70-411 Test Bank, Lesson 13 Configuring NPS Policies

15 Multiple Choice
6 Short Answer
3 Best Answer
3 Build List
4 Repeated Answer
31 questions

Multiple Choice
1. An NPS policy is a set of permissions or restrictions that determine what three
aspects of network connectivity?
a. who, what, and where
b. who, when, and how
c. who, when, and where
d. who, how, and how long
Answer: b
Difficulty: Medium
Section Ref: Managing NPS Policies
Explanation: A Network Policy Server (NPS) policy is a set of permissions or
restrictions that are used by remote access authenticating servers that determine
who, when, and how a client can connect to a network.
2. Which variable can be set to authorize or deny a remote connection?
a. group membership
b. bandwidth limitations
c. corporate status
d. job role
Answer: a
Difficulty: Medium
Section Ref: Managing NPS Policies
Explanation: With the remote access policies, connections can be authorized or
denied based on group membership.
3. The default connection request policy uses NPS as what kind of server?
a. DNS

b. Active Domain controller

c. RRAS
d. RADIUS
Answer: d
Difficulty: Medium
Section Ref: Configuring Connection Request Policies
Explanation: The default connection request policy uses NPS as a RADIUS server. If
you do not want the NPS server to act as a RADIUS server and process connection
requests locally, you can delete the default connection request policy.
4. Where is the default connection policy set to process all authentication requests?
a. on the domain controller
b. at the RADIUS proxy server
c. locally
d. in a separate database
Answer: c
Difficulty: Medium
Section Ref: Configuring Connection Request Policies
Explanation: The default connection request policy uses NPS as a RADIUS server
and processes all authentication requests locally. If you do not want the NPS server
to act as a RADIUS server and process connection requests locally, you can delete
the default connection request policy.
5. What is the last setting in the Routing and Remote Access IP settings?
a. the number of assigned IP addresses
b. which DHCP server will supply the requests
c. which NPS server to connect to
d. how IP addresses are assigned
Answer: d
Difficulty: Hard
Section Ref: IP Addressing
Explanation: The last setting in the Routing and Remote Access is IP settings, which
specify how IP addresses are assigned.
6. What command-line utility is used to import and export NPS templates?
a. dnscmd
b. netsh
c. msconfig
d. net

Answer: b
Difficulty: Medium
Section Ref: Exporting and Importing the NPS Configuration Including NPS Policies
Explanation: You can export the entire NPS configuration, including RADIUS clients
and servers, network policy, connection request policy, registry, and logging
configuration, from one NPS server for import on another NPS server by using the
netsh command.
7. To which type of file do you export an NPS configuration?
a. TXT
b. DOC
c. XML
d. NPS
Answer: c
Difficulty: Medium
Section Ref: Exporting and Importing the NPS Configuration Including NPS Policies
Explanation: Path is where you want to save the NPS server configuration file, and
file is the name of the XML file that you want to save.
8. When should you not use the command-line method of exporting and importing
the NPS configuration?
a. when the source NPS server and target NPS servers are on different IP subnets
b. when the source NPS database has a higher version number than the version
number of the destination NPS database
c. when the source NPS server and target NPS servers are different revisions of
Windows Server
d. when your network policy forbids the export of the NPS configuration
Answer: b
Difficulty: Medium
Section Ref: Exporting and Importing the NPS Configuration Including NPS Policies
Explanation: Do not use the command-line export/import procedure if the source
NPS database has a higher version number than the version number of the
destination NPS database.
9. Network policies determine what two important connectivity constraints?
a. who is authorized to connect
b. the DHCP server for the connection
c. the DNS server for the connection
d. the connection circumstances for connectivity
Answer: a and d
Difficulty: Easy

Section Ref: Managing NPS Policies

Explanation: Network policies establish sets of conditions, constraints, and settings
that specify who is authorized to connect to the network and the circumstances
under which they can or cannot connect.
10. When the Remote Access server finds an NPS network policy with conditions
that match the incoming connection attempt, the server checks any _______________
that have been configured for the policy.
a. realms
b. constraints
c. options
d. permissions
Answer: b
Difficulty: Medium
Section Ref: Configuring Network Policies
Explanation: When the Remote Access server finds an NPS network policy with
conditions that match the incoming connection attempt, it checks any constraints
that have been configured for the policy.
11. If a remote connection attempt does not match any configured constraints, what
does the Remote Access server do to the connection?
a. retries
b. accepts
c. denies
d. locks
Answer: c
Difficulty: Easy
Section Ref: Configuring Network Policies
Explanation: If the connection attempt does not match any configured constraints,
the Remote Access server denies the connection.
12. Identify the correct NPS templates. Select all that apply.
a. Shared Secrets
b. NPS Filters
c. Health Policies
d. RADIUS Clients
Answer: a, c, and d
Difficulty: Hard
Section Ref: Exporting and Importing Templates

Explanation: The following NPS template types are available for configuration in
Templates Management: Shared Secrets, RADIUS Clients, Remote RADIUS Servers,
IP Filters, Health Policies, and Remediation Server Groups.
13. Which two of the following are Routing and Remote Access IP settings?
a. Server Must Request an IP Address
b. Client May Request an IP Address
c. Server Must Supply an IP Address
d. Client Must Supply an IP Address
Answer: b and c
Difficulty: Hard
Section Ref: IP Addressing
Explanation: IP settings include the following options: Server Must Supply an IP
Address and Client May Request an IP Address.
14. Which Routing and Remote Access IP setting is the default setting?
a. Assign a Static IP Address
b. Server Settings Determine IP Address Assignment
c. Server Must Connect to the Assigned Realm
d. Client May Request a Specific DNS Server
Answer: b
Difficulty: Hard
Section Ref: IP Addressing
Explanation: By default, the IP settings are set to Server Settings Determine IP
Address Assignment.
15. Which of the following is the strongest type of encryption?
a. MPPE 40-Bit
b. MPPE 56-Bit
c. MPPE 128-Bit
d. No Encryption
Answer: c
Difficulty: Easy
Section Ref: Encryption
Explanation: For dial-up and Point-to-Point Tunneling Protocol (PPTP) virtual private
network connections, Microsoft Point-to-Point Encryption (MPPE) is used with a 128bit key. For L2TP/IPsec VPN connections, 168-bit Triple Data Encryption Standard
(Triple DES) encryption is used.

Short Answer

16. List any three variables that can be set to either authorize or deny remote
access.
Answer: (only need three) user attributes, group membership, time of day, or type
of connection
Difficulty: Medium
Section Ref: Managing NPS Policies
Explanation: With the remote access policies, connections can be authorized or
denied based on user attributes, group membership, time of day, type of
connection, and many other variables.
17. What three types of policies does NPS provide?
Answer: Connection request policies, Network policies, and Health policies
Difficulty: Medium
Section Ref: Managing NPS Policies
Explanation: NPS provides three types of policies: Connection request policies,
Network policies, and Health policies.
18. NPS network policy evaluates remote connections based on what three
components?
Answer: Conditions, Constraints, and Settings
Difficulty: Medium
Section Ref: Configuring Network Policies
Explanation: An NPS network policy evaluates remote connections based on the
following three components: Conditions, Constraints, and Settings.
19. Where should specific NPS network policies be placed in the policies list?
Answer: Near the top of the list (with less specific ones near the bottom)
Difficulty: Hard
Section Ref: Configuring Network Policies
Explanation: For multiple NPS network policies, you have to specify the order in
which the policies are evaluated from top to bottom. Placing these policies in the
correct order is important, because as soon as the RRAS server finds a match, it
stops processing additional policies. As a best practice, NPS network policies should
be ordered so that more specific policies are higher in the list, and less specific
policies are lower in the list.
20. What is Bandwidth Allocation Protocol (BAP) used for?
Answer: BAP is used for combining multiple ISDN channels into a single one for
increased bandwidth.

Difficulty: Medium
Section Ref: Multilink and Bandwidth Allocation
Explanation: With multilink and Bandwidth Allocation Protocol (BAP) settings, you
can specify whether multiple connections form a single connection to increase
bandwidth. You also can specify how BAP determines when these extra lines are
dropped.
21. What do IP filters allow you to control?
Answer: IP filters allow you to control which packets are allowed through the
network based on IP address.
Difficulty: Medium
Section Ref: IP Filters
Explanation: IP filters allow you to control which packets are allowed through the
network connection based on IP address. By clicking the Input Filters or Output
Filters for IPv4 or IPv6, you can specify to permit or not permit packets. You then
click the New button to specify the source network or destination network.

Best Answer
22. Why is there a No Encryption option for network connections?
a. to accommodate devices (clients) that dont support encryption
b. to test connectivity before applying an encryption scheme
c. to allow for third-party encryption programs that might be incompatible with
native encryption
d. to allow certain trusted connections to remain unencrypted
Answer: a
Difficulty: Medium
Section Ref: Encryption
Explanation: The No Encryption option allows unencrypted connections that match
the remote access policy conditions. Clear this option to require encryption.
23. RADIUS Access-Request messages are processed or forwarded by NPS only if the
settings of the incoming message match what on the NPS server?
a. one of the connection request policies
b. the time zone of the requestor
c. the client type of the requestor
d. the TCP/IP port of the requestor
Answer: a
Difficulty: Medium
Section Ref: Configuring Connection Request Policies

Explanation: RADIUS Access-Request messages are processed or forwarded by NPS

only if the settings of the incoming message match at least one of the connection
request policies configured on the NPS server.
24. Network Access Policy is part of which larger scope NPS policy?
a. Connection request
b. Network
c. Health
d. Realm
Answer: c
Difficulty: Hard
Section Ref: Managing NPS Policies
Explanation: Health policies establish one or more system health validators (SHVs)
and other settings that enable you to define client computer configuration
requirements for computers capable of Network Access Policy (NAP) that attempt to
connect to your network. Health policies are used only with NAP.

Build List
25. Order the following actions that take place when a user attempts to connect to a
remote access server.
a. The Remote Access server checks any constraints that have been configured for
the policy.
b. The user initiates a remote access connection.
c. The Remote Access server accepts or denies the connection based on Access
Permissions configured for the policy.
d. The Remote Access server checks the configured NPS network policies.
e. Remote Access server checks the conditions in the first configured NPS network
policy.
Answer: B E D A C
Difficulty: Medium
Section Ref: Configuring Network Policies
Explanation: If the conditions and constraints defined by the connection attempt
match those configured in the network policy, the remote access server will either
allow or deny the connection and configure additional settings, as defined by the
policy. Every remote access policy has an Access Permissions setting, which
specifies whether connections matching the policy should be allowed or denied.
26. Order the following steps required to create a connection request policy.
a. Specify the Realm name or RADIUS attribute.
b. Select the authentication method.
c. Select the type of network access server.

d. Right-click Connection Request Policies, and then click New Connection Request
Policy.
e. Name the Policy.
f. Open Server Manager > Tools > Network Policy Server.
g. Specify conditions (such as Tunnel Type).
Answer: F D E C G B A
Difficulty: Medium
Section Ref: Configuring Connection Request Policies
Explanation: Refer to the steps outlined in Create a Connection Request Policy.
27. Order the steps to export and import the NPS configuration using the netsh
command.
a. At the netsh prompt, enter nps.
b. Enter import filename=path\file.xml.
c. At the netsh nps prompt, type export filename=path\file.xml exportPSK=YES.
d. Open a command prompt on the target server and start an interactive netsh nps
session.
e. When the export is complete, copy the file.xml file to the target server.
f. Open a command prompt on the source server and start an netsh interactive
session.
Answer: F A C E D B
Difficulty: Medium
Section Ref: Exporting and Importing the NPS Configuration Including NPS Policies
Explanation: Refer to the steps to Export and Import the NPS Configuration.

Repeated Answer
28. What character string makes up the telephone number of the network access
server (NAS)?
a. Identity Type
b. Calling Station ID
c. Client Friendly Name
d. Called Station ID
Answer: d
Difficulty: Hard
Section Ref: Configuring Connection Request Policies
Explanation: The Called Station ID specifies a character string that is the telephone
number of the network access server.

29. What character string attribute designates the phone number used by the
access client?
a. Identity Type
b. Calling Station ID
c. Client Friendly Name
d. Called Station ID
Answer: b
Difficulty: Hard
Section Ref: Configuring Connection Request Policies
Explanation: The Calling Station ID designates the phone number used by the caller
(the access client). This attribute is a character string. You can use pattern-matching
syntax to specify area codes.
30. What is used to restrict the policy only to clients that can be identified through
the special mechanism such as a NAP statement of health?
a. Identity Type
b. Calling Station ID
c. Client Friendly Name
d. Called Station ID
Answer: a
Difficulty: Hard
Section Ref: Configuring Connection Request Policies
Explanation: The Identity Type is used to restrict the policy to only clients that can
be identified through the special mechanism such as NAP statement of health (SoH).
31. What is the name of the RADIUS client computer that requests authentication?
a. Identity Type
b. Calling Station ID
c. Client Friendly Name
d. Called Station ID
Answer: c
Difficulty: Hard
Section Ref: Configuring Connection Request Policies
Explanation: The Client Friendly Name designates the name of the RADIUS client
computer that requests authentication.