Microsoft 70-411 Exam – Q93

Your network contains an Active Directory domain named All servers run Windows Server 2012 R2.

The domain contains two servers. The servers are configured as shown in the following table.

All client computers run Windows 8 Enterprise.

You plan to deploy Network Access Protection (NAP) by using IPSec enforcement. A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers. You need to ensure that the client computers can discover HRA servers automatically.

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A. On all of the client computers, configure the EnableDiscovery registry key.
B. In a GPO, modify the Request Policy setting for the NAP Client Configuration.
C. On Server2, configure the EnableDiscovery registry key.
D. On DC1, create an alias (CNAME) record.
E. On DC1, create a service location (SRV) record.

Correct Answer: A, B, E


Requirements for HRA automatic discovery

The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery:

• Client computers must be running Windows Vista® with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3).
• The HRA server must be configured with a Secure Sockets Layer (SSL) certificate.
• The EnableDiscovery registry key must be configured on NAP client computers.
• DNS SRV records must be configured.
• The trusted server group configuration in either local policy or Group Policy must be cleared.