What configurations can increase the security of a Windows terminal server? (Choose two.)

Choosing configurations that enhance the security of a Windows terminal server involves understanding how each option mitigates risks.

One of the viable choices is to enforce password complexity. This strategy is essential because strong passwords significantly decrease the likelihood of unauthorized access. By requiring a mix of character types, such as uppercase letters, lowercase letters, numbers, and symbols, it makes brute-force attacks much more difficult for would-be intruders. This directly improves security, ensuring that user accounts have better protection against common attack vectors.

Another effective security measure is to change the default access port. Default ports are commonly known and are often targeted by attackers looking to exploit services running on those ports. Using a non-standard port for remote desktop connections can obscure the services, reducing the risk of automated attacks. This type of configuration helps to secure the server by making it harder for malicious entities to find and exploit it.

On the other hand, placing the terminal server into the router's DMZ is generally not a favorable security practice. The DMZ, or demilitarized zone, is designed to host services that are accessible from untrusted networks, which provides an extra layer of security for other internal resources. However, positioning a terminal server—especially one that handles sensitive information or critical operations—