Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MCSA 70-411 - Global Knowledge > Implementing Remote Access > Flashcards

Implementing Remote Access Flashcards

1
Q

What are the four techonologies that make up the Server Role called Remote Access?

A
  • Virtual Private Network (VPN)
  • DirectAccess
  • Routing
  • Web Application Proxy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is DirectAccess?

A

DirectAccess enables remote users to securely access corperate resources without having to connect to a VPN. The user does not have to perform any actions DirectAccess automatically establishes a connection to the coperate network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is VPN?

A

VPN - Vrtual Private Network enables users who are working remotely to access a server on your organizations private network. It sends data over a dedicated private link.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Routing?

What are some protocols that is supports?

A

Windows Server 2012 can act as a router or network address translation device between two internal networks or between the internet and the interal network/

Routing Supports:

  • Routing Information Protocol version 2
  • Internet Group Management Protocol (IGMP)
  • Dynamic Host Configuration Protocol (DHCP) Relay Agent
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Web Application Proxy?

A
  • NEW for Windows Server 2012R2

​It provides a reverse proxy for web applications located in an organizations internal network where users that are located on the internet can access internal web apps.

The Web Application Proxy preauthenticates uses by using ADFS (Ative Directory Federation Services) technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can you manager the Remote Access role?

A
  • Remote Access Management Console
  • Routing and Remote Access Console
  • Windows PowerShell
    • Set-DAServer
    • Get-DAServer
    • Set-RemoteAccess
    • Get-RemoteAccess
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. How do you install Remote Access?
  2. Is it a role or feature?
A
  1. How do you install Remote Access?
    • In the Server Manager, Add Roles and Features
    • PowerShell:
      • Step 1: Run Install-WindowsFeature RemoteAccess -IncludeManagementTools
      • Step 2: Select the SubFeature you would like to install
        • This will also install DirectAccess&VPN - Install-WindowsFeature -Name Routing
        • Only Installs DA and VPN: Install-WindowsFeature -Name DirectAccess-VPN
        • Only Installs TheWeb App Proxy: Install-WindowsFeature -Name Web-Applcation-Proxy
  2. Its a Feature
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the two GUI Tools for managing the Remote Access Role?

A
  • The Remote Access Management Console
  • The Routing and Remote Access Console
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What does the Remote Access Management Console allow you to manage?
  2. What options can you configure once the inital configuration for remote access settings are done?
A
  1. What does the Remote Access Management Console allow you to manage?
    • DirectAccess
    • VPN
    • Web Application Proxy
  2. What options can you configure once the inital configuration for remote access settings are done?
    • Configuration
    • Dashboard
    • Operation Status
    • Remote Client Status
    • Reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the following Remote Access Management Console option allow you to do:

  • Configuration
  • Dashboard
  • Operation Status
  • Remote Client Status
  • Reporting
A

The following Remote Access Management Console option allows you to:

  • Configuration
    • Allows you to edit the remote access settings using wizards and by using the grapical representation of the current network configuration in the console
  • Dashboard
    • Monitor the overal statys of servers & clients that are a part of the Remote Access solution
  • Operation Status
    • You can access detailed information on the status of the servers that are a part of the remote access solution
  • Remote Client Status
    • You can access detailed info on the status of the clients that are connecting to the remote access solution
  • Reporting
    • You can generate historical reports on different parameters, such as remote access usage, access details, connection details and server load statistics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What does the Routing and Remote Access Console allow you to manage?
  2. What options can you configure?
A
  1. What does the Routing and Remote Access Console allow you to manage?
    • NAT
    • Router
    • VPN Server
  2. What options can you configure?
    • Server Status
    • Remote Access Client, Ports, Remote Access Logging
    • IPv4
    • IPv6
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the following Routing and Remote Access Console option allow you to do:

  • Server Status
  • Remote Access Client, Ports, Remote Access Logging
  • IPv4
  • IPv6
A

What does the following Routing and Remote Access Console option allow you to do:

  • Server Status
    • You can monitor the status of the remote access server (RAS), the ports in use, and the server’s uptime.
  • Remote Access Client, Ports, Remote Access Logging
    • You can monitor the client status, port status, and detailed logging information about clients connected to the remote access server.
  • IPv4
    • You can configure the IPv4 settings such as NAT, IPv4 routing with static routes, and the following routing protocols: Routing Information Protocol version 2, Internet Group Management Protocol, and DHCP Relay Agent
  • IPv6
    • You can configure IPv6 settings, such as IPv6 routing with static routes and DHCP Relay Agent routing protocol.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is NAT?
  2. How do organizations set it up?
A
  1. What is NAT?
    • Network Address Translation - It uses Private IPv4 addresses that are not routable on the internet and it talks to a router that has a public and private IPv4 address to talk out to the internet
  2. How do organizations set it up?
    • They set up a router (server or physical router) that has at least two network adapeters. One Adapter has a private IPv4 address and is connected to the corporate network and the other network adapter is configured witha publick IPv4 address and is connected to the internet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where can you configure user settings for different remote access options?

A
  • Active Directory Users and Computers Console
  • On the user in question select the Dail-In Properties Tab
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What settings can you set on the Dail-In Properties of the user account?

A

What settings can you set on the Dail-In Properties of the user account?

  • Network Access Permission
    • Allow Access
    • Deney Access
    • Control Access through NPS Network Policy
  • Verify Valler-ID
  • Callback Options
    • No Callback
    • Set by Caller
    • Always Callback to
  • Assign Static IP Address
  • Apply Static Routes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does the following Settings allow you to control:

  • Network Access Permission
    • Allow Access
    • Deney Access
    • Control Access through NPS Network Policy
  • Verify Valler-ID
  • Callback Options
    • No Callback
    • Set by Caller
    • Always Callback to
  • Assign Static IP Address
  • Apply Static Routes
A
  • Network Access Permission - defines the actions that remote access will perform when a user tries to establish connection
    • Allow Access - Allows the user to connect
    • Deny Access - denys the user access
    • Control Access through NPS Network Policy - DEFAULT: Network Polic Server determins if they are allowed access
  • Verify Valler-ID - if the connection is using a telephone line the remote access server can be configured to verify the caller ID
  • Callback Options - If Callback Options is enabled, once the remote access client computer initiates a connection by using a telephone line, the remote access server calls back the client computer
    • No Callback
    • Set by Caller
    • Always Callback to
  • Assign Static IP Address - can set a static IP to the user once a connection has been made rather than a IP assigned by DHCP
  • Apply Static Routes - allows a limited routing table when connected
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does the new Direct Access and VPN Wizard simlify?

A

The management of DirectAccess for small and medium size oreganizations be removing the need for full PKI deployement and removing the requirement for two separate netowrk interface cards that are connected to the internet and configured with two consecutive public IPv4 addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is considered a DirectAccess Client?

What is special about DirectAccess with off premise computers?

A
  • A directAccess client can be any domain-joined computer running the Windows 8, Windows 7 (Enterprise or Ultimate).
  • You can join the client computer to a domian without requiring the client computer to be located within your internal network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. What does a Network Location Server do for DirectAccess?
  2. How does the url for the NLS (Network Location Server) get distributed to client Computers?
A
  1. What does a Network Location Server do for DirectAccess?
    • The directAccess client uses the network location server to determine its location. If the client computer can securely connect to the network location server using HTTPS, then the client computer assumes it is on the intranet.
    • If it is uncontactable then it assumes it is on the internet.
  2. How does the url for the NLS (Network Location Server) get distributed to client Computers?
    • It is distributed by using a GPO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the minimum Server functional level supported for DirectAccess?

A
  • Windows Server 2003 Domain Functional Level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the DirectAccess Tunneling Protocol Options?

A
  • ISATAP
  • 6to4
  • Teredo
  • IP-HTTPS
    *
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

If you need to support Windows 7 for a DirectAccess deployement what needs to be deployed?

A

PKI (Public Key Infastructure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the two types of VPN connections avalible?

Please explain what each does?

A
  • Remote Access
    • used for users who are working offsite. They connect to a server that is routable on the public internet autheticate and have a connection between the organizations network and the computer.
  • Site-to-Site (A.K.A - Router-to-Router VPN)
    • Enables your organization to establish routed connections between separate offices or with other organizations over a public network while helping to maintain secure communications. A routed VPN connection across the Internet logically operates as a dedicated wide area network (WAN) link
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the default VPN Tunneling protocol in Windows 7 and 8?

A

IKEv2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the system requirements for using VPN reconnect feature?

A
  • Windows Server 2012 or Windows Server 2008 R2 as a VPN server.
  • Windows 8, Windows Server 2012, Windows 7, or Windows Server 2008 R2 client.
  • PKI, because a computer certificate is required for a remote connection with VPN Reconnect. You can use certificates issued by either an internal or public CA.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are the two types of VPN connections available in Windows Server 2012?

A
  • Remote Access
  • Site-to-Site
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are the different VPN Authentication Options?

A
  • PAP
  • CHAP
  • MS-CHAPv2
  • EAP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the following VPN Authentication Option?

PAP

A

Password Authentication Protocol (PAP) uses plaintext passwords and is the least secure authentication protocol. PAP is included in Microsoft Windows Server 2012 to support older client operating systems that support no other authentication method.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is the following VPN Authentication Option?

CHAP

A

The Challenge Handshake Authentication Protocol (CHAP) is a challenge-response authentication protocol that uses the industry-standard MD5 hashing scheme to encrypt the response. Because CHAP requires the use of a reversibly encrypted password, you should consider using another authentication protocol, such as MS-CHAPv2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the following VPN Authentication Option?

MS-CHAPv2

A

MS-CHAPv2 is a one-way encrypted password, mutual-autehntication process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

How does MS-CHAPv2 work?

A
  1. The authenticator, that is the remote access (the PC running NPS), sends a challenge to the remote access client. The challenge consists of a session ID and an abitrary challenge string
  2. The remote access client sends a response, the response contains a one-way encryption of the challenge string, the peer challenge string, the session ID and user password
  3. The authenticator checks the response from the client and sends back a response containing an indication of the success or failure of the connection attempt and an authenticated response based on the sent challenge string, the peer challenge string, the client’s encrypted response, and the user password.
  4. The remote access client verifies the authentication response and, if correct, uses the connection. If the authentication response is not correct, the remote access client terminates the connection.
32
Q

What is the following VPN Authentication Option?

EAP

A

The remote access client and the authenticator, either the remote access server or the Remote Authentication Dial-In User Service (RADIUS) server, negotiates the exact authentication scheme to be used. Routing and Remote Access includes support for EAP-TLS by default. You can plug in other EAP modules to the server that is running Routing and Remote Access to provide other EAP methods

33
Q

What are the Requirements for the inital configuration of a VPN server?

A
  • Two Network interfaces (one public & one private)
  • IP Address allocation (Static or DHCP)
  • Authentication Provider (NPS/RADIUS or VPN Server)
  • DHCP relay agent considerations
  • Membership to the local admins group or equivalent
34
Q

Where do you configure the maximum number of ports?

A

In the Routing and Remote Access Server:

  • Expand the Server
  • Right-Click Ports
  • Select Properties
  • Select the Port Type
  • Click Configure
  • Add or reduce the number of Maximum Ports

or

In the ports properties

35
Q

Where would you confirm the following:

  • If the VPN Server is a IPv4 only remote access Server
  • What Certificate is used for VPN
  • What Authentication protocol is being used
  • The VPN Server is using DHCP
A

You can confirm the following:

  • If the VPN Server is a IPv4 only remote access Server
    • In Routing and Remote Access -> Server Properties -> General Tab
  • What Certificate is used for VPN
    • In Routing and Remote Access -> Server Properties -> Security Tab -> SSL Certifcate Binding
  • What Authentication protocol is being used
    • In Routing and Remote Access -> Server Properties -> Security Tab -> Authentication Methods
  • The VPN Server is using DHCP
    • In Routing and Remote Access -> Server Properties -> IPv4 -> IPv4 address assignment
36
Q

In NPS (Network Policy Server) what is the first step to allow a VPN connection?

A

You have to create a Network Policy as the two defaults deny access

37
Q

What does the following cmdlet do?

Get-RemoteAccess

A

displays the configuration of DirectAccess (DA) and VPN (both Remote Access VPN and site-to-site VPN).

38
Q

What does the following cmdlet do?

Set-DAServer

A

sets the properties specific to the DirectAccess (DA) server.

39
Q

What does the following cmdlet do?

Get-DAServer

A

displays the properties of the DirectAccess (DA) server

40
Q

What does the following cmdlet do?

Set-RemoteAccess

A

Modifies the configuration that is common to both DirectAccess (DA) and VPN such SSL certificate, Internal interface, and Internet interface. All settings configured by this cmdlet result in changes only on the server on which the cmdlet is run.

41
Q

What are the two Management Consoles for the Remote Access Role?

A
  • Remote Access Management Console
  • Routing and Remote Access Console
42
Q

To deploy DirectAccess what must your infastructure have/support?

A

To deploy DirectAccess your infastructure must have/support:

  • DirectAccess Server
  • DirectAccess Clients (Windows 7 and Above)
  • Network Location Server
  • DirectAccess Group Policies
  • PKI (optional unless you are deploying for win 7)
  • DNS
  • NAP (Network Access Protection) Server (optional)
43
Q

If you deploy multiple DirectAccess Servers in different network locations which server does the client choose?

A

Windows 8: Chooses the closest endpoint

Windows 7: You must specify the endpoint

44
Q

When you deploy DirectAccess behing a NAT what happens?

A

It removes the prerequisite for a piblic address. However only IP-HTTPS is deployed

45
Q

If you wish to support one-time password or vitual smart cards what must be set up?

A

It requries a PKI deployement and a TPM chip can act as a virtual smart card for two-factor authentication

46
Q

Does DirectAccess support NIC Teaming?

A

Yes

47
Q

Can you add a non-domain computer to your domian, if it is off the network?

How would you do this is possible?

A

Yes, it was introduced in Windows Server 2008 R2

You would use Djoin.exe

48
Q

How do you perform an Offline Domain Join?

A
  1. djoin /provision /domain “< Your Domain Name >” /machine “ < Machine Name >” /savefile odj.txt
  2. copy the file and paste it any where on the PC you want to join to the domain
  3. djoin /requestODJ /loadfile win7blob.txt /windowspath < Path to file >
49
Q

How would you do an offline domain join with DirectAccess setup?

A
  1. On the Remote Access Server run: Djoin /provision /domain <your> /machine <remote> /policynames DA Client GPO name /rootcacerts /savefile c:\files\provision.txt /reuse</remote></your>
  2. Add the new computer object to the DirectAccessClients AD Group
  3. Copy the provisioning package from c:\files\provision.txt on the Remote Access Server, where it was saved, to c:\provision\provision.txt on the client computer.
  4. On the client computer run: Djoin /requestodj /loadfile C:\provision\provision.txt /windowspath %windir% /localos
50
Q

What are the direct Access Tunneling protocols used when native IPv6 is not avalible?

A
  • ISATAP
  • 6to4
  • Teredo
  • IP-HTTPS
51
Q

When using Teredo for DirectAccess what needs to be done?

A

The firewall needs to allow outbound traffic on UDP 3544

52
Q

What is a Network Location Server?

Can it be the DirectAccess Server?

A

An Internal Server that hosts an HTTPS-based URL

Yes, but if DirectAccess is a business-critical service the network location server should be highly avalible.

53
Q

If you were using 6to4 instead of Teredo, would you need two sequential public IP addresses on the DirectAccess server?

A

Yes

54
Q

What configurations are made to your Infastrcuture in the getting started wizard for DirectAccess?

A
  • Two GPOs are created. One for DirectAccess Server Setting and oen for DirectAccess Client Settings. These also help define which computers are DirectAccess Servers and DirectAccess Clients
  • DNS Records are created for the following hosts: directaccess-corpConnectivityHost, DirectAccess-NLS, and directaccess-WebProbeHost
  • Remote Client Settings
  • Remote Access Server Topology
55
Q

What does the DirectAccess Server Settings GPO apply during the getting started wizard?

A
  • Global Settings. Define the IPsec Internet Control Message Protocol (ICMP) that will be allowed through the local firewall on the DirectAccess server.
  • Inbound Rules. Define inbound IP-HTTPS traffic to provide connectivity across HTTP proxies and firewalls. Inbound rules also allow traffic to the DNS64 server that is deployed on the remote access server.
  • Connection Security Settings. Define the IPv6 address prefixes and the Kerberos authentication settings.
56
Q

What does the DirectAccess Client Settings GPO apply by default?

A
  • Public Key Policies/Trusted Root Certification Authorities. DirectAccess client computers are configured to trust the self-signed certificates that the DirectAccess server issues
  • Global Settings. Define the IPsec ICMP protocol that will be allowed through the local firewall on the DirectAccess clients
  • Outbound Rules. Define the outbound IP-HTTPS traffic to provide connectivity across HTTP proxies and firewalls.
  • Connection Security Settings. Define the IPv6 address prefixes and the Kerberos authentication settings.
57
Q

What are the remote clients settings that you configure in the DirectAccess Getting Started Wizard?

A
  • By default Domain Computers group will be configured for DirectAccess but you can replace this with another security group
  • You can disabled DirectAccess for moblie computer only. This setting is enabled by default, and it can be disabled in the wizard.
  • You can configure Network Connectivity Assistant settings
    • ​Resources that validate connectivity to internal network. Therefore, they will contact resources you provide in this wizard either by HTTP or ping
    • Helpdesk email address. By default, this setting is not configured.
    • DirectAccess connection name. The default name is Workplace Connection.
    • Allow DirectAccess clients to use local name resolution. This setting is disabled by default
58
Q

What are the requirements for network adapters for the following type:

  • Edge Topology
  • Behind NAT Device
A

What are the requirements for network adapters for the following type:

  • Edge Topology
    • One Internet-facing public static IPv4 or IPv6 Address
    • A Single intenral static IPv4 or IPv6 address
    • NOTE: Two consecutive public IPv4 addresses are required for Teredo.
  • Behind NAT Device
    • A single internal network-facing static IPv4 or IPv6 address.
    • A single perimeter network-facing static IPv4 or IPv6 address.

OR

  • A single Static IPv4 or IPv6 Address
59
Q

What Internet-facing firewall exceptions for Remote Access traffic need to be set up when the Remote Access server is on the IPv4 Internet:

  • 6to4 traffic
  • IP-HTTPS
A

What Internet-facing firewall exceptions for Remote Access traffic need to be set up when the Remote Access server is on the IPv4 Internet:

  • 6to4 traffic
    • IP Protocol 41 inbound and outbound.
  • IP-HTTPS
    • TCP Destination 443, and TCP source port 443 outbound.
  • IP-HTTPS Note: When the Remote Access server has a single network adapter, and the network location server is on the Remote Access server, then TCP port 62000 is also required.This exemption has to be configured on the remote access server. All the other exemptions have to be configured on the edge firewall.
  • Note: For Teredo and 6to4 traffic, these exceptions should be applied for both of the Internet-facing consecutive public IPv4 addresses on the Remote Access server. For IP-HTTPS the exceptions need only be applied for the address to which the external name of the server resolves.
60
Q

If you want to deploy an Advanced Direct Access Solution, what do you need to configure?

A
  • Create a CRL Certification for a CRL Distribution Point
  • Add the certification to the group policy
    • Location: Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies
    • Automatic Certificate Request
  • For your network location server request a Certificate and bind it to your IIS
  • Issue a certification to your DirectAccess Server for Server Authentication
61
Q

Please describe the following tunneling protocol

PPTP

What Firewall port does it use?

A
  • Provides data confidentiality but not data integirty or data authentication
  • Uses TCP Port 1723
62
Q

Please describe the following tunneling protocol

L2TP/IPsec

What is recommended for authentication?

What ports does it use?

A
  • Users certificates or preshared keys for authentication.
  • Certificate authentication is recommended
  • UDP 500, 1701, UDP 450, IP Protocol ID 50
63
Q

Please describe the following tunneling protocol

SSTP

What port does it use?

A
  • Uses SSL to provide data confidentiality and data integrity and data authentication
  • Uses port TCP 443
64
Q

Please describe the following protocol

IKEv2

What firewall port does it use?

A
  • Supports the latest IPsec encryption alogrithms to provide data confidentiality, data integrity, and data authentication
  • Uses port UDP 500
65
Q

Please list the VPN Authentication options in order of weakest to strongest

A
  1. PAP
  2. CHAP
  3. MS-CHAPv2
  4. EAP
66
Q

What Operating Systems support IKEv2?

A
  • Windows 7/Server 2008R2 and above
67
Q

What is the default tunneling protocol in Windows 7 and 8?

A

IKEv2

68
Q

What must you deploy before you install the service Web Application Proxy?

What does it provide?

A

AD FS - Active Directory Federation Services

It provides users with the signel sign-on functionality

69
Q

What is AD FS?

What does it include?

A

Active Directory Federation Services

  • Web SSO
  • Web Services Interoperability
  • Support for different types of clients
  • extensible architecture
  • enhanced security
70
Q

What types of preauthentication are supported in Windows Server 2012 R2?

A
  • AD FS preauthentication
  • Pass-through preauthentication
71
Q
  1. What is AD FS Preauthentication?
  2. What is Pass-through preauthentication?
A
  1. The web application proxy will preauthenticate the user in the AD FS server and if authentication is successful, the web application proxy will establish a connection to the web server where the application is hosted.
  2. Pass-through does not use AD FS for authentication and does not preauthenticate the user. The user is connected to the web app through web application proxy, and if the web app is configured for authentication, authenticates the user.
72
Q

What benefits does AD FS preauthentication provide when compared to pass-through?

A
  • Workplace join - Nondomain computers can be configured for AD FS preauthentication
  • SSO - allows users to enter credentials only once
  • Multifactor authentication
  • Multifactor access control - Rules are configured so that they issue a permit or deny claim that will determine whether a user or a group will be allowed or denied access to a web app
73
Q

What information is required to configure the web applicaiton proxy?

A
  • AD FS Name
  • Credentials of the local administrator account for AD FS
  • AD FS Proxy Certificate - This is used by the Web Application Proxy for AD FS proxy functionality
74
Q

What information is needed for publishing a web application?

A
  • The type of preauthentication
    • if AD FS - Next will be Relying Party
  • The Application that will be published
  • The external URL of the application
  • A certificate whose subject name covers the external URL
  • The URL of the back end server
75
Q

How would you install a Web Application Proxy via PowerShell?

A

Install-WebApplicationProxy - FederationServiceTrustCredential ‘ Admin Credentials’ -CertificateThumbprint ‘Certificate Thumbprint’ -FederationServiceName ‘AD FS Server Name’

76
Q

How would publish a web application proxy application using pass through via PowerShell?

A

Add-WebApplicationProxyApplication -BackendServerUrl ‘Url to server’ -External CertificateThumbprint ‘Thumbprint’ -ExternalUrl ‘External URL’ -Name ‘name of Appl’ -ExternalPreAuthentication PassThrough

77
Q

How would publish a web application proxy application using AD FS via PowerShell?

A

Add-WebApplicationProxyApplication -BackendServerUrl ‘Url to server’ -External CertificateThumbprint ‘Thumbprint’ -ExternalUrl ‘Same As Backend’ -Name ‘name of Appl’ -ExternalPreAuthentication ADFS -ADFSRelyingPartyName ‘Party Name’

MCSA 70-411 - Global Knowledge (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions