web flashcards
1
Q
DirectAccess was introduced with which workstation/server pair?
A
Windows 7/Windows Server 2008 R2
2
Q
What kind of connectivity does DirectAccess establish between workstation and server?
A
bi-directional
3
Q
What type of server is the network location server (NLS)?
A
web
4
Q
What does the acronym ISATAP stand for?
A
Intra-Site Automatic Tunnel Addressing Protocol
5
Q
What utility do you use to configure DirectAccess?
A
Remote Access Management Console
6
Q
Windows Server 2012 varies from the Windows Server 2008 R2 implementation in that it does not require which one of the following?
A
two consecutive public IP addresses
7
Q
What is the most basic requirement for a DirectAccess implementation?
A
The DirectAccess server must be part of an Active Directory domain.
8
Q
If the client cannot reach the DirectAccess server using 6to4 or Teredo tunneling, the client tries to connect using what protocol?
A
IP-HTTPS
9
Q
What does the netsh namespace show policy command do?
A
determines the results of network location detection and the IPv6 addresses of the intranet DNS servers
10
Q
What kind of connectivity does DirectAccess provide between client computers and network resources?
A
seamless and always on
11
Q
DirectAccess is for clients connected to which network?
A
Internet
12
Q
How do the DirectAccess server and DirectAccess client authenticate each other?
A
computer and user credentials
13
Q
Which one of the following operating systems may not act as a DirectAccess client?
A
Windows Server 2008
14
Q
What kind of RADIUS server is placed between the RADIUS server and RADIUS clients?
A
a RADIUS proxy server
15
Q
What process determines what a user is permitted to do on a computer or on a network?
A
authorization
16
Q
What is a RADIUS server known as in Microsoft parlance?
A
Network Policy Server
17
Q
Which ports do Microsoft RADIUS servers use officially?
A
1812 and 1813
18
Q
When an access client contacts a VPN server or wireless access point, a connection request is sent to what system?
A
the NPS server
19
Q
Which system, in a RADIUS infrastructure, handles the switchboard duties of relaying requests to the RADIUS server and back to the client?
A
the access server
20
Q
What is the final step in the authentication, authorization, and accounting scenario between an access client and the RADIUS server?
A
an Accounting-Response to the access server
21
Q
To configure RADIUS service load balancing, you must have more than one kind of what system per remote RADIUS server group?
A
RADIUS server
22
Q
Which parameter specifies the order of importance of the RADIUS server to the NPS proxy server?
A
priority
23
Q
Using what feature can streamline the creation and setup of RADIUS servers?
A
templates
24
Q
What information does the Accounting-Start message contain?
A
the type of service and the user it’s delivered to
25
Which system is the destination for Accounting-Start messages?
the RADIUS accounting server
26
What type of NPS authentication is recommended over password authentication?
certificate
27
Why is password-based authentication not recommended?
Usernames and passwords are sent in plain text.
28
Where do you get certificates for authentication purposes?
a certificate authority
29
An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?
who, when, and how
30
Which variable can be set to authorize or deny a remote connection?
group membership
31
The default connection request policy uses NPS as what kind of server?
RADIUS
32
Where is the default connection policy set to process all authentication requests?
locally
33
What is the last setting in the Routing and Remote Access IP settings?
how IP addresses are assigned
34
What command-line utility is used to import and export NPS templates?
netsh
35
To which type of file do you export an NPS configuration?
XML
36
When should you not use the command-line method of exporting and importing the NPS configuration?
when the source NPS database has a higher version number than the version number of the destination NPS database
37
Network policies determine what two important connectivity constraints?
who is authorized to connect AND the connection circumstances for connectivity
38
When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.
constraints
39
If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
denies
40
Identify the correct NPS templates. Select all that apply.
Shared Secrets
Health Policies
RADIUS Clients
41
Which two of the following are Routing and Remote Access IP settings?
Client May Request an IP Address
| Server Must Supply an IP Address
42
Which Routing and Remote Access IP setting is the default setting?
Server Settings Determine IP Address Assignment
43
Network Access Protection (NAP) is Microsoft's software for controlling network access of computers based on what?
a computer's overall health
44
Because NAP is provided by _________, you need to install _________ to install NAP.
NPS
| NPS
45
DHCP enforcement is not available for what kind of clients?
IPv6
46
Identify two remediation server types.
Anti-virus/anti-malware servers
| Software update servers
47
What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
read-only
48
When you fully engage NAP for remediation enforcement, what mode do you place the policy in?
isolation
49
To verify a NAP client's configuration, which command would you run?
> netsh nap client show state
50
Which two components must a NAP client have enabled in order to use NAP?
Security Center
| NAP Agent
51
Why do you need a web server as part of your NAP remediation infrastructure?
to provide user information in case of a compliance failure
52
Where do you look to find out which computers are blocked and which are granted access via NAP?
the NAP Server Event Viewer
53
Health policies are in pairs. What are the members of the pair? Select two.
NAP-compliant
| NAP-noncompliant
54
You should restrict access only for clients that don't have all available security updates installed if what situation exists?
the computers are running Windows Update
55
What happens to a computer that isn't running Windows Firewall?
The computer is isolated.
56
Health policies are connected to what two other policies?
network policies
| connection request policies
57
To use the NAP-compliant policy, the client must do what?
pass all SHV checks
58
Which computers are not affected by VPN enforcement?
locally connected computers
59
What is the default authentication protocol for non-domain computers?
NTLM
60
What does the acronym NTLM stand for?
NT LAN Manager
61
Role seizure is performed using the ________ command
NTDSUTIL
62
FSMO role change process where the original role-holder DC is down
seizure
63
FSMO role change process where the original role-holder DC is running
transfer
64
Which of the FSMO roles ideally should not be on a Global Catalog server?
Infrastructure master
65
Every additional domain in the forest adds how many domain-wide roles?
three (which)
66
A forest with one domain has how many operations master roles?
five (which)
67
True or False. Only one domain controller in the domain or forest performs each FSMO role.
true
68
Which FSMO role updates group membership changes?
Infrastructure Master
69
Which FSMO role tracks, moves, and renames objects and also updates references from objects in its domain to objects in other domains?
Infrastructure Master
70
Which FSMO role is responsible for updating changes made to objects?
Infrastructure Master
71
Which FSMO role acts as a focal point for all Group Policy changes to avoid Group Policy object conflicts?
PDC Emulator
72
Which FMSO role acts as the domain master browser, creating browse lists of workgroups, domains, and servers?
PDC Emulator
73
Which FSMO role replicates password changes within a domain?
PDC Emulator
74
Which FSMO role acts like a Windows NT 4.0 Primary Domain Controller (PDC) and performs other tasks normally associated with NT domain controllers.
PDC Emulator
75
True or False. RIDs (and SIDs) can be reused.
False
76
This is created for a new security principal by combining the RID with the domain ID
Security Identifier SID
77
What is RID?
Relative ID
78
Which FSMO role allocates pools or blocks of numbers (called relative IDs or RIDs) that are used by the domain controller when creating new security principals (such as user, group, or computer accounts).
RID Master
79
True or False. The domain naming master is essential in a single-domain environment.
False
80
Which FSMO role adds new domains to and removes existing domains from the forest.
Domain Naming Master
81
True or False. All other domain controllers hold read-only replicas of the schema.
True
82
Only the _______ can perform write operations to the directory schema.
Schema Master
83
Schema updates are replicated from the schema master to _________ in the forest.
Domain Controllers
84
How many schema masters do you have in a forest?
one
85
Which FSMO role maintains the Active Directory schema for the forest?
Schema Master
86
True or False. Having a single operations master means that the master role owner does not have to be available to make directory changes associated with that specific operations master role.
False
87
True or False. Having a single operations master means that the role owner must be available when dependent activities in the enterprise or domain take place.
True
88
A domain controller that performs an operations master role is known as
Operations master
89
Term for specialized domain controller tasks assigned to a domain controller in the domain or forest
FSMO Roles
90
What does FSMO stand for?
Flexible Single Master Operation
91
What does RADIUS stand for?
Remote authentication dial-in user service
92
What limitations does NPS installation have?
Cant be installed on Failover Cluster or server core?
93
What role or feature allows RADIUS?
Network Policy and Access Server
94
What is considered a client of a RADIUS Server?
A VPN Server is a client because it uses the authorization and authentication services.
95
What authentication protocol is used for smart card suppart?
Extensible Authentication Protocol(EAP)
96
What authentication protocol uses your password as authentication?
MS-CHAPv2
97
How do priority and weight work in RADIUS?
Low priority wins and higher weight is more likely to be used.
98
What are the 4 RADIUS Accounting modes?
SQL Only
Text Logging
Parralel(SQL and Tex)
SQL with backup
99
What certificates does a NPS server need?
Workstation authentication for the client computer and server authentication for the NPS server.
100
Where in Group Policy would you auto enroll clients for the workstation authentication cert?
Computer Config\Policies\Windows Settings\Security Settings\Public Key Policies.
101
What are connection request policies?
defines which connections are processed by the NPS Server and which are processed on a remote RADIUS Server.
102
What are network policies?
define who is allowed to connect to the network, how they are authenticated, and what access is permitted.
103
What happens to existing NPS templates when you import a new one?
It replaces any existing templates with those in the imported XML file.
104
What must you do after you import a NPS configuration?
You must reconfigure SQL Server Logging.
105
How can you Export/Import NPS Configuration?
The NPS console
or
Export-NPSConfiguration
Import-NPSConfiguration
106
What group do you add RRAS to to activate in AD?
RAS and IAS Servers security group.
107
How can you export NPS templates?
You Rclick on Templates Management - it exports ALL the templates
108
Where in NPS can you specify whether the server is going to be a Radius Server vs a Radius Proxy?
When you configure New Connection Request Policy on the Authentication settings.
For a Radius server you 'authenticate requests on this server'
For a proxy you 'Forward requests to the following remote RADIUS server group for authentication'
109
Should you Grant or Deny access a network policy for remediation?
Grant. Deny would prevent access to the remediation server. You are Granting/Denying access to the Remediation server NOT to the network.
110
Where on the NPS Console can you force accounting requests to a specific NPS/RADIUS Server?
Under Settings of a Connection Request Policy
111
What are the possible common Framed Protocols?
PPP
| SLIP
112
Which servers of an NPS configuration are available on the restricted network?
Remediation
113
Where must the certificate be located if it was issued by a 3rd Party?
Personal under Certificates(Local) on the NPS Server
114
What PS Command will add a new RADIUS Server?
> Add-RemoteAccessRadius
115
What command will disconnect a specific VPN connection by a user or computer?
Disconnect-VPNUser
116
What role must be installed to deploy a VPN?
Remote Access
117
To enable HRA automatic discovery, what registry key must be created and /or set on the clients that are domain members?
EnableDiscovery at HKLM/SOFTWARE/Policies/Microsoft\NetworkAccessProtection\ClientConfig\Enroll\HcsGroups
118
What PS Command disconnect a site-to-site interface that is connected?
> Disconnect-VpnS2SInterface
119
What three settings can you export and import to a new NPS server when you need to deploy a second NPS server that will be configured the same as the first?
- Network Policies
- Connection Request Policies
- Radius Clients
120
PS command to set VPN Authentication type
> Set-VPNAuthType
121
To what two destinations can a RADIUS proxy forward connection attempts from RADIUS clients for further routing?
to Another Radius Proxy or to a Radius Server
122
Which component of NPS defines configuration requirements for computers that attempt to connect to your network?
System Health Validators(SHVs)
123
When a VPN server does not perform authentication and uses a RADIUS server, how should the VPN server be configured?
Solely as a RADIUS Proxy
124
What PowerShell cmdlet is used to set the authentication method for incoming site-to-site (S2S) VPN interfaces?
> Set-VPNAuthProtocol
125
What is a reason you would NOT automatically generate a shared secret in a Shared Secrets NPS template?
Not all clients support long Shared Secrets
126
What is the only server that requires a certificate when using PEAP-MS-CHAP v2?
The server that performs authentication(Either RADIUS or Network Access Server)
127
Which sections(s) in the NPS console will you use to create policies used with Network Access Protection (NAP) that designate the requirements of computers with regard to their health (such as security patches) before they are allowed to connect to the network?
Health Policies
128
Which sections(s) in the NPS console will you use to define conditions under which computers can connect to the network and in which scenarios those policies apply?
Network Policies
129
For which authentication methods does the NAP enforcement for 802.1x require you to deploy a PKI?
PEAP-TLS
130
Which sections(s) in the NPS console will you use to define network access servers, wireless access points, or any other 802.1x compatible device that controls access to the network that needs to have its authentication requests processed by the RADIUS server?
Radius Clients
131
Which NAP enforcement method does not require a certificate on the NPS server?
NAP for DHCP
132
What PowerShell cmdlet modifies the configuration that is common to both DirectAccess (DA) and VPN, such as SSL certificate, internal interface, and Internet interface?
> Set-RemoteAccess
133
Which four different types of network access servers can be RADIUS clients?
```
Wireless Access Points
802.1x authenticating Switches
Dial-in Servers
VPN Servers
Terminal Services Gateway server
```
134
When an NPS server has a certificate issue by a third party, where must that certificate be located?
In the Personal store of the Certicates(Local) on the NPS server itself.
135
What is exported when you export the entire NPS Configuration?
```
Radius Clients
Radius Servers
Network Policies
Connection Request Policies,
Registry,
Logging Info(But not SQL Logging info)
```
136
Where do templates apply to?
Any server with the template assigned. If a template is changed on one NPS, it applies to all NPSs with that template.
137
What configuration elements use templates?
```
Radius Shared Secret
Radius Clients
Remote Radius servers
IP Filters
Health Policies
Remediation Server Groups
```
138
What are the 3 NPS migration picadilos?
- 2003 SP2 or >
- No cross languages
- You can migrate 32 to 64bit.
139
What is the name of the IAS/NPS Migration tool?
IASMIGREADER.exe
