5.5 Flashcards
You are in charge of installing a remote access solution for your network. You decide you need a total of four
remote access servers to service all remote clients. Because remote clients might connect to any of the four
servers, you decide that each remote access server must enforce the exact same policies. You anticipate that
the policies will change frequently.
What should you do? (Select two. Each choice is a required part of the solution.)
Configure network policies on the RADIUS server.
Make each remote access server a member of the RemoteServers group.
Configure the exact same network policies on each server.
Configure one of the remote access servers as a RADIUS server, and all other servers as RADIUS clients.
Use Group Policy to configure network policies in the default Domain Controllers GPO.
Configure each remote access server as a domain controller.
Configure network policies on the RADIUS server.
Configure one of the remote access servers as a RADIUS server, and all other servers as RADIUS clients.
You manage the remote access solution for your network. Currently you have two remote access servers,
RA1 and RA2, with an additional server, RA3, configured as a RADIUS server.
You need to configure RA1 and RA2 to forward authentication requests to RA3.
What should you do?
On RA1 and RA2, run the Network Policy Server. Create a Remote RADIUS server group, identifying RA3 as the only member.
On RA1 and RA2, run the Network Policy Server. Create a network policy and specify RA3 as the MS-RAS Vendon
On RA1 and RA2, run the Network Policy Server. Add RA3 as a RADIUS server.
On RA1 and RA2, run Routing and Remote Access. Edit the properties of the server and configure it to use RA3 for authentication.
On RA1 and RA2, run Routing and Remote Access. Edit the properties of the server and configure it to
use RA3 for authentication.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers
run Windows Server 2012 R2. All the clients run Windows 8. There is a single main office located in New York.
The company has deployed Network Access Protection (NAP) on the internal network. A server named NAP1
is configured with the Network Policy and Access Services role. You need to ensure that clients accessing the
computer using wireless access points are authenticated using 802.1x authentication and are evaluated by
NAP.
What should you do?
Configure all wireless access points as RADIUS clients to NAP1.
Create a Network Policy that specifies MS-Chapv2 as the only available authentication method.
Implement Network Access Protection (NAP) using a multi-configuration system health validator (SHV).
Create a Network Policy that specifies EAP-TLS as the only available authentication method.
Configure all wireless access points as RADIUS clients to NAP1.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers
run Windows Server 2012 R2. All the clients run Windows 8. There is one main office located in Chicago. The
main office is protected from the Internet by a perimeter network.
A server named VPN1 located in the perimeter network provides VPN remote access for external clients. A
server named NPSl has the Network Policy Server (NPS) role installed and provides RADIUS services for
VPN1. NPSl is located in the perimeter network and is configured to use Active Directory for authentication
requests. There are three domain controllers on the internal network.
A new company policy requires that the firewall between the internal network and the perimeter network be
configured to allow traffic only between specific IP addresses. The amount of internal servers that can be
contacted from the perimeter network must be kept to a minimum. You need to configure remote access to
minimize the number of servers on the internal network that can be contacted by servers on the perimeter
network. Your solution should not impact the availability of remote access services.
What should you do?
Configure multiple CNAME records in DNS.
Configure the firewall between the internal network and the perimeter network to allow traffic between
NPSl and only one of the internal domain controllers. Communication between NPSl and the other
domain controllers should be blocked.
Configure the firewall between the internal network and the perimeter network to allow only DNS traffic
between NPSl and the internal network.
Move NPSl to the internal network and implement a RADIUS Proxy in the perimeter network.
Move NPSl to the internal network and implement a RADIUS Proxy in the perimeter network.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers
run Windows Server 2012 R2. All the clients run Windows 8.
You need to provide access to remote clients who belong to the Remote group. You install the Network Policy
Server (NPS) on a server named VPN1. You configure VPN1 to act as a VPN server and add all of the user
accounts to the Remote group. You configure a server named RADIUSl with the NPS role. You configure
VPN1 to be a RADIUS client of RADIUSl. You need to configure RADIUSl to process authentication requests
from VPN1.
What should you do?
Configure a RADIUS Proxy.
Adjust the properties on the Dial-in tab of each user account to Allow remote access.
Create a connection request policy.
Add the VPN1 computer account to the local Administrators group on RADIUSl.
Create a connection request policy.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers
run Windows Server 2012 R2. All the clients run Windows 8.
You have a server named VPN1 that is configured to accept VPN connections from remote clients. VPN1 is
configured as a RADIUS client of a server named RADIUSl. Management decides to implement remote access
auditing. You need to track when and how long each user is connected via remote access.
What should you do?
Enable the Audit Object Access policy on VPN1.
Configure logging in the Windows Firewall with Advanced Security on VPN1.
Configure logging in the Windows Firewall with Advanced Security on RADIUSl.
Configure RADIUS accounting on RADIUSl.
Configure RADIUS accounting on RADIUSl.
You manage the remote access solution for your network. Currently, you have 10 remote access servers
named RA1 through RA10. A single RADIUS server named RA11 holds all network policies for all remote
access servers.
Due to some recent changes, you decide to add two more RADIUS servers, RA12 and RA13, to your solution.
Remote access authentication should be directed to either of the three servers so that requests are load
balanced between them.
You add RA14 to configure it as a RADIUS proxy. You configure RA1 through RA10 as RADIUS clients to
RA14. Authentication requests will be received by RA14, then directed to one of the three RADIUS servers.
How should you complete the configuration of RA14? (Select two. Each choice is a required part of the
solution.)
Create three connection request policies.
Create a single RADIUS server group with RA11, RA12, and RA13 as members of the group.
Create three RADIUS server groups. Add RA11 to one group, RA12 to another group, and RA13 to the
last group.
Create a single connection request policy.
Create a single RADIUS server group with RA11, RA12, and RA13 as members of the group.
Create a single connection request policy.
You are in charge of installing a remote access solution for your network. You decide you need a total of four
remote access servers to service all remote clients. Because remote clients might connect to any of the four
servers, you decide that each remote access server must enforce the exact same policies. You anticipate that
the policies will change frequently.
What should you do? (Select two. Each choice is a required part of the solution.)
Configure the exact same network policies on each server.
Make each remote access server a member of the RemoteServers group.
Configure one of the remote access servers as a RADIUS server, and all other servers as RADIUS clients.
Configure network policies on the RADIUS server.
Use Group Policy to configure network policies in the default Domain Controllers GPO.
Configure each remote access server as a domain controller.
Configure one of the remote access servers as a RADIUS server, and all other servers as RADIUS clients.
Configure network policies on the RADIUS server.
Your company has recently added a traveling sales force. To allow salesmen access to the network while
traveling, you install two additional servers. You configure the servers (REM1 and REM2) as remote access
servers to accept incoming connections from remote clients. You configure network access policies on each
server.
The solution is working fine, but you find that you must make constant changes to the remote access policies.
You install the Network Policy and Access Services role on a third server (REM3). You configure network
access policies on REM3.
Following the installation, you verify that all clients can connect to REM1 and REM2. You then delete the
custom network policies on both servers. Now, no clients can make a remote access connection.
What should you do?
Configure REM1 and REM2 as RADIUS clients of REM3.
Configure REM1 and REM2 as RADIUS proxies.
Configure each remote access client as a RADIUS client of REM3.
Configure each remote access client to dial REM3 for authentication.
Configure REM1 and REM2 as RADIUS clients of REM3.
You are configuring Network Policy Server (NPS) for RADIUS.
You‘ve heard that NPS includes a template type that you can use to assign a shared secret when you
configure the RADIUS client and server.
Assuming you are using Windows Server 2012 R2, which command can you use to view a list of available
shared secret templates?
Netsh nps show config
Get-NpsSharedSecretTemplate
Import-NpsConfiguration
Set-NpsRadiusClient
Get-NpsSharedSecretTemplate