An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?
answer
who, when, and how
question
Which variable can be set to authorize or deny a remote connection?
answer
group membership
question
The default connection request policy uses NPS as what kind of server?
answer
RADIUS
question
Where is the default connection policy set to process all authentication requests?
answer
locally
question
What is the last setting in the Routing and Remote Access IP settings?
answer
how IP addresses are assigned
question
What command-line utility is used to import and export NPS templates?
answer
netsh
question
To which type of file do you export an NPS configuration?
answer
XML
question
When should you not use the command-line method of exporting and importing the NPS configuration?
answer
when the source NPS database has a higher version number than the version number of the destination NPS database
question
Network policies determine what two important connectivity constraints?
answer
who is authorized to connect
the connection circumstances for connectivity
question
When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.
answer
constraints
question
If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
answer
denies
question
Identify the correct NPS templates. Select all that apply.
answer
Shared Secrets
RADIUS Clients
Health Policies
question
Which two of the following are Routing and Remote Access IP settings?
answer
Client May Request an IP Address
Server Must Supply an IP Address
question
Which Routing and Remote Access IP setting is the default setting?
answer
Settings Determine IP Address Assignment
question
Which of the following is the strongest type of encryption?
answer
MPPE 128-Bit
question
Select all variables that can be set to either authorize or deny remote access.
answer
All of the above
question
Select three types of policies that NPS provides.
answer
Network policies
request policies
Health policies
question
NPS network policy evaluates remote connections based on what three components?
answer
Settings
Constraints
Conditions
question
Where should specific NPS network policies be placed in the policies list?
answer
Near the top of the list (with less specific ones near the bottom)
question
Bandwidth Allocation Protocol (BAP) used for combining multiple ISDN channels into a single one for increased bandwidth
answer
True
question
IP filters allow you to control which packets are allowed through the network based on IP address.
answer
True
question
Order the following actions that take place when a user attempts to connect to a remote access server
answer
The user initiates a remote access connection
Remote Access server checks the conditions in the first configured NPS network policy
The Remote Access server checks the configured NPS network policies
The Remote Access server checks any constraints that have been configured for the policy
The Remote Access server accepts or denies the connection based on Access Permissions configured for the policy
question
Why is there a No Encryption option for network connections?
answer
to accommodate devices (clients) that don't support encryption
question
RADIUS Access-Request messages are processed or forwarded by NPS only if the settings of the incoming message match what on the NPS server?
answer
one of the connection request policies
question
What character string makes up the telephone number of the network access server (NAS)?
answer
Called Station ID
question
Network Access Protection (NAP) is Microsoft's software for controlling network access of computers based on what?
answer
a computer's overall health
question
Because NAP is provided by _________, you need to install _________ to install NAP.
answer
NPS, NPS
question
DHCP enforcement is not available for what kind of clients?
What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
answer
read-only
question
When you fully engage NAP for remediation enforcement, what mode do you place the policy in?
answer
isolation
question
To verify a NAP client's configuration, which command would you run?
answer
netsh nap client show state
question
Which two components must a NAP client have enabled in order to use NAP?
answer
Security Center
NAP Agent
question
Why do you need a web server as part of your NAP remediation infrastructure?
answer
to provide user information in case of a compliance failure
question
Where do you look to find out which computers are blocked and which are granted access via NAP?
answer
the NAP Server Event Viewer
question
Health policies are in pairs. What are the members of the pair? Select two.
answer
NAP-noncompliant
NAP-compliant
question
You should restrict access only for clients that don't have all available security updates installed if what situation exists?
answer
the computers are running Windows Update
question
What happens to a computer that isn't running Windows Firewall?
answer
The computer is isolated
question
Health policies are connected to what two other policies?
answer
connection request policies
network policies
question
To use the NAP-compliant policy, the client must do what?
answer
pass all SHV checks
question
Which computers are not affected by VPN enforcement?
answer
locally connected computers
question
Noncompliant systems become compliant by the DHCP server allowing restricted access to the remediation servers only.
answer
True
question
DHCP enforcement is the strongest NAP enforcement method.
answer
False
question
A remediation server is a server in the domain that supplies other computers with anti-virus software updates, patches, and so on so that all computers can maintain compliance
answer
True
question
What does DHCP set a client's IP address and subnet mask to during isolation? Select all that apply.
answer
subnet mask is set to 255.255.255.255
IP address is set to 0.0.0.0
question
The Health Registration Authority (HRA) is a Windows Server 2012 computer that runs IIS and gathers certificates from a certificate authority for compliant computers
answer
True
question
Each computer's SHA generates a SHV when the status is updated
answer
True
question
When enabling NAP for DHCP scopes, how should you roll out the service?
answer
for individual DHCP scopes
question
What is the purpose of the System Health Agent (SHA)?
answer
to provide feedback on the status of system protection and updates
question
Order the following steps required to install the Network Policy Server.
answer
Choose Server Manager > Manage > Add Roles and Features.
Select Role-based or feature-based installation and select a server from the pool.
On the Server Roles page, select Network Policy and Access Services.
On the Select role services page, with the Network Policy Server selected, select Health Registration Authority.
Select Use the local CA to issue health certificates for this HRA server.
question
What is the default authentication protocol for non-domain computers?
answer
NTLM
question
What does the acronym NTLM stand for?
answer
NT LAN Manager
question
NTLM uses a challenge-response mechanism for authentication without doing what?
answer
sending a password to the server
question
What type of protocol is Kerberos?
answer
a secure network authentication protocol
question
Kerberos security and authentication are based on what type of technology?
answer
secret key
question
What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?
answer
5 minutes
question
Which three components make up a service principal name (SPN)?
answer
service class, host name, and port number
question
What happens if a client submits a service ticket request for an SPN that does not exist in the identity store?
answer
The client receives an access denied error
question
Which tool can you use to add SPNs to an account?
answer
ADSI Edit
question
What are the two restrictions for adding SPNs to an account?
answer
Domain Administrator privileges
local administrator privileges
the editor runs from the domain controller
question
Identify another utility that you can use to add SPNs to an account.
answer
setspn
question
What type of account is an account under which an operating system, process, or service runs?
answer
service
question
When creating accounts for operating systems, processes, and services, you should always configure them with what two things in mind?
answer
granting the least rights possible
using strong passwords
question
Name two benefits to using Managed Service Accounts (MSAs).
By default, which service accounts will the Windows PowerShell cmdlets manage?
answer
group MSAs
question
Kerberos is __________________ and __________________ than NTLM.
answer
More Secure, Complicated
question
For Kerberos to work properly systems need to be time synchronized within a certain amount of lapse using the time service.
answer
True
question
Select two ways that Kerberos authentication improves overall authentication performance.
answer
Double-hop authentication
Current ticket authentication
question
Double-hop authentication is where Kerberos forwards the authentication ticket from one service to another to prove authentication. (True or False)
answer
True
question
Double-hop authentication can be made more secure by using constrained delegation? (True or False)
answer
True
question
An identity is a user account, service account or a computer account. (True or False)
answer
False
question
What is the name by which a client uniquely identifies an instance of a service?
answer
service principal name
question
Before you can create an MSA object type, you must create what?
answer
a key distribution services root key
question
What service right does an MSA account automatically receive upon creation?
answer
log on as a service
question
Order the following steps required to use the SPN with a service.
answer
Open the ADSI Edit console
Connect to the domain
Expand Default Naming Context in the console tree, expand the domain, and then expand the nodes representing the OUs
Select the OU where the service account exists
Add SPN to the service account
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
