web flashcards Preview

70-411 mcsa Windows Server 2012 R2 > web flashcards > Flashcards

Flashcards in web flashcards Deck (139):
1

DirectAccess was introduced with which workstation/server pair?

Windows 7/Windows Server 2008 R2

2

What kind of connectivity does DirectAccess establish between workstation and server?

bi-directional

3

What type of server is the network location server (NLS)?

web

4

What does the acronym ISATAP stand for?

Intra-Site Automatic Tunnel Addressing Protocol

5

What utility do you use to configure DirectAccess?

Remote Access Management Console

6

Windows Server 2012 varies from the Windows Server 2008 R2 implementation in that it does not require which one of the following?

two consecutive public IP addresses

7

What is the most basic requirement for a DirectAccess implementation?

The DirectAccess server must be part of an Active Directory domain.

8

If the client cannot reach the DirectAccess server using 6to4 or Teredo tunneling, the client tries to connect using what protocol?

IP-HTTPS

9

What does the netsh namespace show policy command do?

determines the results of network location detection and the IPv6 addresses of the intranet DNS servers

10

What kind of connectivity does DirectAccess provide between client computers and network resources?

seamless and always on

11

DirectAccess is for clients connected to which network?

Internet

12

How do the DirectAccess server and DirectAccess client authenticate each other?

computer and user credentials

13

Which one of the following operating systems may not act as a DirectAccess client?

Windows Server 2008

14

What kind of RADIUS server is placed between the RADIUS server and RADIUS clients?

a RADIUS proxy server

15

What process determines what a user is permitted to do on a computer or on a network?

authorization

16

What is a RADIUS server known as in Microsoft parlance?

Network Policy Server

17

Which ports do Microsoft RADIUS servers use officially?

1812 and 1813

18

When an access client contacts a VPN server or wireless access point, a connection request is sent to what system?

the NPS server

19

Which system, in a RADIUS infrastructure, handles the switchboard duties of relaying requests to the RADIUS server and back to the client?

the access server

20

What is the final step in the authentication, authorization, and accounting scenario between an access client and the RADIUS server?

an Accounting-Response to the access server

21

To configure RADIUS service load balancing, you must have more than one kind of what system per remote RADIUS server group?

RADIUS server

22

Which parameter specifies the order of importance of the RADIUS server to the NPS proxy server?

priority

23

Using what feature can streamline the creation and setup of RADIUS servers?

templates

24

What information does the Accounting-Start message contain?

the type of service and the user it's delivered to

25

Which system is the destination for Accounting-Start messages?

the RADIUS accounting server

26

What type of NPS authentication is recommended over password authentication?

certificate

27

Why is password-based authentication not recommended?

Usernames and passwords are sent in plain text.

28

Where do you get certificates for authentication purposes?

a certificate authority

29

An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?

who, when, and how

30

Which variable can be set to authorize or deny a remote connection?

group membership

31

The default connection request policy uses NPS as what kind of server?

RADIUS

32

Where is the default connection policy set to process all authentication requests?

locally

33

What is the last setting in the Routing and Remote Access IP settings?

how IP addresses are assigned

34

What command-line utility is used to import and export NPS templates?

netsh

35

To which type of file do you export an NPS configuration?

XML

36

When should you not use the command-line method of exporting and importing the NPS configuration?

when the source NPS database has a higher version number than the version number of the destination NPS database

37

Network policies determine what two important connectivity constraints?

who is authorized to connect AND the connection circumstances for connectivity

38

When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.

constraints

39

If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?

denies

40

Identify the correct NPS templates. Select all that apply.

Shared Secrets
Health Policies
RADIUS Clients

41

Which two of the following are Routing and Remote Access IP settings?

Client May Request an IP Address
Server Must Supply an IP Address

42

Which Routing and Remote Access IP setting is the default setting?

Server Settings Determine IP Address Assignment

43

Network Access Protection (NAP) is Microsoft's software for controlling network access of computers based on what?

a computer's overall health

44

Because NAP is provided by _________, you need to install _________ to install NAP.

NPS
NPS

45

DHCP enforcement is not available for what kind of clients?

IPv6

46

Identify two remediation server types.

Anti-virus/anti-malware servers
Software update servers

47

What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?

read-only

48

When you fully engage NAP for remediation enforcement, what mode do you place the policy in?

isolation

49

To verify a NAP client's configuration, which command would you run?

> netsh nap client show state

50

Which two components must a NAP client have enabled in order to use NAP?

Security Center
NAP Agent

51

Why do you need a web server as part of your NAP remediation infrastructure?

to provide user information in case of a compliance failure

52

Where do you look to find out which computers are blocked and which are granted access via NAP?

the NAP Server Event Viewer

53

Health policies are in pairs. What are the members of the pair? Select two.

NAP-compliant
NAP-noncompliant

54

You should restrict access only for clients that don't have all available security updates installed if what situation exists?

the computers are running Windows Update

55

What happens to a computer that isn't running Windows Firewall?

The computer is isolated.

56

Health policies are connected to what two other policies?

network policies
connection request policies

57

To use the NAP-compliant policy, the client must do what?

pass all SHV checks

58

Which computers are not affected by VPN enforcement?

locally connected computers

59

What is the default authentication protocol for non-domain computers?

NTLM

60

What does the acronym NTLM stand for?

NT LAN Manager

61

Role seizure is performed using the ________ command

NTDSUTIL

62

FSMO role change process where the original role-holder DC is down

seizure

63

FSMO role change process where the original role-holder DC is running

transfer

64

Which of the FSMO roles ideally should not be on a Global Catalog server?

Infrastructure master

65

Every additional domain in the forest adds how many domain-wide roles?

three (which)

66

A forest with one domain has how many operations master roles?

five (which)

67

True or False. Only one domain controller in the domain or forest performs each FSMO role.

true

68

Which FSMO role updates group membership changes?

Infrastructure Master

69

Which FSMO role tracks, moves, and renames objects and also updates references from objects in its domain to objects in other domains?

Infrastructure Master

70

Which FSMO role is responsible for updating changes made to objects?

Infrastructure Master

71

Which FSMO role acts as a focal point for all Group Policy changes to avoid Group Policy object conflicts?

PDC Emulator

72

Which FMSO role acts as the domain master browser, creating browse lists of workgroups, domains, and servers?

PDC Emulator

73

Which FSMO role replicates password changes within a domain?

PDC Emulator

74

Which FSMO role acts like a Windows NT 4.0 Primary Domain Controller (PDC) and performs other tasks normally associated with NT domain controllers.

PDC Emulator

75

True or False. RIDs (and SIDs) can be reused.

False

76

This is created for a new security principal by combining the RID with the domain ID

Security Identifier SID

77

What is RID?

Relative ID

78

Which FSMO role allocates pools or blocks of numbers (called relative IDs or RIDs) that are used by the domain controller when creating new security principals (such as user, group, or computer accounts).

RID Master

79

True or False. The domain naming master is essential in a single-domain environment.

False

80

Which FSMO role adds new domains to and removes existing domains from the forest.

Domain Naming Master

81

True or False. All other domain controllers hold read-only replicas of the schema.

True

82

Only the _______ can perform write operations to the directory schema.

Schema Master

83

Schema updates are replicated from the schema master to _________ in the forest.

Domain Controllers

84

How many schema masters do you have in a forest?

one

85

Which FSMO role maintains the Active Directory schema for the forest?

Schema Master

86

True or False. Having a single operations master means that the master role owner does not have to be available to make directory changes associated with that specific operations master role.

False

87

True or False. Having a single operations master means that the role owner must be available when dependent activities in the enterprise or domain take place.

True

88

A domain controller that performs an operations master role is known as

Operations master

89

Term for specialized domain controller tasks assigned to a domain controller in the domain or forest

FSMO Roles

90

What does FSMO stand for?

Flexible Single Master Operation

91

What does RADIUS stand for?

Remote authentication dial-in user service

92

What limitations does NPS installation have?

Cant be installed on Failover Cluster or server core?

93

What role or feature allows RADIUS?

Network Policy and Access Server

94

What is considered a client of a RADIUS Server?

A VPN Server is a client because it uses the authorization and authentication services.

95

What authentication protocol is used for smart card suppart?

Extensible Authentication Protocol(EAP)

96

What authentication protocol uses your password as authentication?

MS-CHAPv2

97

How do priority and weight work in RADIUS?

Low priority wins and higher weight is more likely to be used.

98

What are the 4 RADIUS Accounting modes?

SQL Only
Text Logging
Parralel(SQL and Tex)
SQL with backup

99

What certificates does a NPS server need?

Workstation authentication for the client computer and server authentication for the NPS server.

100

Where in Group Policy would you auto enroll clients for the workstation authentication cert?

Computer Config\Policies\Windows Settings\Security Settings\Public Key Policies.

101

What are connection request policies?

defines which connections are processed by the NPS Server and which are processed on a remote RADIUS Server.

102

What are network policies?

define who is allowed to connect to the network, how they are authenticated, and what access is permitted.

103

What happens to existing NPS templates when you import a new one?

It replaces any existing templates with those in the imported XML file.

104

What must you do after you import a NPS configuration?

You must reconfigure SQL Server Logging.

105

How can you Export/Import NPS Configuration?

The NPS console
or
Export-NPSConfiguration
Import-NPSConfiguration

106

What group do you add RRAS to to activate in AD?

RAS and IAS Servers security group.

107

How can you export NPS templates?

You Rclick on Templates Management - it exports ALL the templates

108

Where in NPS can you specify whether the server is going to be a Radius Server vs a Radius Proxy?

When you configure New Connection Request Policy on the Authentication settings.

For a Radius server you 'authenticate requests on this server'

For a proxy you 'Forward requests to the following remote RADIUS server group for authentication'

109

Should you Grant or Deny access a network policy for remediation?

Grant. Deny would prevent access to the remediation server. You are Granting/Denying access to the Remediation server NOT to the network.

110

Where on the NPS Console can you force accounting requests to a specific NPS/RADIUS Server?

Under Settings of a Connection Request Policy

111

What are the possible common Framed Protocols?

PPP
SLIP

112

Which servers of an NPS configuration are available on the restricted network?

Remediation

113

Where must the certificate be located if it was issued by a 3rd Party?

Personal under Certificates(Local) on the NPS Server

114

What PS Command will add a new RADIUS Server?

> Add-RemoteAccessRadius

115

What command will disconnect a specific VPN connection by a user or computer?

Disconnect-VPNUser

116

What role must be installed to deploy a VPN?

Remote Access

117

To enable HRA automatic discovery, what registry key must be created and /or set on the clients that are domain members?

EnableDiscovery at HKLM/SOFTWARE/Policies/Microsoft\NetworkAccessProtection\ClientConfig\Enroll\HcsGroups

118

What PS Command disconnect a site-to-site interface that is connected?

> Disconnect-VpnS2SInterface

119

What three settings can you export and import to a new NPS server when you need to deploy a second NPS server that will be configured the same as the first?

-Network Policies
-Connection Request Policies
-Radius Clients

120

PS command to set VPN Authentication type

> Set-VPNAuthType

121

To what two destinations can a RADIUS proxy forward connection attempts from RADIUS clients for further routing?

to Another Radius Proxy or to a Radius Server

122

Which component of NPS defines configuration requirements for computers that attempt to connect to your network?

System Health Validators(SHVs)

123

When a VPN server does not perform authentication and uses a RADIUS server, how should the VPN server be configured?

Solely as a RADIUS Proxy

124

What PowerShell cmdlet is used to set the authentication method for incoming site-to-site (S2S) VPN interfaces?

> Set-VPNAuthProtocol

125

What is a reason you would NOT automatically generate a shared secret in a Shared Secrets NPS template?

Not all clients support long Shared Secrets

126

What is the only server that requires a certificate when using PEAP-MS-CHAP v2?

The server that performs authentication(Either RADIUS or Network Access Server)

127

Which sections(s) in the NPS console will you use to create policies used with Network Access Protection (NAP) that designate the requirements of computers with regard to their health (such as security patches) before they are allowed to connect to the network?

Health Policies

128

Which sections(s) in the NPS console will you use to define conditions under which computers can connect to the network and in which scenarios those policies apply?

Network Policies

129

For which authentication methods does the NAP enforcement for 802.1x require you to deploy a PKI?

PEAP-TLS

130

Which sections(s) in the NPS console will you use to define network access servers, wireless access points, or any other 802.1x compatible device that controls access to the network that needs to have its authentication requests processed by the RADIUS server?

Radius Clients

131

Which NAP enforcement method does not require a certificate on the NPS server?

NAP for DHCP

132

What PowerShell cmdlet modifies the configuration that is common to both DirectAccess (DA) and VPN, such as SSL certificate, internal interface, and Internet interface?

> Set-RemoteAccess

133

Which four different types of network access servers can be RADIUS clients?

Wireless Access Points
802.1x authenticating Switches
Dial-in Servers
VPN Servers
Terminal Services Gateway server

134

When an NPS server has a certificate issue by a third party, where must that certificate be located?

In the Personal store of the Certicates(Local) on the NPS server itself.

135

What is exported when you export the entire NPS Configuration?

Radius Clients
Radius Servers
Network Policies
Connection Request Policies,
Registry,
Logging Info(But not SQL Logging info)

136

Where do templates apply to?

Any server with the template assigned. If a template is changed on one NPS, it applies to all NPSs with that template.

137

What configuration elements use templates?

Radius Shared Secret
Radius Clients
Remote Radius servers
IP Filters
Health Policies
Remediation Server Groups

138

What are the 3 NPS migration picadilos?

-2003 SP2 or >
-No cross languages
-You can migrate 32 to 64bit.

139

What is the name of the IAS/NPS Migration tool?

IASMIGREADER.exe