Advantages of Using NLA with Windows Terminal Services | CCIE Security Exam Answer

Advantages of Using NLA with Windows Terminal Services

Prev Question Next Question

Question

What are two advantages of using NLA with Windows Terminal Services? (Choose two.)

Answers

A. uses SPNEGO and TLS to provide optional double encryption of user credentials

B. forces the use of Kerberos to pass credentials from client to server

C. protects against man-in-the-middle attacks

D. requires clients to present an SSL certificate to verify their authenticity

E. protects servers against DoS attacks by requiring lesser resources for authentication.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

AC.

Network Level Authentication (NLA) is a security feature in Windows Terminal Services that adds an extra layer of authentication before establishing a remote desktop connection. It requires the user to authenticate before a session is established and it prevents unauthorized access by malicious users or programs. Here are the advantages of using NLA with Windows Terminal Services:

A. Uses SPNEGO and TLS to provide optional double encryption of user credentials: SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) is a GSSAPI-based authentication mechanism that provides mutual authentication between a client and a server. TLS (Transport Layer Security) is a protocol that provides secure communication over the internet. NLA uses both SPNEGO and TLS to provide optional double encryption of user credentials. This means that the user's credentials are encrypted twice, making it harder for attackers to intercept and use them.

C. Protects against man-in-the-middle attacks: A man-in-the-middle (MITM) attack is a type of attack where an attacker intercepts communication between two parties to steal information or modify the communication. NLA protects against MITM attacks by using mutual authentication between the client and the server. The client verifies the identity of the server and the server verifies the identity of the client. If the client or server fails to authenticate, the connection is not established.

B, D, and E are incorrect because:

B. Forces the use of Kerberos to pass credentials from client to server: Kerberos is a protocol used for authenticating users and services on a network. NLA does not force the use of Kerberos, but it can be used as one of the authentication methods.

D. Requires clients to present an SSL certificate to verify their authenticity: NLA does not require clients to present an SSL certificate to verify their authenticity. However, it does use TLS to provide secure communication.

E. Protects servers against DoS attacks by requiring lesser resources for authentication: NLA does not protect servers against DoS (Denial of Service) attacks by requiring lesser resources for authentication. However, it does reduce the risk of unauthorized access to the server.

Prev Question Next Question