Your network contains an Active Directory domain named contoso.com. The domain contains a
server named NPS1 that has the Network Policy Server server role installed. All servers run Windows
Server 2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
A.
Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to
authenticate connection requests.
B.
On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the
remote RADIUS server group.
C.
On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type
condition.
D.
Configure each Remote Access server to use a RADIUS server named NPS1.
E.
On NPS1, create a RADIUS client template and use the template to create RADIUS clients.
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to
designate which RADIUS servers perform the authentication and authorization of connection
requests that the server running Network Policy Server (NPS) receives from RADIUS clients.
Connection request policies can be configured to designate which RADIUS servers are used for
RADIUS accounting.
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service
(RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of
processing the connection requests because they can perform authentication and authorization in
the domain where the user or computer account is located. For example, if you want to forward
connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as
a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.
To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of
the information required for NPS to evaluate which messages to forward and where to send the
messages.http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx
The answer is wrong.
B is part of the right answer, i tested it.
(you need to tell the proxy where to redirect)
https://technet.microsoft.com/en-us/library/cc772591(v=ws.10).aspx
IMHO it is B & C
0
0
That’s also what I thought so I searched further online and other dump sites agreed:
QUESTION 345
http://www.hpdumps.com/official-2014-latest-microsoft-70-411-exam-dump-free-download331-340-2.html
0
0
Given answer is correct. First you must config all Remote access servers to redirect authenticate request to NPS1. Then in NPS1 you must create Connection Request Policy to grab all request from those Remote access servers (VPN, Dial-in, 802.1Q) by Service type and Tunnel type conditions. Then you have infrastructure where all remote access servers use network policies from NPS1.
0
0
I agree with C and D. As per the link in the explanation: The default connection request policy uses NPS as a RADIUS server and processes all authentication requests locally. The question doesn’t explicitly state that there is another RADIUS server. It’s assumed that NPS1 is the RADIUS server.
0
0
This question is complete crap….I tried to justify it a few ways, but it is just so badly mangled the correct answer can’t be decided.
If we are to assume that the RRAS servers are using Radius authentication (and not just accounting), the answer would be D and E (as they would both be required) and if we are applying a policy we would also need to select C.
A is out because we are using Radius and not RRAS for authentication.
B is out because we need to add Radius clients not Remote Radius Servers (used for forwarding authentication requests to another radius server).
0
0