READ Free Dumps For Microsoft- 70-411
| Question ID 14097 | Your network contains an Active Directory domain named contoso.com. The domain |
| Option A | A network policy that uses Microsoft Protected EAP (PEAP) authentication |
| Option B | A network policy that uses EAP-MSCHAP v2 authentication |
| Option C | A connection request policy that uses EAP-MSCHAP v2 authentication |
| Option D | A connection request policy that uses MS-CHAP v2 authentication |
| Option F | Answer : C Explanation: 802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods: ✑ EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. ✑ EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based security environments, and it provides the strongest authentication and key determination method. ✑ EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication. ✑ PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols. Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following: ✑ The time of day and day of the week ✑ The realm name in the connection request ✑ The type of connection being requested ✑ The IP address of the RADIUS client |
| Correct Answer | C |
| Question ID 14098 | Your network contains two Active Directory forests named adatum.com and contoso.com. You need to ensure that connection requests from adatum.com users are forwarded to |
| Option A | The Authentication settings |
| Option B | The Standard RADIUS Attributes settings |
| Option C | The Location Groups condition |
| Option D | The Identity Type condition |
| Option E | The User Name condition |
| Option F | Answer : A,E Explanation: The User Name attribute group contains the User Name attribute. By using this attribute, you can designate the user name, or a portion of the user name, that must match the user name supplied by the access client in the RADIUS message. This attribute is a character string that typically contains a realm name and a user account name. You can use pattern- matching syntax to specify user names.
By using this setting, you can override the authentication settings that are configured in all network policies and you can designate the authentication methods and types that are required to connect to your network. Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access- Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy
Connection request policies are sets of conditions and profile settings that give network administrators flexibility in configuring how incoming authentication and accounting request messages are handled by the IAS server. With connection request policies, you can create a series of policies so that some RADIUS request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS server) and other types of messages are forwarded to another RADIUS server (IAS is being used as a RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios. With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on the time of day and day of the week, by the realm name in the request, by the type of connection being requested, by the IP address of the RADIUS client, and so on. References:
|
| Correct Answer | A,E |
