answers to this question are A. Change the default access port and B. Enforce password complexity.
Explanation: A. Change the default access port: By default, Windows Terminal Server uses port 3389 for remote connections. Changing the default access port to a non-standard port can help prevent unauthorized access attempts and improve server security.
B. Enforce password complexity: Strong password policies can help prevent brute-force attacks and unauthorized access to the server. Password complexity policies should include requirements for minimum password length, use of special characters, uppercase and lowercase letters, and numeric characters.
C. Put the terminal server into the router's DMZ: This option is not recommended because it exposes the server to the public internet and increases the risk of attack.
D. Disable logon time restrictions: This option is also not recommended because it can increase the risk of unauthorized access to the server.
E. Block all unused ports on the LAN smart switch: While blocking unused ports can help prevent unauthorized access to the network, it does not directly increase the security of the Windows Terminal Server.
F. Use the local client certificate for server authentication: While this option can improve server security, it is not directly related to the configuration of the Windows Terminal Server. Server authentication certificates are typically used to secure web-based services, not remote desktop connections.
Therefore, the most appropriate options to improve the security of the Windows Terminal Server are changing the default access port and enforcing password complexity policies.
