Net141: Unit 7:
A shared secret should include random uppercase and lowercase letters, numbers from 0 to 9, and symbols such as !, &, and @, as well as be a minimum length of 22 characters. What is the maximum length of a shared secret?
128
7.1.4
7.1.4
7.2.4
7.2.4
7.3.10
7.3.10
7.4.5
7.4.5
7.5.4
7.5.4
7.6.3
7.6.3
Which of the following best describes a network policy?
A set of conditions, constraints, and settings used to authorize which remote users and computers can or cannot connect to a network.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers run Windows Server 2016. All the clients run Windows 10. The network has one main office located in Dallas. All of the switches in Dallas are managed switches. You have decided to implement 802.1x authentication on the switches in Dallas. You configure the switches as RADIUS clients and issue computer certificates to the Network Policy Server (NPS) server and the client computers using a stand-alone root Certification Authority (CA) named CA1. You create an 802.3 wired policy on the NPS server requiring PEAP-MS-CHAP v2 authentication. After you implement the 802.3 wired policy, clients complain that they cannot connect to the network. You need to ensure that clients can connect to the network using 802.1x authentication with the minimum amount of administrative effort.
Add the certificate for CA1 to the Trusted Root Certification Authorities store on the client computers.
With RADIUS, network managers can centrally manage connection authentication, authorization, and accounting (sometimes referred to as AAA) for many types of network access, such as VPN or wireless access points. Which of the following options best describes authorization?
Allows users to use specific network services or connect to specific network resources.
Which of the following features are used by clients and provided by the RADIUS server? (Select three.)
Authentication Authorization Accounting
You manage the remote access solution for your network. Currently, you have 10 remote access servers named RA1 through RA10. A single RADIUS server named RA11 holds all network access policies for all remote access servers. Due to some recent changes, you decide to add a second RADIUS server, RA12, to your solution. Remote access connections should be directed to either RA11 or RA12 based on the characteristics of the connection. You decide to configure the RA13 server as a RADIUS proxy. Connection requests from RA1 through RA10 will be sent to RA13. All requests will then be forwarded to RA11 or RA12 based on the characteristics of the connection. Which of the following steps will be part of your configuration on RA13? (Select three. Each choice is a required part of the solution.)
Configure RA1 through RA10 as RADIUS clients to RA13. Configure connection request policies. Configure RADIUS server groups.
Your company has recently added a traveling sales force. To allow salesmen access to the network while traveling, you install two additional servers. You configure the servers (REM1 and REM2) as remote access servers to accept incoming calls from remote clients. You configure network access policies on each server. The solution is working fine, but you find that you must make constant changes to the remote access policies. You install the Network Policy and Access Services role on a third server (REM3). You configure network access policies on REM3. Following the installation, you verify that all clients can connect to REM1 and REM2. Then you delete the custom network access policies on both servers. Now, no clients can make a remote access connection. What should you do?
Configure REM1 and REM2 as REM3's RADIUS clients.
You are in charge of installing a remote access solution for your network. You decide you need a total of four remote access servers to service all remote clients. Because remote clients might connect to any of the four servers, you decide that each remote access server must enforce the exact same policies. You anticipate that the policies will change frequently. What should you do? (Select two. Each choice is a required part of the solution.)
Configure one of the remote access servers as a RADIUS server and all other servers as RADIUS clients. Configure network access policies on the RADIUS server.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers run Windows Server 2016. All the clients run Windows 10. You need to provide access to remote clients who belong to the Remote group. You install the Network Policy Server (NPS) on a server named VPN1 with the Routing and Remote Access role service. You configure VPN1 to act as a VPN server and add all of the user accounts to the Remote group. You configure a server named RADIUS1 with the NPS role. You configure VPN1 to be a RADIUS client of RADIUS1. You need to configure RADIUS1 to process authentication requests from VPN1. What should you do?
Create a connection request policy.
You manage the remote access solution for your network. Currently, you have 10 remote access servers named RA1 through RA10. A single RADIUS server named RA11 holds all network access policies for all remote access servers. Due to some recent changes, you decide to add two more RADIUS servers, RA12 and RA13, to your solution. Remote access authentication should be directed to any of the three servers so that the request load is balanced between them. You add RA14 to configure it as a RADIUS proxy. You configure RA1 through RA10 as RADIUS clients to RA14. Authentication requests will be received by RA14 and then directed to one of the three RADIUS servers. How should you complete the configuration of RA14? (Select two. Each choice is a required part of the solution.)
Create a single RADIUS server group with RA11, RA12, and RA13 as members of the group. Create a single connection request policy.
An NPS connection request policy must include at least one condition. These conditions must be met by the connecting device. Multiple conditions can be used for each connection request policy. Which of the following are available conditions? (Select two.)
Day and time restrictions Username
You decide to export your NPS configuration via PowerShell. Which cmdlet would you use to export the configuration?
Export-NpsConfiguration -Path C:\NPS_configurations\ config.xml
Network Policy Server (NPS) configurations include RADIUS clients and servers, policies, and accounting data. To reduce the time required to configure a new NPS server, the entire NPS configuration can be exported from one NPS server and then imported on another NPS server. While exporting NPS configurations, which of the following are true? (Select two.)
Exported NPS configurations will contain shared secrets. NPS configurations are as an xml file.
You are asked by your supervisor to export NPS configuration from a server. Your supervisor contacts you and tells you it is missing the log files. What must you do to provide your supervisor with the NPS log files?
Import the NPS configurations, then manually configure SQL Server Logging on the target machine.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers run Windows Server 2016. All the clients run Windows 10. You have a server named VPN1 that is configured to accept VPN connections from remote clients. VPN1 is configured as a RADIUS client of a server named RADIUS1. Management decides to implement remote access auditing. You need to track when each user is connected via remote access and how long the connection lasts. What should you do?
Install a RADIUS accounting server on RADIUS1.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers run Windows Server 2016. All the clients run Windows 10. There is one main office located in Chicago. The main office is protected from the internet by a perimeter network. A server named VPN1 located in the perimeter network provides VPN remote access for external clients. A server named NPS1 has the Network Policy Server (NPS) role installed and provides RADIUS services for VPN1. NPS1 is located in the perimeter network and is configured to use Active Directory for authentication requests. There are three domain controllers on the internal network. A new company policy requires that the firewall between the internal network and the perimeter network be configured to allow traffic only between specific IP addresses. The amount of internal servers that can be contacted from the perimeter network must be kept to a minimum. You need to configure remote access to minimize the number of servers on the internal network that can be contacted by servers on the perimeter network. Your solution should not impact the availability of remote access services. What should you do?
Move NPS1 to the internal network and implement a RADIUS proxy in the perimeter network.
You manage the remote access solution for your network. Currently, you have two remote access servers, RA1 and RA2, with an additional server, RA3, configured as a RADIUS server. You need to configure RA1 and RA2 to forward authentication requests to RA3. What should you do?
On RA1 and RA2, run Routing and Remote Access. Edit the properties of the server and configure it to use RA3 for authentication.
Which of the following are NPS and RADIUS template types? (Select four.)
Remote RADIUS servers IP filters RADIUS clients Shared secrets
You are the network administrator for your company. The Network Policy Server (NPS) is installed on your Windows 2016 server, and it is configured as a RADIUS server. You have decided that it would be best if you used NPS accounting. Which are valid options for storing the NPS log files? (Select two.)
SQL logging Text logging
What tool helps you minimize your workload and avoid errors when configuring RADIUS servers and clients?
Templates
A RADIUS server can be configured to provide centralized accounting, sometimes referred to as NPS logging. Which of the following is the preferred method for configuring logging and accounting for RADIUS?
The Accounting Configuration Wizard available from within the Network Policy Server console.
Which of the following are considered to RADUIS clients? (Select two.)
Wireless access points VPN servers