70-411 Free Practice Test

DRAG DROP - (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
All of the VPN servers on your network use Server1 for RADIUS authentication. You create a security group named Group1.
You need to configure Network Policy and Access Services (NPAS) to meet the following requirements:
✑ Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.
✑ Allow only the members of Group1 to establish a VPN connection to the VPN
servers if the members are using client computers that run Windows 8 or later. Which type of policy should you create for each requirement?
To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 2)
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers.
All domain users are configured to have a minimum password length of eight characters. You need to ensure that the minimum password length of the local user accounts on the
research servers in the ResearchServers OU is 10 characters.
What should you do?

1. A. Configure a local Group Policy object (GPO) on each research server.
2. B. Create and link a Group Policy object (GPO) to the ResearchServers OU.
3. C. Create a universal group that contains the research server
4. D. Create a Password Settings object (PSO) and assign the PSO to the group.
5. E. Create a global group that contains the research server
6. F. Create a Password Settings object (PSO) and assign the PSO to the group.

Correct Answer: B
For a domain, and you are on a member server or a workstation that is joined to the domain
1. Open Microsoft Management Console (MMC).
2. On the File menu, click Add/Remove Snap-in, and then click Add.
3. Click Group Policy Object Editor, and then click Add.
4. In Select Group Policy Object, click Browse.
5. In Browse for a Group Policy Object, select a Group Policy object (GPO) in the appropriate domain, site, or organizational unit--or create a new one, click OK, and then click Finish.
6. Click Close, and then click OK.
7. In the console tree, click Password Policy. Where?
Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy
8. In the details pane, right-click the policy setting that you want, and then click Properties.
9. If you are defining this policy setting for the first time, select the Define this policy setting check box.
10. Select the options that you want, and then click OK.

- (Topic 2)
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN. Which attributes should you add to Policy1?

1. A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
2. B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
3. C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
4. D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID

Correct Answer: C
VLAN attributes used in network policy
When you use network hardware, such as routers, switches, and access controllers that support virtual local area networks (VLANs), you can configure Network Policy Server (NPS) network policy to instruct the access servers to place members of Active Directory® groups on VLANs.
Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain Services (AD DS) that you want to assign to specific VLANs. Then when you run the New Network Policy wizard, add the Active Directory group as a condition of the network policy.
You can create a separate network policy for each group that you want to assign to a VLAN. For more information, see Create a Group for a Network Policy. When you configure network policy for use with VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-Group-ID, and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-Tag.
To configure these attributes in a network policy, use the New Network Policy wizard to create a network policy. You can add the attributes to the network policy settings while running the wizard or after you have successfully created a policy with the wizard.
✑ Tunnel-Medium-Type. Select a value appropriate to the previous selections you
made while running the New Network Policy wizard. For example, if the network policy you are configuring is a wireless policy, in Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format).
✑ Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which
group members will be assigned. For example, if you want to create a Sales VLAN for your sales team by assigning team members to VLAN 4, type the number 4.
✑ Tunnel-Type. Select the value Virtual LANs (VLAN).
✑ Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this attribute, obtain this value from your hardware documentation.

- (Topic 2)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active
Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning. What should you do?

1. A. In D:\\Windows\\NTDS\\, create an XML file named DCCloneConfig.xml and add the application information to the file.
2. B. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCIoneAllowList.xml.
3. C. In D:\\Windows\\NTDS\\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.
4. D. In C:\\Windows\\System32\\Sysprep\\Actionfiles\\, add the application information to an XML file named Respecialize.xml.

Correct Answer: C
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds. dit) on the source Domain Controller.
<>>>>

- (Topic 3)
Your network contains one Active Directory domain named contoso.com. You pilot DirectAccess on the network.
During the pilot deployment, you enable DirectAccess only (or a group named
Contoso\Test Computers.
Once the pilot is complete, you need to enable DirectAccess for all of the client computers in the domain.
What should you do?

1. A. From Windows PowerShell, run the Set-DAServer cmdlet.
2. B. From Remote Access Management Console, run the remote access Server Setup wizard.
3. C. From Group Policy Management, modify the security filtering of an object named Direct Access Server Setting Group Policy
4. D. From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.

Correct Answer: D
The simplified Direct Access wizard creates two GPOs and liks them to the domain: “DirectAccess Server Settings” contains Connection Security Settings and Firewall inboud rules for Direct Access. “DirectAccess Clients Settings” sets name resolution policy for NLS validation. Both GPOs have security filtering applied, with DirectAccess Clients Settings applied only to the DirectAccess enabled clients.
http://www.windowsecurity.com/articles-tutorials/Windows_Server_2012_Security/windows-server-2012-simplified-directaccess-wizard-overview-Part1.html