70-411 Test Bank, Lesson 13 Configuring NPS Policies15 Multiple Choice 6 Short Answer 3 Best Answer 3 Build List 4 Repeated Answer 31 questions Multiple Choice 1. An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity? a. who, what, and where b. who, when, and how c. who, when, and where d. who, how, and how long Answer: b Difficulty: Medium Section Ref: Managing NPS Policies Explanation: A Network Policy Server (NPS) policy is a set of permissions or restrictions that are used by remote access authenticating servers that determine who, when, and how a client can connect to a network. 2. Which variable can be set to authorize or deny a remote connection? a. group membership b. bandwidth limitations c. corporate status d. job role Answer: a Difficulty: Medium Section Ref: Managing NPS Policies Explanation: With the remote access policies, connections can be authorized or denied based on group membership. 3. The default connection request policy uses NPS as what kind of server? a. DNS Active Domain controller c. 5. how IP addresses are assigned Answer: d Difficulty: Hard Section Ref: IP Addressing Explanation: The last setting in the Routing and Remote Access is IP settings. What command-line utility is used to import and export NPS templates? a. in a separate database Answer: c Difficulty: Medium Section Ref: Configuring Connection Request Policies Explanation: The default connection request policy uses NPS as a RADIUS server and processes all authentication requests locally. on the domain controller b. If you do not want the NPS server to act as a RADIUS server and process connection requests locally. which DHCP server will supply the requests c. at the RADIUS proxy server c. net .b. 4. msconfig d. netsh c. RADIUS Answer: d Difficulty: Medium Section Ref: Configuring Connection Request Policies Explanation: The default connection request policy uses NPS as a RADIUS server. Where is the default connection policy set to process all authentication requests? a. RRAS d. which specify how IP addresses are assigned. What is the last setting in the Routing and Remote Access IP settings? a. you can delete the default connection request policy. which NPS server to connect to d. you can delete the default connection request policy. If you do not want the NPS server to act as a RADIUS server and process connection requests locally. the number of assigned IP addresses b. 6. dnscmd b. locally d. when your network policy forbids the export of the NPS configuration Answer: b Difficulty: Medium Section Ref: Exporting and Importing the NPS Configuration Including NPS Policies Explanation: Do not use the command-line export/import procedure if the source NPS database has a higher version number than the version number of the destination NPS database. including RADIUS clients and servers. when the source NPS server and target NPS servers are different revisions of Windows Server d. TXT b. 7. when the source NPS server and target NPS servers are on different IP subnets b. DOC c. connection request policy. When should you not use the command-line method of exporting and importing the NPS configuration? a. Network policies determine what two important connectivity constraints? a. the DHCP server for the connection c. from one NPS server for import on another NPS server by using the netsh command. and “file” is the name of the XML file that you want to save. and logging configuration. 8.Answer: b Difficulty: Medium Section Ref: Exporting and Importing the NPS Configuration Including NPS Policies Explanation: You can export the entire NPS configuration. XML d. the DNS server for the connection d. when the source NPS database has a higher version number than the version number of the destination NPS database c. who is authorized to connect b. NPS Answer: c Difficulty: Medium Section Ref: Exporting and Importing the NPS Configuration Including NPS Policies Explanation: “Path” is where you want to save the NPS server configuration file. the connection circumstances for connectivity Answer: a and d Difficulty: Easy . 9. registry. network policy. To which type of file do you export an NPS configuration? a. what does the Remote Access server do to the connection? a. retries b. 10. the server checks any _______________ that have been configured for the policy. RADIUS Clients Answer: a. and d Difficulty: Hard Section Ref: Exporting and Importing Templates . Select all that apply.Section Ref: Managing NPS Policies Explanation: Network policies establish sets of conditions. denies d. c. options d. a. When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt. the Remote Access server denies the connection. 12. Health Policies d. realms b. NPS Filters c. and settings that specify who is authorized to connect to the network and the circumstances under which they can or cannot connect. accepts c. constraints c. locks Answer: c Difficulty: Easy Section Ref: Configuring Network Policies Explanation: If the connection attempt does not match any configured constraints. If a remote connection attempt does not match any configured constraints. a. Shared Secrets b. it checks any constraints that have been configured for the policy. 11. permissions Answer: b Difficulty: Medium Section Ref: Configuring Network Policies Explanation: When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt. Identify the correct NPS templates. constraints. 15. Client May Request an IP Address c. IP Filters. Which Routing and Remote Access IP setting is the default setting? a. 13. 14. Which two of the following are Routing and Remote Access IP settings? a. No Encryption Answer: c Difficulty: Easy Section Ref: Encryption Explanation: For dial-up and Point-to-Point Tunneling Protocol (PPTP) virtual private network connections.Explanation: The following NPS template types are available for configuration in Templates Management: Shared Secrets. MPPE 56-Bit c. Which of the following is the strongest type of encryption? a. Remote RADIUS Servers. RADIUS Clients. and Remediation Server Groups. Server Settings Determine IP Address Assignment c. For L2TP/IPsec VPN connections. Server Must Connect to the Assigned Realm d. Short Answer . Client May Request a Specific DNS Server Answer: b Difficulty: Hard Section Ref: IP Addressing Explanation: By default. Server Must Supply an IP Address d. Health Policies. 168-bit Triple Data Encryption Standard (Triple DES) encryption is used. Server Must Request an IP Address b. MPPE 40-Bit b. Assign a Static IP Address b. MPPE 128-Bit d. Microsoft Point-to-Point Encryption (MPPE) is used with a 128bit key. the IP settings are set to Server Settings Determine IP Address Assignment. Client Must Supply an IP Address Answer: b and c Difficulty: Hard Section Ref: IP Addressing Explanation: IP settings include the following options: Server Must Supply an IP Address and Client May Request an IP Address. you have to specify the order in which the policies are evaluated from top to bottom. NPS network policy evaluates remote connections based on what three components? Answer: Conditions. or type of connection Difficulty: Medium Section Ref: Managing NPS Policies Explanation: With the remote access policies. and Health policies Difficulty: Medium Section Ref: Managing NPS Policies Explanation: NPS provides three types of policies: Connection request policies. NPS network policies should be ordered so that more specific policies are higher in the list. Constraints. Network policies. 19. and less specific policies are lower in the list. and many other variables. and Settings. and Settings Difficulty: Medium Section Ref: Configuring Network Policies Explanation: An NPS network policy evaluates remote connections based on the following three components: Conditions.16. it stops processing additional policies. Constraints. What is Bandwidth Allocation Protocol (BAP) used for? Answer: BAP is used for combining multiple ISDN channels into a single one for increased bandwidth. because as soon as the RRAS server finds a match. type of connection. Network policies. 17. Where should specific NPS network policies be placed in the policies list? Answer: Near the top of the list (with less specific ones near the bottom) Difficulty: Hard Section Ref: Configuring Network Policies Explanation: For multiple NPS network policies. As a best practice. connections can be authorized or denied based on user attributes. Answer: (only need three) user attributes. group membership. time of day. and Health policies. time of day. group membership. What three types of policies does NPS provide? Answer: Connection request policies. 18. List any three variables that can be set to either authorize or deny remote access. . 20. Placing these policies in the correct order is important. Difficulty: Medium Section Ref: IP Filters Explanation: IP filters allow you to control which packets are allowed through the network connection based on IP address.Difficulty: Medium Section Ref: Multilink and Bandwidth Allocation Explanation: With multilink and Bandwidth Allocation Protocol (BAP) settings. You then click the New button to specify the source network or destination network. to test connectivity before applying an encryption scheme c. What do IP filters allow you to control? Answer: IP filters allow you to control which packets are allowed through the network based on IP address. You also can specify how BAP determines when these extra lines are dropped. the TCP/IP port of the requestor Answer: a Difficulty: Medium Section Ref: Configuring Connection Request Policies . RADIUS Access-Request messages are processed or forwarded by NPS only if the settings of the incoming message match what on the NPS server? a. By clicking the Input Filters or Output Filters for IPv4 or IPv6. Why is there a No Encryption option for network connections? a. 23. to allow certain trusted connections to remain unencrypted Answer: a Difficulty: Medium Section Ref: Encryption Explanation: The No Encryption option allows unencrypted connections that match the remote access policy conditions. Clear this option to require encryption. to allow for third-party encryption programs that might be incompatible with native encryption d. you can specify whether multiple connections form a single connection to increase bandwidth. one of the connection request policies b. the time zone of the requestor c. Best Answer 22. you can specify to permit or not permit packets. the client type of the requestor d. to accommodate devices (clients) that don’t support encryption b. 21. Network Access Policy is part of which larger scope NPS policy? a. a. Remote Access server checks the conditions in the first configured NPS network policy. c. Health d. a. e. which specifies whether connections matching the policy should be allowed or denied. as defined by the policy. b. Every remote access policy has an Access Permissions setting. Realm Answer: c Difficulty: Hard Section Ref: Managing NPS Policies Explanation: Health policies establish one or more system health validators (SHVs) and other settings that enable you to define client computer configuration requirements for computers capable of Network Access Policy (NAP) that attempt to connect to your network. 26. Order the following steps required to create a connection request policy. The Remote Access server accepts or denies the connection based on Access Permissions configured for the policy.Explanation: RADIUS Access-Request messages are processed or forwarded by NPS only if the settings of the incoming message match at least one of the connection request policies configured on the NPS server. The Remote Access server checks the configured NPS network policies. Build List 25. the remote access server will either allow or deny the connection and configure additional settings. Order the following actions that take place when a user attempts to connect to a remote access server. . Network c. Connection request b. 24. Answer: B E D A C Difficulty: Medium Section Ref: Configuring Network Policies Explanation: If the conditions and constraints defined by the connection attempt match those configured in the network policy. The user initiates a remote access connection. Health policies are used only with NAP. c. Select the authentication method. Select the type of network access server. Specify the Realm name or RADIUS attribute. b. d. The Remote Access server checks any constraints that have been configured for the policy. b. Repeated Answer 28. At the netsh prompt. Open Server Manager > Tools > Network Policy Server.xml file to the target server. a. 27. Name the Policy. . What character string makes up the telephone number of the network access server (NAS)? a. Specify conditions (such as Tunnel Type).d. Answer: F A C E D B Difficulty: Medium Section Ref: Exporting and Importing the NPS Configuration Including NPS Policies Explanation: Refer to the steps to Export and Import the NPS Configuration. e. e. Answer: F D E C G B A Difficulty: Medium Section Ref: Configuring Connection Request Policies Explanation: Refer to the steps outlined in Create a Connection Request Policy. Open a command prompt on the source server and start an netsh interactive session.xml”. d. At the netsh nps prompt. and then click New Connection Request Policy. Order the steps to export and import the NPS configuration using the netsh command. type export filename=”path\file. Open a command prompt on the target server and start an interactive netsh nps session. When the export is complete. f. Right-click Connection Request Policies. enter nps. Client Friendly Name d. Called Station ID Answer: d Difficulty: Hard Section Ref: Configuring Connection Request Policies Explanation: The Called Station ID specifies a character string that is the telephone number of the network access server. Enter import filename=”path\file. g. Identity Type b. copy the file. Calling Station ID c. f. c.xml” exportPSK=YES. Calling Station ID c. . What character string attribute designates the phone number used by the access client? a. Identity Type b. Identity Type b. Called Station ID Answer: b Difficulty: Hard Section Ref: Configuring Connection Request Policies Explanation: The Calling Station ID designates the phone number used by the caller (the access client). 30. What is the name of the RADIUS client computer that requests authentication? a. Called Station ID Answer: a Difficulty: Hard Section Ref: Configuring Connection Request Policies Explanation: The Identity Type is used to restrict the policy to only clients that can be identified through the special mechanism such as NAP statement of health (SoH). You can use pattern-matching syntax to specify area codes. Client Friendly Name d. Calling Station ID c. 31. Identity Type b. Called Station ID Answer: c Difficulty: Hard Section Ref: Configuring Connection Request Policies Explanation: The Client Friendly Name designates the name of the RADIUS client computer that requests authentication. This attribute is a character string. Client Friendly Name d. Calling Station ID c.29. What is used to restrict the policy only to clients that can be identified through the special mechanism such as a NAP statement of health? a. Client Friendly Name d.