PrepAway - Latest Free Exam Questions & Answers

You need to ensure that all users from the Internet are pre-authenticated before they can access App1

DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two
servers named Server1 and Server3. The network contains a standalone server named Server2.
All servers run Windows Server 2012 R2. The servers are configured as shown in the following table.

Server3 hosts an application named App1. App1 is accessible internally by using the URL
https://app1.contoso.com. App1 only supports Integrated Windows authentication.
You need to ensure that all users from the Internet are pre-authenticated before they can access
App1.
What should you do?
To answer, drag the appropriate servers to the correct actions. Each server may be used once, more
than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

PrepAway - Latest Free Exam Questions & Answers

Answer:

Explanation:
Box 1: Server1
For all types of application that you can publish using AD FS preauthentication, you must add a AD FS
relying party trust to the Federation Service.
Use Server1 as it has AD FS.
Box 2: Server2
When publishing applications that use Integrated Windows authentication, the Web Application
Proxy server uses Kerberos constrained delegation to authenticate users to the published
application.
Box 3: Server2
To publish a claims-based application
1. On the Web Application Proxy server, in the Remote Access Management console, in the
Navigation pane, click Web Application Proxy, and then in the Tasks pane, click Publish.
2. On the Publish New Application Wizard, on the Welcome page, click Next.
Etc.
Box 4: Server2

Configure CAs and certificates (see c below)
Web Application Proxy servers require the following certificates in the certificate store on each Web
Application Proxy server:
a) A certificate whose subject covers the federation service name. If you want to use Workplace Join,
the certificate must also contain the following subject alternative names (SANs): <federation service
name>.<domain> and enterpriseregistration.<domain>.
b) A wildcard certificate, a subject alternative name (SAN) certificate, several SAN certificates, or
several certificates whose subjects cover each web application.
c) A copy of the certificate issued to external servers when using client certificate preauthentication.

Install and Configure the Web Application Proxy Server; Planning to Publish Applications Using Web
Application Proxy; Publish Applications using AD FS Preauthentication


Leave a Reply