Information Technology Reference
In-Depth Information
Answers
This section contains the solutions to the thought experiments and answers to the lesson
review questions in this chapter.
Objective 4.1: thought experiment
1. You can use the Configure VPN Or Dial-up Wizard to create both VPN and dial-up
connection request policies. The dial-up connection request policy works with a
separate dial-up network policy to limit users to only members of the Domain Admins
security group. It doesn't require a separate NPS server.
2. Configure a network policy for HR that uses their membership in the HR Users security
group to then limit access to only those authenticating with EAP Smart Card or other
certificate. Because HR staff have access to sensitive data, they should be required to
have TPM chips and BitLocker on their laptops, so by installing Windows 8 on their
laptops, they can use a virtual smart card.
Although it is certainly possible to implement this policy on a single server, distributing
it across multiple NPS servers enables you to have different policies for different Re-
mote RADIUS Server Groups. The initial client access is handled by the RADIUS proxy,
which distributes the load based on the priorities and weighting.
3.
Objective 4.1: review
Correct answer: A
1.
Correct . The Network Policy Server role service is required for all RADIUS
functionality.
A.
Incorrect . The Health Registration Authority (HRA) is used only with the NAP IPsec
enforcement method.
B.
Incorrect . The Host Credential Authorization Protocol is used only for integration
into a Cisco Network Access Control Server.
C.
Incorrect . The RRAS role service is now part of the Remote Access role, not NPS.
D.
 
Search WWH ::




Custom Search