Your network contains an Active Directory domain named contoso.com. The domain contains a
server named NPS1 that has the Network Policy Server server role installed. All servers run Windows
Server 2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
A.
Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to
authenticate connection requests.
B.
On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the
remote RADIUS server group.
C.
On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type
condition.
D.
Configure each Remote Access server to use a RADIUS server named NPS1.
E.
On NPS1, create a RADIUS client template and use the template to create RADIUS clients.
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to
designate which RADIUS servers perform the authentication and authorization of connection
requests that the server running Network Policy Server (NPS) receives from RADIUS clients.
Connection request policies can be configured to designate which RADIUS servers are used for
RADIUS accounting.
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service
(RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of
processing the connection requests because they can perform authentication and authorization in
the domain where the user or computer account is located. For example, if you want to forward
connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as
a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.
To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of
the information required for NPS to evaluate which messages to forward and where to send the
messages.http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx
I think it is B & D. The explanation doesn’t seem to be relevant to the question
0
0
It should be D and E. But i’m a bit confused since C is also correct and would be done in step 3.
Review:
A- It can’t be A because the Question says you should use NPS1 to authenticate, not authenticate on the servers.
B – It can’t be B because NPS1 is the radius server which does the authentication. There is no other Radius server which NPS1 needs to forward to.
C – This we could do after we done step D and E. But it isn’t necessarily needed because there is a default Connection request policy there.
D – This we need. The 10 Clients need to send the authentication requests to NPS1
E – This we also need or the NPS1 will not accept the authentication requests from the 10 Clients.
0
0
D & E
0
0
I guess I am having a hard time understanding why you would create a client template. If the template is specific settings for just one RADIUS client, you would have to configure a template for each remote access server. So if you were using the same preshared key, it would make sense to create a shared secrets template and use that, then create each radius client seperately because using a radius client template, you’ll still need to change the IP address for each client.
So the answer doesn’t make sense as to why they are doing it that way, but I guess this could be a case of it still needs to be done because it won’t work without it.
0
0