Microsoft 70-411 Exam – Q84

Your network contains an Active Directory domain named The domain contains three servers. The servers are configured as shown in the following table.

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. From the Remote Access Management Console, reload the configuration.
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.

Correct Answer: B, E

For a client computer to be provisioned to use DirectAccess, it must belong to the selected security group. After DirectAccess is configured, client computers in the security group are provisioned to receive the DirectAccess Group Policy Object (GPO).

In a Remote Access deployment, configuring application servers is an optional task. Remote Access enables you to require authentication for selected application servers, which is determined by their inclusion in an application servers security group. By default, traffic to application servers that require authentication is also encrypted; however, you can choose to not encrypt traffic to application servers and use authentication only.

To configure application servers
1. In the middle pane of the Remote Access Management console, in the Step 4 Application Servers area, click Configure.

2. In the DirectAccess Application Server Setup Wizard, to require authentication to selected application servers, click Extend authentication to selected application servers. Click Add to select the application server security group.

3. To limit access to only the servers in the application server security group, select the Allow access only to servers included in the security groups check box.

4. To use authentication without encryption, select the Do not encrypt traffic. Use authentication only check box.

5. Click Finish.
When the Remote Access configuration is complete, the Remote Access Review is displayed. You can review all of the settings that you previously selected, including:

– GPO Settings: The DirectAccess server GPO name and client GPO name are listed. Additionally, you can click the Change link next to the GPO
– Settings heading to modify the GPO settings.
– Remote Clients: The DirectAccess client configuration is displayed, including the security group, force tunneling status, connectivity verifiers, and DirectAccess connection name.
– Remote Access Server: The DirectAccess configuration is displayed including the public name/address, network adapter configuration, certificate information, and OTP information if configured.
– Infrastructure Servers: This list includes the network location server URL, DNS suffixes that are used by DirectAccess clients, and management server information.
– Application Servers: The DirectAccess remote management status is displayed, in addition to the status of the end-to-end authentication to specific application servers.