Your network contains two Active Directory domains named contoso.com and adatum.com. The contoso.com domain contains a server named
Server1.contoso.com. The adatum.com domain contains a server named server2.adatum.com. Server1 and Server2 run Windows Server 2012 and have the
DirectAccess and VPN (RRAS) role service installed. Server1 has the default network policies and the default connection request policies. You need to configure
Server1 to perform authentication and authorization of VPN connection requests to Server2. Only users who are members of Adatum\\Group1 must be allowed to
connect. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)
A.
Network policies
B.
Connection request policies
C.
Create a network policy.
D.
Create a connection request policy.
Why Network policies rather than Create a Network policy?
“Which two actions”. This seems to be more about grammar than an actual technical question. With that being said, C. and D. are the only two answers that are actually performing an action, ‘Create’.
The answers supplied do not match the question. Also, the question itself may be mis-worded or this may be similar to a different question regarding selective authorization forwarding based on username.
A & B should have different answers than are listed.
If forwarding all authentication requests to Server2, then Server 2 would need a Network Policy to specify the Group membership requirement.
On Server1 we would need the following:
1. Remote Radius Server Group.
2. Connection Request Policy.