Documente Academic
Documente Profesional
Documente Cultură
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 2
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 3
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 4
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 5
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 6
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 7
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 8
There are two types of policies in the NPS role in Windows Server
2016 that are designed to manage and control connection attempts
o Connection request policies
• Determine whether the local NPS server will process requests or forward them
to another RADIUS server
• Configured based on conditions
• Default policy is created, which processes requests locally
o Network policies
• A set of conditions and constraints that provides advanced authorization of
incoming connection attempts
• Conditions determine whether a policy matches an incoming connection
attempt
• Constraints and settings are additional parameters that are applied to the
connection
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 9
CA Types
o Public
o Private
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 10
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 11
The NAT server has two NICs configured with a public and
private IP address and uses translation to communicate over
the Internet on behalf of a client
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 12
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 13
Requirements
o Active Directory Federated Services (AD FS)
o Proxy is located on the perimeter network
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 14
Benefits to AD FS pre-authentication
o Workplace Join
o SSO
o Multifactor authentication and access control
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 15
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 16
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 17
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 18
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 19
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 20
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 21
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 22
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 23
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 24
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 25
Overview of DirectAccess
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 26
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 27
DA server
DA clients
Network Location Server (NLS)
AD DS domain
Group Policy
PKI (optional)
Name Resolution Policy Table (NRPT)
DNS
Internal Resources
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 28
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 29
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 30
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 31
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 32
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 33
Implementing DirectAccess
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 34
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 35
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 36
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 37
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 38
Requirements
o If DA server is running in a virtual machine, MAC spoofing is required
o All DA servers must have the same configuration when using NLB
o NLS servers should be made highly available as well
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 39
Requirements
o PKI
o Single DA server with advanced settings already deployed
o Internal network must be IPv6 enabled
o Windows 7 client must be manually assigned to a site
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 40
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 41
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 42
DA Server location
IP Address assignment
Firewall configuration
AD DS
Client deployment
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 43
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 44
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 45
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Review Questions:
1. You are planning to implement a server configuration that provides the ability to
use private addresses internally while still allowing access to Internet resources
from internal clients. You are configuring a Windows Server 2016 system and
using the Remote Access installation wizard. Which of the following do you need
to configure?
A. Dial up
B. VPN
C. NAT
D. Basic Firewall
3. You have users accessing your system remotely from Windows Vista and
Windows 7 machines as well as a few new Windows 10 laptops. You need to
ensure that users will always be able to make a VPN connection without issue
regardless of their physical location provided that there is an Internet connection.
Which of the following VPN types should you implement?
A. PPTP
B. L2TP/IPSec
C. SSTP
D. IKEv2
6. You are trying to configure authentication for mobile users who are connecting
via the VPN. You want to implement multi-factor security using smart cards and
certificate based authentication. Which of the following protocols should you
configure?
A. CHAP
B. MS-CHAPv2
C. PEAP-MS-CHAP
D. EAP-TLS
7. You would like to implement a technology in Windows Server 2012 that replaces
a traditional remote connectivity which requires users to manually initiate
connections. Which of the following should you implement?
A. DFS
B. BranchCache
C. DirectAccess
D. IKEv2 with VPN Reconnect
11. You are planning to implement DirectAccess using the Getting Started wizard but
are concerned about the limitations of this deployment method. Which of the
following is a distinct limitation for this deployment method?
A. Deploys the NLS on the same server as the DirectAccess server
B. Requires the use of public certifications
C. Ensures the CRL is available externally
D. Deploys NLS on a different server than the DirectAccess server
12. You have Windows 10 running on many of the laptops used by your mobile sales
force. You would like to utilize DirectAccess. Which of the following will you
require in this situation that would be unique in comparison to a scenario
containing only Windows 7 client systems?
A. Publically accessible CRL
B. Internal PKI
C. NRPT entries for the internal namespace
D. DA server
13. You are configuring RADIUS clients and servers and are looking to configure the
firewalls separating these servers appropriately. Which of the following ports
does RADIUS use by default for client to server communication?
A. 1723
B. 1812
C. 1433
D. 1701
14. You are looking to implement certificate based authentication methods using the
Network Policy server role installed on a Windows Server 2012 machine. Which
of the following options should you use in order to require server and client
authentication via certificates but user authentication via passwords?
A. EAP-TLS
B. PEAP-TLS
C. PEAP-MS-CHAP
D. MS-CHAPv2
15. You are looking to support the use of multiple clients in your network access
infrastructure. You are aware of some users that will be connecting from
Macintosh computers and possibly even Linux distributions used by some
support personnel. Which of the following authentication protocols should you
use in light of this information?
A. EAP-TLS
B. CHAP
C. PAP
D. MS-CHAP
16. You are looking at implementing NPS on Windows Server 2012 to function as a
RADIUS server. You are evaluating the possible clients in this scenario. Which of
the following would be the most likely client of a RADIUS server?
A. Router
B. Firewall
C. DHCP server
D. Wireless Access Point
17. You are evaluating the functionality of the RADIUS proxy and trying to determine
if it’s a good fit in your environment. Which of the following scenarios does not fit
the use of the RADIUS proxy?
A. Load balancing connection requests in a high volume environment with
multiple RADIUS servers
B. Providing authentication and authorization for a single domain with users
stored in AD DS
C. Offering out-sourced dial up and VPN services using a service provider
D. Performing authentication and authorization against a non-Windows
database
Answer Key:
1. C
Network Address Translation will provide the ability to utilize one or more public
IP addresses on behalf of clients using private addresses. The addresses are
translated into the public address for use on the Internet.
2. D
You must use the IKEv2 (Internet Key Exchange) VPN type which is supported in
Windows 7 and 8 in order to use the VPN reconnect option. This option is
automatic when choosing this type of VPN.
3. C
SSTP uses HTTPS for transfer, which utilizes TCP port 443. The other protocols
can sometimes have issues in relation to firewalls blocking outgoing traffic from a
network location. Only SSTP can provide the flexibility and security required in
this situation as this port will ALWAYS be open for outgoing traffic.
4. A
This is not a correct statement by default. You may choose to override the User
Dial in permissions via a network policy, however, by default if the User is set to
allow and there is a policy containing conditions that match the user’s connection
attempt, access will be granted.
5. A
Technically both A and B will work but creating a single policy follows the “least
administrative effort” requirement in the scenario. The default policy already
denies access 24/7 and is the lowest priority. You create an additional policy that
essentially states that if a user is in the Marketing departmental group and its off-
hours they will be allowed access. The default policy takes care of the rest.
6. D
EAP with Transport Layer Security is the authentication method that provides for
the use of certificate authentication for both client computers and server
machines and the authentication of user accounts via smart cards.
7. C
DirectAccess is a VPN alternative available for Windows 7 and beyond that will
provide seamless, transparent connections to a corporate network over the
Internet.
8. B
The NLS (network location server) is the server role that is used by clients to
determine their location as being internal or external and will result in
DirectAccess being enabled or disabled.
9. A
NRPT is the Name Resolution Policy Table. It identifies DNS servers by
namespace rather than connection.
10. D
Connection security rules are ultimately the way in which IPSec protection is
applied to the connections.
11. A
This is a design limitation with the Getting Started wizard. Some organizations
will want to separate these roles so that the NLS server can be on a highly
available web server.
12. B
You only require internal PKI if you are using Windows 7 as they require the
ability to authenticate via client certificates.
13. B
Port 1812 is used from RADIUS client to server by default and must be open if
firewalls are separating client and server or routers are performing packet
filtering.
14. C
With Protected EAP the initial communication session is encrypted. There is a
mutual authentication between client and server using certificates, however, the
MD5 hashing algorithm is then used for password based authentication of user
accounts.
15. B
CHAP is an industry standard authentication protocol that supports the secure
transfer of authentication credentials for a wide variety of operating systems.
16. D
Almost all WAPs will support 802.1x which will allow them to function as RADIUS
clients. While firewalls may have VPN capabilities and could then potentially
function as a RADIUS this cannot be assumed about every firewall.
17. B
You do not need to use a RADIUS server when all user accounts are in a single
AD DS domain.