What should you include in your plan?

Your network consists of one Active Directory domain. The domain contains servers that run
Windows Server 2008. The servers are configured as shown in the following table. (Click the Exhibit)

Server2 and Server3 are configured as RADIUS clients. You need to plan a solution to manage all VPN
connections to the network. The solution must meet the following requirements:
Specify the allowed VPN connection protocols.
Specify the allowed VPN client authentication mechanisms.
Specify VPN client access rights based on group membership.
What should you include in your plan?

Your network consists of one Active Directory domain. The domain contains servers that run
Windows Server 2008. The servers are configured as shown in the following table. (Click the Exhibit)

Server2 and Server3 are configured as RADIUS clients. You need to plan a solution to manage all VPN
connections to the network. The solution must meet the following requirements:
Specify the allowed VPN connection protocols.
Specify the allowed VPN client authentication mechanisms.
Specify VPN client access rights based on group membership.
What should you include in your plan?

A.
a Group Policy object (GPO) applied to Server2 and Server3

B.
a Group Policy object (GPO) applied to the computers that must establish VPN connections

C.
a local computer policy on Server2 and Server3

D.
a network policy on Server4

Explanation:
To plan a solution that would allow you to manage all VPN connections to the network by allowing
you to specify the allowed VPN connection protocols, allowed VPN client authentication
mechanisms, and VPN client access rights based on group membership, you need to create a
network policy on Server4, which is a Network Policy Server. This server is the Microsoft
implementation of a RADIUS server and proxy in Windows Server 2008. As a RADIUS server, NPS
performs centralized connection authentication, authorization, and accounting for many types of
network access, including wireless and virtual private network (VPN) connections. The GPOs cannot
be used in this scenario because they can be used to Create/Replace/Update or Delete a Virtual
Private Network (VPN) or Dial-Up Network (DUN) connection and cannot be used to specify the
allowed VPN connection protocols, allowed VPN client authentication mechanisms, and VPN client
access rights based on group membership
Network Policy Server
http://technet.microsoft.com/en-us/network/bb629414.aspx
Group Policy related changes in Windows Server 2008 – Part 3: Introduction to Group
Policy Preferences
http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-
Part3.html

Show Hint

← Previous question

Next question →