You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure usesActive
Directory as the attribute store.
Some users report that they fail to authenticate tothe AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure successfully.
Which Windows PowerShell command should you run?
A.
Set-ADFSProperties -SSOLifetime 1:00:00
Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation server
proxy to authenticate with its associated federation server.
The name of the Federation Service
B.
Set-ADFSProperties -AddProxyAuthenticationRules None
Specifies a policy rule set that can be used to
establish authorization permissions for setting up trust proxies. The default value allows the AD FS 2.0 service
user account or any member of BUILTIN\Administrators to register a federation server proxy with the
Federation Service.
The name of the Active Directory domain
C.
Set-ADFSProperties -ExtendedProtectionTokenCheck None
Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes).
The FQDN of the AD FS server
D.
Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
pacifies the level of extended protection for authentication supported by the federation server. Extended
Protection for Authentication helps protect againstman-in-the-middle
(MITM) attacks, in which an attacker intercepts a client’s credentials and forwards them to a server.
http://technet.microsoft.com/zh-cn/library/ee892317.aspx
QUESTION 68
Your network contains a perimeter network and an internal network. The internal network contains an Active
Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the
attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
The public IP address of Server2
A.
Set-ADFSProperties -SSOLifetime 1:00:00
Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation server
proxy to authenticate with its associated federation server.
The name of the Federation Service
B.
Set-ADFSProperties -AddProxyAuthenticationRules None
Specifies a policy rule set that can be used to
establish authorization permissions for setting up trust proxies. The default value allows the AD FS 2.0 service
user account or any member of BUILTIN\\Administrators to register a federation server proxy with the
Federation Service.
The name of the Active Directory domain
C.
Set-ADFSProperties -ExtendedProtectionTokenCheck None
Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes).
The FQDN of the AD FS server
D.
Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
pacifies the level of extended protection for authentication supported by the federation server. Extended
Protection for Authentication helps protect againstman-in-the-middle
(MITM) attacks, in which an attacker intercepts a client’s credentials and forwards them to a server.
http://technet.microsoft.com/zh-cn/library/ee892317.aspx
QUESTION 68
Your network contains a perimeter network and an internal network. The internal network contains an Active
Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the
attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
The public IP address of Server2
A.
Set-ADFSProperties -SSOLifetime 1:00:00
Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the federation server
proxy to authenticate with its associated federation server.
The name of the Federation Service
B.
Set-ADFSProperties -AddProxyAuthenticationRules None
Specifies a policy rule set that can be used to
establish authorization permissions for setting up trust proxies. The default value allows the AD FS 2.0 service
user account or any member of BUILTIN\\\\Administrators to register a federation server proxy with the
Federation Service.
The name of the Active Directory domain
C.
Set-ADFSProperties -ExtendedProtectionTokenCheck None
Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in minutes).
The FQDN of the AD FS server
D.
Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
pacifies the level of extended protection for authentication supported by the federation server. Extended
Protection for Authentication helps protect againstman-in-the-middle
(MITM) attacks, in which an attacker intercepts a client’s credentials and forwards them to a server.
http://technet.microsoft.com/zh-cn/library/ee892317.aspx
QUESTION 68
Your network contains a perimeter network and an internal network. The internal network contains an Active
Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active Directory as the
attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
The public IP address of Server2
Explanation:
It is important to verify that the subject name in the server authentication certificate matches the Federation
Service name value that is specified in the AD FS Management snap-in.
http://technet.microsoft.com/en-us/library/dd807054.aspx
Wrong!!!:
It must contain the FQDN
http://technet.microsoft.com/en-us/library/cc776786(v=ws.10).aspx http://technet.microsoft.com/en-us/library/
cc782620(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc759635(v=ws.10).aspx
The correct answer for this should be:
C. Set-ADFSProperties -ExtendedProtectionTokenCheck None
Per -> http://technet.microsoft.com/en-us/library/hh237448(v=ws.10).aspx