Plan Network and Application Services

  By —

These questions are based on 70-647: PRO: Windows Server 2008, Enterprise Administrator
Microsoft
Self Test Software Practice Test

Objective: Plan network and application services.
Sub-objective: Plan for terminal services.

Single answer, multiple-choice

You are the network administrator for your company. The network consists of Windows Server 2008 and Windows Vista computers. The following four servers exist on your network:

1. A Windows Server 2008 computer named DC1 is deployed as a domain controller on your internal network.
2. A Windows Server 2008 computer named NPSSrv1 is deployed as a RADIUS server on your perimeter network.
3. A Windows Server 2008 computer named NPSSrv2 is deployed as a NAP server on your perimeter network.
4. A Windows Server 2008 computer named TSGate1 is deployed as a Terminal Services Gateway on your perimeter network.

Your manager has asked you to provide a report of the remote computers that have been authenticated by your network. From which computer should you obtain this report?

1. DC1
2. NPSSrv1
3. NPSSrv2
4. TSGate1

Answer:
B. NPSSrv1

Tutorial:
To obtain a report of the remote computers that have been authenticated by your network, you should query NPSSrv1. When RADIUS is deployed on your network, it provides centralized authentication, authorization and accounting services for all remote computers. RADIUS authentication is provided through a series of steps:

1. The remote computer requests authentication to a RADIUS client.
2. The RADIUS client forwards the request to the RADIUS server.
3. The RADIUS server allows or denies the authentication request and transmits this information back to the RADIUS client.
4. The RADIUS client allows or denies access to the remote computer based on the information from the RADIUS server.
5. Based on this transmission of information, the best place to obtain a remote computer authentication report is from the RADIUS server.

You should not query DC1 to obtain the report. A domain controller is responsible for authenticating all connection requests within a domain. While the domain controller may be involved in the authentication process for remote computers, it is not the best place to obtain a report about remote-computer authentication.

You should not query NPSSrv2 to obtain the report. This computer is the NAP server for the network and is used to validate the health of clients attempting to connect to the network. Clients that meet or exceed health requirements are allowed to connect.

You should not query TSGate1 to obtain the report. This computer is the Terminal Services Gateway. A Terminal Services Gateway allows remote users to connect to internal resources over the Internet. However, this server does not actually authenticate the remote clients.

Reference:
Microsoft TechNet > Windows Server 2008 Technical Library > Featured Resources > Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008 > Network Policy and Access Services Role > Network Policy Server