DRAG DROP
Your network contains an Active Directory forest named contoso.com. The forest contains a
Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1. VPN1
forwards all authentication requests to NPS1.
A partner company has an Active Directory forest named adatum.com. The adatum.com
forest contains an NPS server named NPS2.
You plan to grant users from adatum.com VPN access to your network.
You need to authenticate the users from adatum.com on VPN1.
What should you create on each NPS server?
To answer, drag the appropriate objects to the correct NPS servers. Each object may be
used once, more than once, or not at all. You may need to drag the split bar between panes
or scroll to view content.
Answer: 
Explanation:
https://msdn.microsoft.com/en-us/library/cc754518.aspx
https://technet.microsoft.com/en-us/library/cc754033(v=ws.10).aspx
NPS1:
Connection request policy
A remote Radius sever group
NPS2:
a network policy.
This is derived from the links from “Doctor IT”:
NPS1 is a radius client the moment it turns into a radius proxy + NPS2 needs to authenticate the users in the adatum domain.
I think answer from seenapage is right, because NPS2 has to be configured with NPS1 as RADIUS client. Check https://technet.microsoft.com/en-us/library/cc754033%28v=ws.10%29 and then section “NPS as a RADIUS client” spot 3.
It may not be right, look in the doc:
“RADIUS proxies that forward connection requests to RADIUS servers that are members of a remote RADIUS server group that is configured on the RADIUS proxy.”
In escence, you must get the remote radius group to forward a network connection policy.
Just my perception ;D
*WARNING*
Anyone reading this v4 of the Exam should note these questions are no longer valid. It appears Microsoft changed the exam questions on the week of the 13/07/15. I know someone who sat this and found only a few questions were relevant. See examcollection were more discussions are being made.
you’re right Anon
remote radius group on nps1 is not logical as it suppose to get the a forwarded request from nps2
so…if you know it all, also ever tried to set it up for yourself?
It is only possible to forward to a server group, you just cannot choose a single server for this.
So you have to setup a remote RADIUS server group with NPS2 as the one and only member of that group.
Anon says:
*WARNING*
Anyone reading this v4 of the Exam should note these questions are no longer valid. It appears Microsoft changed the exam questions on the week of the 13/07/15. I know someone who sat this and found only a few questions were relevant. See examcollection were more discussions are being made.
Confirmed, more than half of questions – is a new questions
Hi KK,
You’re right there are many new questions. I passed the exam on 16/07/15 i found many new questions.
Can someone update this list of questions ?
Thx,
Hi all,
Did someone has the last updatae for Exam 411 ?
Thx,
I think provided answer is correct:
– adatum.com clients pass by using VPN1
– VPN1 forwards to NPS1
– to get adatum.com users authenticated you have to forward their requests (using an appropriate filter) from NPS1 to NPS2 by setting up a Connection Request Policy on NPS1 (right answer point 1)
– to configure a Connection Request Policy to forward requests you HAVE to choose a remote RADIUS server group, even if it’s a single server, then this group has only one member. therefore create this group on NPS1 that has NPS2 as member (right answer point 2)
– because NPS1 is forwarding requests to NPS2 it is mandatory to have NPS1 configured as a RADIUS client in NPS2 (right answer point 3)
so big question some of you had: why not using network policy? because nps1 already has a network policy (for contoso.com users) that will be processed also for the adatum.com users right after the forwarded authentication requests were succsessfully handeled…and it will be handeled by NPS1, not by NPS2! NPS2 only does processing the quthentication request, as soon as this is done NPS1 will continue processing network policy…
I agree with den. The big point that everyone is missing is that adatum clients are connecting to VPN1 but being authenticated by NPS2, not NPS1, since NPS1 isn’t in the same forest.
Hi All,
I just had the exam yesterday 2015/10/25 , and i didn’t pass it by 622/1000. There are over 20 more new questions in my exam. Just want to warn you guys who are going to take the exam, those questions here are not enough.
I will take the exam 70-411 again after two weeks, can anyone update this list of questions? or if anyone have the updated questions, please send a copy to me. Many thanks!
My Email: [email protected]
This answers is correct because in this case:
NPS1 is a Radius Proxy, so a Radius proxy is a client for the radius server.
NPS2 is a Radius serveur and it authenticate the users for Adatum so..
When a user from adatum request a connection to VPN1, VPN1 forward the connection to NPS1.
NPS1 have a connection request policy which content a “user name” condition with *.adatum.com.
Then NPS1 forward the authentification to a remote Radius Server Group (NPS2 in this case).
So as NPS2 is a Radius Server which perform the authentification, NPS1 is a Radius Client for NPS2 and NPS2 perform the authentification for Adatum users.
Absolutely right.
Passed my 70-411 exam yesterday. About 5 new questions, all new questions can be found in PassLeader 70-411 dumps (http://www.passleader.com/70-411.html). Also, PassLeader’s 70-411 dumps have corrected many wrong answers. Good Luck for All.
Hi all,
Did someone has the last update for Exam 411 ? If found please email to [email protected]
Thanks.
New 70-411 Exam Questions and Answers Updated Recently (6/May/2016):
NEW QUESTION 435
You have a server named Server1 that is a number of a domain named contoso.com. You view the properties of a service on Server1 as shown in the graphic.
Image URL: examgod.com/plimages/257a8e899d68_F2B9/new-70-411-exam-dumps-4351_thumb.png
Use the drop-down menus to select the answer choice that completes each statement. NOTE: Each correct selection is worth one point.
Image URL: examgod.com/plimages/257a8e899d68_F2B9/new-70-411-exam-dumps-4352_thumb.jpg
Answer:
Image URL: examgod.com/plimages/257a8e899d68_F2B9/new-70-411-exam-dumps-4353_thumb.jpg
Explanation:
Virtual accounts are “managed local accounts” that provide the following features to simplify service administration:
– No password management is required.
– The ability to access the network with a computer identity in a domain environment.
Virtual accounts require very little management. They cannot be created or deleted, nor do they require any password management. You must be a member of the Administrators group on the local computer to perform the following procedures. To configure a service to use a virtual account:
– Click Start, point to Administrative Tools, and then click Services.
– In the details pane, right-click the service that you want to configure, and then click Properties.
– Click the Log On tab, click This account, and then type NT SERVICE\ServiceName. When you are finished, click OK.
– Restart the service for the change to take effect.
READ MORE — technet.microsoft.com/en-us/library/dd548356%20(v=WS.10).aspx
NEW QUESTION 436
You have a Windows Server Update Services (WSUS) server named Server1. Server1 synchronizes from Microsoft Update. You plan to deploy a new WSUS server named Server2. Server2 will synchronize updates Server2 will be separated from Server1 by a firewall from Server1. You need to identify which port must be open on the firewall so that Server2 can synchronize the updates. Which port should you identify?
A. 8530
B. 3389
C. 443
D. 80
Answer: A
Explantion:
WSUS upstream and downstream servers will synchronize on the port configured by the WSUS Administrator. By default, these ports are configured as follows:
– On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS
– On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS The firewall on the WSUS server must be configured to allow inbound traffic on these ports
READ MORE — technet.microsoft.com/en-us/library/hh852346.aspx
NEW QUESTION 437
A technician installs a new server that runs Windows Server 2012 R2. During the installation of Windows Server Update Services (WSUS) on the new server, the technician reports that on the Choose Languages page of the Windows Server Update Services Configuration Wizard, the only available language is English. The technician needs to download updates in French and English. What should you tell the network technician to do to ensure that the required updates are available?
A. Complete the Windows Server Update Services Configuration Wizard, and then modify the update language on the server.
B. Uninstall all instances of the Windows Internal Database.
C. Change the update languages on the upstream server.
D. Change the System Local of the server to French.
Answer: C
Explanation:
Configure upstream servers to synchronize updates in all languages that are required by downstream replica servers.
You will not be notified of needed updates in the unsynchronized languages.
The Choose Languages page of the WSUS Configuration Wizard allows you to get updates from all languages or from a subset of languages. Selecting a subset of languages saves disk space, but it is important to choose all the languages that are needed by all the downstream servers and client computers of a WSUS server.
Downstream servers and client computers will not receive all the updates they need if you have not selected all the necessary languages for the upstream server. Make sure you select all the languages that will be needed by all the client computers of all the downstream servers.
You should generally download updates in all languages on the root WSUS server that synchronizes to Microsoft Update. This selection guarantees that all downstream servers and client computers will receive updates in the languages that they require.
To choose update languages for a downstream server:
If the upstream server has been configured to download update files in a subset of languages:
In the WSUS Configuration Wizard, click Download updates only in these languages (only languages marked with an asterisk are supported by the upstream server), and then select the languages for which you want updates.
READ MORE — technet.microsoft.com/en-us/library/hh328568(v=ws.10).aspx
NEW QUESTION 438
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. You have a GPO named GPO1 that is linked to the domain. You need to configure GPO1 to apply settings to Group1 only. What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: C
NEW QUESTION 439
……
NEW QUESTION 440
Your network contains one Active Directory forest named contoso.com. You create a starter Group Policy object (GPO) named Starter_GPO1. From the Delegation tab of Starter_GPO1, you add a group named GPO_Admins and you assign the Edit settings permissions to the group. You create a new GPO named GPO1 from Starter_GPO1. You need to identity which action can he performed by the members of the GPO Admins group. What should you identify?
A. Modify the Delegation settings of Starter_GPO1.
B. Modify the Group Policy Preferences in Starter_GPO1.
C. Link a WMI filter to GPO1.
D. Modify the Administrative Templates in GPO1.
Answer: A
Explanation:
Permission rights applied to starter GPO objects are relative to the starter GPO objects only; they are not inherited from actual GPOs created from starter GPOs.
B is wrong because Starter GPOs do not have preferences, only Administrative Template policy settings.
READ MORE — technet.microsoft.com/en-us/library/cc753200.aspx
NEW QUESTION 441
……
P.S. These New 70-411 Exam Questions Were Just Updated From The Real 70-411 Exam, You Can Get The Newest 70-411 Dumps In PDF And VCE From — http://bitly.com/70-411-dumps-vce-pdf (447q)
Good Luck !!!
BTW, NEW 70-411 PDF Dumps from Google Drive for Free: https://drive.google.com/open?id=0B-ob6L_QjGLpfnVfbXEwbmlUa1paemdDc19zQ1JWdVpqU1poRlB2TnktaWlBUFhfQXNJZVU
NPS1:
– Connection Request Policy
– Radius Client
NPS2:
– Remote Radius Server Group
NPS1:
– Connection Req Policy
– Radius Client
NPS2:
– Remote Radius Server Group
h
Provided answers are correct.
– A RRSG needs creating on NPS-01 to forward authentication requests to NPS-02 – as NPS-01 would have no way of authenticating a user from adatum.com. The shared secret for NPS-02 can be set when you create the group and add it as a member.
– A CRP needs creating on NPS-01 with the ‘User Name’ condition set to ‘^adatum\\’, and ‘Authentication’ set to forward requests to the RRSG.
– A RADIUS client needs creating on NPS-02 for NPS-01 with the shared secret set to what was originally configured within the RRSG for the member.
I confirmed this within a lab.