PrepAway - Latest Free Exam Questions & Answers

select Yes if the statement is true. Otherwise, select No.

HOTSPOT
Your network contains an Active Directory named contoso.com.
You have users named User1 and user2.
The Network Access Permission for User1 is set to Control access through NPS Network
Policy. The Network Access Permission for User2 is set to Allow access.
A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)

A policy named Policy2 is shown in the Policy2 exhibit. (Click the Exhibit button.)

A policy named Policy3 is shown in the Policy3 exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select
No. Each correct selection is worth one point.

PrepAway - Latest Free Exam Questions & Answers

Answer:

Explanation:

21 Comments on “select Yes if the statement is true. Otherwise, select No.

  2. nottme says:

    Think I know why now

    “The Network Access Permission for User1 is set to Control access through NPS Network Policy. The Network Access Permission for User2 is set to Allow access” This is set in AD user settings, think set to NPS by default. So user2 doesn’t use anyone of the NPS rules.




    0



    0
  3. Wim says:

    http://technet.microsoft.com/en-us/library/cc732724(v=ws.10).aspx
    Answer is simple and I will explain:
    * NAP says user1 goto NPS
    * NAP says user2 allow Access… take care!!! this mean that only explicit denies from NPS are to be applied!

    Policies condition permission
    P1 mon, tue, wed domain users allow
    P2 fri deny
    P3 domain users allow

    Does User1 establish a connection on thu? P1 conditions are not met (day is not mon, tue, wed), P2 conditions are not met (day is not fri), P3 condition is met (user is in domain users), so action is allow due to P3.

    Does User 1 establish a connection on fri? P1 conditions are not met (day is not mon, tue, wed), P2 condition is met (day is fri), so action is deny.

    Does User 2 establish a connection on fri? P2, the deny policy is applied and the condition is met (day is fri), so action is deny.

    conclusion answer should be yes, no, no




    0



    0
    2. kingces says:

      Nice explanation Wim.

      Yes, No, No

      With regards to the last selection your link states:

      If the value of Network Access Permission is Allow access, the user is allowed network access unless there is a network policy that explicitly denies access to the user.




      0



      0
  4. Cespn says:

    Yes, No, Yes – looks right.
    Network Access Permission for user 2 is setup to Allow Access, it is not configured to go thru NPS, thus network policies do not apply even though all users are members of Domain Users. The configuration setup for Users is found under in the User account properties in ADUC, Dial-in tab, Network Access Permission – Allow Access, Deny access, Control access through NPS Network Policy.




    0



    0
    1. MancaMulas says:

      https://technet.microsoft.com/en-us/library/dd197420%28v=ws.10%29.aspx

      “If the Ignore-User-Dialin-Properties attribute is set to False, NPS checks the Network Access Permission setting in user account dial-in properties for the user attempting the connection:

      If Deny access is selected, NPS rejects the connection request.

      If Allow access is selected, NPS applies the user account properties and network policy constraints:

      If the connection request does not match the settings of the user account properties and network policy constraints, NPS rejects the connection request.

      If the connection request matches the settings of the user account properties and network policy constraints, NPS accepts the connection request.”

      So it’s, yes, no, no…




      0



      0
    1. den says:

      BTW: did any of you “yes,no,yes” sayers verified it in lab?
      I did…and I see in the log file that the test user is being denied despite of his dial in properties, as the deny policy is being applied!




      0



      0
  9. x64 says:

    The policy will only apply if the conditions are met, if not it will go to the next in processing order until the first one that meet the conditions will be applied and the rest ignored.

    So User 1 on Thrusday = Policy1 does not apply on thrusdays, goes to next, Policy2 does not apply on Thrusdays go to next, Policy 3 applies to all domain users and grant access.

    Next, User1 access on a Friday. Policy1 does not apply on fridays, go the Policy2 that does apply and deny access.

    Last User2 is set to allow access in AD Users and Computers, NPS policies won’t be used and USer2 will be granted access.

    Answer must be:
    yes
    No
    Yes




    0



    0
  10. JF says:

    I think it’d be:
    NO – it only processes the first policy for each user. So, user1 is part of Domain Users so this is the only policy that will apply to him. He cannot authenticate on Thursday.
    NO – same as above.
    YES – it’s set to allow, so none of this policies matter.




    0



    0
  11. sisco says:

    If the value of Network Access Permission is Deny access, the user is always denied access to the network by NPS, regardless of any settings in network policy.
    If the value of Network Access Permission is Allow access, the user is allowed network access unless there is a network policy that explicitly denies access to the user.
    If the value of Network Access Permission is Control access through NPS Network Policy, NPS makes authorization decisions based solely on network policy settings.
    so YES,NO,NO




    0



    0

Leave a Reply