HOTSPOT
Your network contains an Active Directory named contoso.com.
You have users named User1 and user2.
The Network Access Permission for User1 is set to Control access through NPS Network Policy. The
Network Access Permission for User2 is set to Allow access.
A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)
A policy named Policy2 is shown in the Policy2 exhibit. (Click the Exhibit button.)
A policy named Policy3 is shown in the Policy3 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each
correct selection is worth one point.
Answer: 
Explanation:
Q: http://cdn.aiotestking.com/wp-content/uploads/70-411-v8/100.png
A: http://cdn.aiotestking.com/wp-content/uploads/70-411-v8/101.png
Except not
Ive wrote this on other versions of the same question.
After a lot of reading…
Answer is
YES
NO
NO
Why? Taken from https://technet.microsoft.com/en-us/library/cc772123(v=ws.10).aspx
The user account setting Network Access Permission, which is configured on the dial-in properties of user accounts, overrides the network policy access permission setting. When network access permission on a user account is set to the Control access through NPS Network Policy option, the network policy access permission setting determines whether the user is granted or denied access.
When Network Policy Server (NPS) evaluates connection requests against configured network policies, it performs the following actions:
If the conditions of the first policy are not matched, NPS evaluates the next policy, and continues this process until either a match is found or all policies have been evaluated for a match.
If the conditions and constraints of a policy are matched, NPS either grants or denies access, depending on the value of the Access permission setting in the policy.
If the conditions of a policy match but the constraints in the policy do not match, NPS rejects the connection request.
If the conditions of all policies do not match, NPS rejects the connection request.
Hey guys, I had this test on my exam today. I passed with a 9xx/1000.
This question was on my test and I can tell you 100% that the question here is written wrong.
THE QUESTION FOR USER 2 IS AS FOLLOWS:
The Network Access Permission for User1 is set to Control access through NPS Network Policy. The
Network Access Permission for User2 is set to >>>>>DENY<<<<< access.
"User2 can access VPN on MONDAY"
The answer is NO. The Questions for User1 remained the same.
ANSWER IS
YES
NO
NO
I got perfect in the NPS portion of the exam.
thx for correcting the wrong answer.
Just Passed 70-411 Exam Yesterday! 9xx/1000!!
Total 42 questions, around 5-8 new questions, 4 of them were on RODC.
I used the premium 70-411 dumps from here: http://www.passleader.com/70-411.html (445q), all new Qs were from it and wrong answers have been corrected, good enough for passing!
And, you can download part of that 445q 70-411 dumps here:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnVfbXEwbmlUa1paemdDc19zQ1JWdVpqU1poRlB2TnktaWlBUFhfQXNJZVU
Hope these help! Good Luck!
So, since User2’s access is not determined by network policy, the answer is determined by whether he is allowed or denied access in the network access permission setting. If he is allowed access, then he can access any time regardless of network policy. If he is denied access, then he is denied any time regardless of network policy.
Possible that their are both versions on any particular test so the answer could be Yes, No, Yes if user2 is allowed or Yes, No, No if user2 is denied based on his network access permission setting.
Guys
I think the correct answer is (“yes for all”) because in policy 2 there no group for applied on it
Doesn’t explicit deny override explicit grant?
I see the answer as: yes, no, Yes
For user 2, their Dial-In Properties are set to Allowed and none of the policy’s are set to override the settings, so User2 is explicitly allowed access.
Yes
No
Yes
Closed