You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The
infrastructure uses Active Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure
successfully.
Which Windows PowerShell command should you run?
A.
Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
B.
Set-ADFSProperties -AddProxyAuthenticationRules None
C.
Set-ADFSProperties -SSOLifetime 1:00:00
D.
Set-ADFSProperties -ExtendedProtectionTokenCheck None
Explanation:
A) Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the
federation server proxy to authenticate with its associated federation server.
B) Specifies a policy rule set that can be used to establish authorization permissions for
setting up trust proxies. The default value allows the AD FS 2.0 service user account or any
member of BUILTIN\Administrators to register a federation server proxy with the Federation
Service.
C) Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in
minutes).
D) pecifies the level of extended protection for authentication supported by the federation
server. Extended Protection for Authentication helps protect against man-in-the-middle
(MITM) attacks, in which an attacker intercepts a client’s credentials and forwards them to a server.
http://technet.microsoft.com/zh-cn/library/ee892317.aspx
it’s D
http://technet.microsoft.com/en-us/library/hh237448(v=ws.10).aspx
Disable the Extended Protection for Authentication feature in AD FS 2.0
Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended Protection for Authentication capabilities that can be used across the Windows platform to protect against man-in-the-middle attacks. To prevent this type of attack from occurring over secure AD FS communications, AD FS 2.0 enforces (by default) that all communications use a channel binding token (CBT) to mitigate against this threat.
However, if it is important that browser clients that do not support Extended Protection for Authentication must be used in your organization, you will have to adjust a feature setting in AD FS 2.0 that will disable the CBT from being used over communications, which, in turn, may leave client credentials vulnerable to man-in-the-middle attacks.
1
0
Exactly.
0
0
The premium dump says A.
0
1
And that is why you will fail. Fuck your premium dumps.
3
0
premium dump A
0
1
Hey, Mostly, ive seen you on other questions. you’re a twat. Premium dumps are a scam and you lost money. You paid for wrong answers.
Fuck you
1
0
Premium cast is not valid.
0
0
No it isn’t correct. Premium version 30.0 Dec 27, 2014
Set-ADFSProperties -ExtendedProtectionTokenCheck None
0
0
Liron can you send to me the premium version
0
0
did u get the prem version?
0
0
Guys, the premium dumps are honestly a scam and are CERTAINLY not always correct. They really aren’t any different than all the other dumps out there. You still need to verify the answers are correct.
0
0
fuck the premium dump.
0
0
Fuck to the Fuck
0
0
Does nobody moderate these responses!!! We don’t need language like that please Cecil
0
0
I agree with Cecil
0
0
I agree with Joe
0
0
I agree with pump
0
0
i agree with peeharda. where the fuck is hassan when you need him ?
0
0
I agree with Mikieeee who agrees with Joe who agrees with Cecil who disagrees with the pumps
0
0
i agree to pee XD
0
0
Technet says its D:
“Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended Protection for Authentication capabilities”
“To disable the Extended Protection for Authentication feature in AD FS 2.0
On a federation server, login using the Administrator account, open the Windows PowerShell command prompt, and then type the following command:
Set-ADFSProperties –ExtendedProtectionTokenCheck None
Repeat this step on each federation server in the farm.”
https://technet.microsoft.com/en-us/library/hh237448(v=ws.10).aspx
0
0
It’s D.
0
0
Be careful not to choose B
The question asks about authentication so some people might see authentication in the answer and choose it!
Correct answer is D
0
0
I agree with Joe
0
0
i agree to pee harda XD
0
0
Answer is D:
Disable the Extended Protection for Authentication feature in AD FS 2.0
<b?Certain client browser software, such as Firefox, Chrome, and Safari, do not support the Extended Protection for Authentication capabilities that can be used across the Windows platform to protect against man-in-the-middle attacks. To prevent this type of attack from occurring over secure AD FS communications, AD FS 2.0 enforces (by default) that all communications use a channel binding token (CBT) to mitigate against this threat.
However, if it is important that browser clients that do not support Extended Protection for Authentication must be used in your organization, you will have to adjust a feature setting in AD FS 2.0 that will disable the CBT from being used over communications, which, in turn, may leave client credentials vulnerable to man-in-the-middle attacks.
If this is the case, you can disable the Extended Protection for Authentication feature by using the Windows PowerShell cmdlet Set-ADFSProperties in the following procedure.
To disable the Extended Protection for Authentication feature in AD FS 2.0
On a federation server, login using the Administrator account, open the Windows PowerShell command prompt, and then type the following command:
Set-ADFSProperties –ExtendedProtectionTokenCheck None
link: https://technet.microsoft.com/en-us/library/hh237448(v=ws.10)
0
0
Answer is D
Certain client browser software, such as Firefox, Chrome, and Safari, do not support the
Extended Protection for Authentication capabilities that can be used across the Windows
platform to protect against man-in-the-middle attacks. To prevent this type of attack from
occurring over secure AD FS communications, AD FS 2.0 enforces (by default) that all
communications use a channel binding token (CBT) to mitigate against this threat.
Note: Disable the extended Protection for authentication
To disable the Extended Protection for Authentication feature in AD FS 2.0
On a federation server, login using the Administrator account, open the Windows
PowerShell command prompt, and then type the following command:
Set-ADFSProperties –ExtendedProtectionTokenCheck None
Repeat this step on each federation server in the farm.
Reference: Configuring Advanced Options for AD FS 2.0
1
0
D was my initial thought. Always double-check the answers. Aside from some answers being false, you also actually learn something that you’re supposed to know after taking the exams.
0
0
Excellent, what a web site it is! This web site provides helpful data to us, keep it up.|
0
0
I have the premium file and believe me, you learn a lot more from this site than from any premium file you can buy.
0
0