5.4 Flashcards
A group of telecommuting employees has been granted approval by upper management to use VPN internet
access between the hours of 8:00 AM and 5:00 PM. No other employees will be allowed remote access to the
network. The telecommuting employee computers are running Windows 8.
You create an Active Directory group named TeleCommute and place all telecommuting employee user
accounts into this group. You create a new network policy (named Telecommute Policy) with the following
conditions:
Day and time: 8:00 am to 5:00 pm every day
Windows group membership: TeleCommute group
NAS Port Type: Virtual (VPN)
You configure remote access permissions for all users in the TeleCommute group to allow remote access.
The list of network policies is as follows in the Network Policy Server console:
When you test the remote access connection, no users are allowed to connect to the remote access server.
What should you do?
Move the TeleCommute Policy network policy down in the list.
Configure day and time as a constraint instead of a condition.
Move the TeleCommute Policy network policy up in the list.
Configure the network policy to allow access and ignore Active Directory settings.
Move the TeleCommute Policy network policy up in the list.
You have been assigned to create a remote access strategy for your network. All full-time company
employees should be allowed remote access during any time of the day. In addition, you have some
contractors who are working with the Marketing department who should be allowed access only between 6am
and 6pm.
What should you do?
Move the Contractors Allow policy up in the list.
Remove the constraints from the Contractors Deny Night policy and add a condition for 6pm to 6am.
Remove the constraints from the Contractors Deny Night policy and add a condition for 6pm to 6am.
You manage a network with two locations: New York and Los Angeles. All computers are members of a single
domain named northsim.com.
You have been put in charge of creating a remote access solution, so that sales team members can connect
to both sites using a VPN connection.
On a server in the New York location, you configure a network policy that allows access to VPN users who are
members of the Sales group. You test the connection and find that everything is working properly.
You install a second remote access server in the Los Angeles location. However, when you try to connect
using the VPN connection, the connection is refused, even though you used the same user account that was
able to connect to the server in the New York location.
What should you do?
Configure the server in Los Angeles to forward authentication requests to the server in New York.
Create a GPO with the necessary network policy settings. Link the GPO to an OU that applies to both remote access servers.
Make sure both remote access servers are installed on domain controllers. Configure Active Directory
replication.
Create a network policy on the server in Los Angeles that is similar to the policy on the server in New
York.
Create a network policy on the server in Los Angeles that is similar to the policy on the server in New York.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers
run Windows Server 2012 R2. All the clients run Windows 8. The network consists of several main offices and
branch offices.
A Windows 2012 R2 server installed with the Network Policy and Access Services role acts as the router for
each office. You have been instructed to use NPS to configure IP Filters to control which traffic is passed to
the local network. The filters must be identical at each office. You must achieve this goal using the minimum
amount of administrative effort.
What should you do?
Create a new Group Policy Object that creates rules for the Windows Firewall with Advanced Security
and link the GPO to the domain.
Create a Network Policy Server (NPS) template at one NPS server configured with the appropriate IP Filters, then export the template to the other NPS servers.
Create a new Group Policy Object that creates rules for the Windows Firewall with Advanced Security and link the GPO to the container that contains the NPS server’s computer objects.
Create an NPS policy on each NPS server.
Create a Network Policy Server (NPS) template at one NPS server configured with the appropriate IP Filters, then export the template to the other NPS servers.
You need to configure the properties of the user shown in the image below such that remote access to your
organization’s VPN server is controlled using NPS Network Policy.
What tab would you click on to make this change?
Dial-in
You are configuring a new network policy for temporary employees using the New Network Policy wizard in
the Network Policy Server console.
If the conditions and constraints you configured in the policy are met and the policy grants access to a client,
you want the policy to apply 128-bit MPPE.
What settings category would you use to do this?
Encryption
You are configuring a new network policy for temporary employees using the New Network Policy wizard in
the Network Policy Server console.
If the conditions and constraints you configured in the policy are met and the policy grants access to a client,
you want non-compliant clients to be allowed access only to a restricted network where their system can be
remediated before being granted full network access.
Click the settings category you would use to configure this.
NAP Enforcement