DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two servers
named Server1 and Server3. The network contains a standalone server named Server2.All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.
Server3 hosts an application named App1. App1 is accessible internally by using the URL https://
app1.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access App1.
What should you do?
To answer, drag the appropriate servers to the correct actions. Each server may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Answer: 
Explanation:
Box 1: Server1
For all types of application that you can publish using AD FS preauthentication, you must add a AD FS relying
party trust to the Federation Service.
Use Server1 as it has AD FS.
Box 2: Server2
When publishing applications that use Integrated Windows authentication, the Web Application Proxy server
uses Kerberos constrained delegation to authenticate users to the published application.
Box 3: Server2
To publish a claims-based application
1. On the Web Application Proxy server, in the Remote Access Management console, in the Navigation pane,
click Web Application Proxy, and then in the Tasks pane, click Publish.
2. On the Publish New Application Wizard, on the Welcome page, click Next.
Etc.
Box 4: Server2
Configure CAs and certificates (see c below)
Web Application Proxy servers require the following certificates in the certificate store on each Web Application
Proxy server:
a) A certificate whose subject covers the federation service name. If you want to use Workplace Join, the
certificate must also contain the following subject alternative names (SANs): <federation service
name>.<domain> and enterpriseregistration.<domain>.
b) A wildcard certificate, a subject alternative name (SAN) certificate, several SAN certificates, or several
certificates whose subjects cover each web application.
c) A copy of the certificate issued to external servers when using client certificate preauthentication.
Install and Configure the Web Application Proxy Server; Planning to Publish Applications Using
Web Application Proxy; Publish Applications using AD FS Preauthentication
Correct!
Quote:
“Amr Eid
September 26, 2017 at 11:29 pm
Box 1: Server1
For all types of application that you can publish using AD FS preauthentication, you must add a AD FS relying party trust to the Federation Service. Use Server1 as it has AD FS.
Box 2: Server2
When publishing applications that use Integrated Windows authentication, the Web Application Proxy server uses Kerberos constrained delegation to authenticate users to the published application.
Box 3: Server2
To publish a claims-based application
1. On the Web Application Proxy server, in the Remote Access Management console, in the Navigation pane, click Web Application Proxy, and then in the Tasks pane, click Publish.
2. On the Publish New Application Wizard, on the Welcome page, click Next.
Etc.
Box 4: Server2
Configure CAs and certificates”
0
0